BT announced the enhancement of its global Event Monitoring and Correlation service to further defend enterprise networks against the growing threat of malicious botnet attacks. Using new proprietary detection tools, BT can identify which hosts within a customer’s network are under the control of botnets and then assist the customer with quarantine and remediation efforts to restore the network’s integrity.
Botnets are a significant security risk to businesses because they are primarily used to execute criminal activity. A business is not only at risk from compromised corporate and individual user information, but could also be liable for criminal activity resulting from their infected networks.
Even businesses taking responsible precautions and exercising best practices can still be compromised by bots and be unaware they have been infected. Since most bots communicate only infrequently with their command and control hosts, the chances of detecting infected machines prior to a critical event, without significant technology and infrastructure investment, are slim. However, since bots do communicate and these communications generate firewall traffic, BT’s Managed Security Solutions Group has created the ability to detect bots by monitoring and analyzing firewall traffic.
This solution provides value-added service to BT’s existing Event Monitoring and Correlation customers worldwide and eliminates additional infrastructure spending, since customers do not need to buy additional proprietary detection technology or add IDPS (Intrusion Detection and Prevention Systems) capability to their network. Firewall traffic is collected and analyzed at the BT Security Operations Centers for patterns of activity that bear the hallmarks of bot communications.
When botnet activity is detected, the customer is notified immediately. Activity is summarized for customers in daily reports, which form a historical record they can then use to identify broader trends on their networks. This assists customers in prioritizing remediation and policy activity.