30 Days of Compliance Q&As #28: How Do I Detect Botnets?

Business World Computing UK recently posted Top Network Security Issues 2014 by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

Botnets Not Caught Yet

Botnets undeniably remain a major issue; with malware architects still flexing their muscles by leveraging established beachheads within enterprise networks. A lot of work remains to be done to better police both inbound and outbound traffic and thwart such attacks.

You can read the entire article here: Top Network Security Issues 2014.

AccelOps detects Botnet activity several different ways:

1. Behavior of typical botnets.
2. Constantly asking for the same DNS name
3. By passing your infrastructure
4. Types of DNS queries that are being requested
5. The number of times DNS is requested
6. By passing your organizations DNS servers and going out directly to external DNS servers.
7. Being denied asking for external DNS information
8. List of known command and control botnets from multiple sources
9. Changes to baseline behaviors of systems
10. IPS / Firewall events

With these types of mechanism in place malware / botnets are quickly identified so remediation can quickly be preformed to isolate and remove the malware as quickly as possible.

Want to talk about how AccelOps can help you keep your network safe? Contact us; we’re here to help.