by Paul F. Roberts
Trend Micro announced a new service to help large organizations and
Internet service providers (ISPs) fight networks of zombie machines,
known as "botnets."
The new service, dubbed InterCloud, was announced Monday and is
intended to help organizations fight botnets, fast-changing networks
of rogue computers that are used in denial of service (DOS) attacks,
spam campaigns, identity theft, and other malicious acts. The new
service uses behavioral analysis technology, developed by Trend, and
known as Behavioral Analysis Security Engine (BASE) to spot and
isolate bot machines on managed networks, according to Paul Moriarty,
director of product development for Internet Content Security at
Trend.
BASE analyzes application and network infrastructure data, such as DNS
queries and Border Gateway Protocol (BGP) routing tables. The engine
can spot behavior indicative of bots, such as an abnormal series of
DNS queries.
The service also uses data from Trend's global network of researchers
and customers to provide intelligence on new or evolving bot activity.
The company's Bot Identification Team identify and monitor bot
activity globally, Trend said.
InterCloud relies, in part, on a new, hardened and revamped DNS server
that allows Trend to aggregate suspicious data and report on host
systems that may be infected with bot programs, Moriarty said.
"We can take a day's worth of DNS logs and tell them how many spambots
or zombies they have. That's a capability that most ISPs lack," he
said.
InterCloud customers can remediate infected systems by denying them
access to the network, or by quarantining them and pushing out
necessary updates or scanning and disinfecting them, said Dave Rand,
CTO of Trend's Internet Content Security group.
The InterCloud service includes a Web-based management portal for
viewing and reporting on bot activity and managing security policies,
Trend said.
Botnets are one of the fastest growing and most dangerous online
threats, said Rand. On any day, Trend tracks millions of infected
systems that have been joined to one of a number of global bot
networks. But bot infections can also jump up, depending on the
availability of easy to exploit security holes, such as the recent VML
vulnerability in Microsoft's Internet Explorer browser, or the Windows
Server Service vulnerability that was disclosed by Microsoft in
August.
Trend identified more than 250,000 new bots each day for the two days
after an exploit was developed for the Server Service hole, which
Microsoft patched with MS06-040. Typically, the company might identify
250,000 new bots over the course of a month, Moriarty said.
Trend researchers are also spotting many more targeted attacks, in
which bots are being written for specific purposes, such as culling
sensitive information from the targeted network, then forwarding it
back to a command and control server, usually in a foreign
country. Many of those appear aimed at identity theft, or espionage
against the U.S. government or government contractors.
Few enterprise security products can scale to support hundreds of
thousands or millions of hosts, which means that ISPs and very large
organizations often rely on internal security teams and products to
manage security. However, those company-focused teams lack the broad
perspective that companies with global research operations and a
global customer base can muster, Moriarty said.
InterCloud, which will be licensed by the seat, will offer ISPs the
prospect of turning security into a profit center, by focusing
attention on the relatively small number of infected systems, then
targeting their owners with software, such at Trend's Web-based
HouseCall antivirus scanner, that can clean their system and keep it
from becoming reinfected. ISPs could then get a share of any software
sales made through that channel, Moriarty said.
Trend Micro will feature InterCloud Security Service and the BASE
technology at DEMOfall '06 this week in San Diego.
Copyright 2006 Yahoo! Inc.
For more tech news from the internet each day, please go to:
http://telecom-digest.org/td-extra/technews.html
Paul F. Roberts (trendmicro@telecom-digest.org)