Security vendors are taking the battle against botnets to ISPs and carriers, whose role puts them in a unique position to combat this pervasive and elusive menace.
Not long ago, ISPs and carriers regarded security as what The Hitchhiker's Guide to the Galaxy's Douglas Adams characterized as a "SEP"--Somebody Else's Problem--invisible if it wasn't your concern.
No more. As spam and malware inundate their customers, ISPs are making security an intrinsic part of their service and a prime marketing tool.
"The overwhelming concern is spam," says Paul Moriarity, director of product development for antimalware company Trend Micro. "Service providers are very concerned about their reputation and bandwidth utilization."
Trend and startup Simplicita Software are early players in this market. Trend will offer a custom service solution, now in beta programs with customers; Simplicita sells its ZBX architecture as a three-component product package.
It's a big enough problem to get service providers' attention. Customers may get pulled off the Net until their zombied PCs are clean; the service providers' reputation--and the bottom line--suffers if their networks keep triggering global blacklisting. Bot-generated spam floods providers with DoS-like traffic levels.
"The volume is huge, and the cost of addressing the problem is outrageous," says Rob Fleischman, Simplicita CTO. "Years ago, some providers didn't care about spam, while others were helpful. Now every ISP has antispam, antivirus, antiabuse tools. We'll see the same progression as botnet infections get really bad and really disruptive."
Trend's InterCloud Security Service combines a managed appliance, the Inter- Cloud Service Delivery Platform (SDP), with a dedicated bot intelligence team, which collects and analyzes global threats, identifies bot herders and delivers updates. The SDP detects bot-like activity, scanning DNS inquiries (it can either replace existing DNS servers or monitor their activity) and BGP routing. Trend says each engagement will be highly customized, from detection through remediation, to integrate with the provider's operational systems, such as billing and customer service.
The heart of Simplicita's ZBX is the Reputation Knowledge Server, which analyzes data from global bot information sources and internal sources, including security and network devices and applications. Customers have the option of purchasing Simplicita's DNS traffic switch to control bots and zombie computers, and its automated remediation platform, the Walled Garden Server.
Security experts concede that botnets are a menace that defy any obvious solution. Bot herders switch control servers as quickly as they are identified, and are using peer controls so there's no central server to detect and close down. Attacking the problem at the ISP level--the controlling points for Internet access--won't make the problem go away, but should be an important element to slow down the march of the botnets.