30 Days of Compliance Q&As #28: How Do I Detect Botnets?

Business World Computing UK recently posted Top Network Security Issues 2014 by Matt Hines. The article discusses the top 5 areas that are going to see the most security issues in organization. One issue they discuss is:

Botnets Not Caught Yet

Botnets undeniably remain a major issue; with malware architects still flexing their muscles by leveraging established beachheads within enterprise networks. A lot of work remains to be done to better police both inbound and outbound traffic and thwart such attacks.

You can read the entire article here: Top Network Security Issues 2014.

AccelOps detects Botnet activity several different ways:

  1. Behavior of typical botnets.
  2. Constantly asking for the same DNS name
  3. By passing your infrastructure
  4. Types of DNS queries that are being requested
  5. The number of times DNS is requested
  6. By passing your organizations DNS servers and going out directly to external DNS servers.
  7. Being denied asking for external DNS information
  8. List of known command and control botnets from multiple sources
  9. Changes to baseline behaviors of systems
  10. IPS / Firewall events

With these types of mechanism in place malware / botnets are quickly identified so remediation can quickly be preformed to isolate and remove the malware as quickly as possible.

Want to talk about how AccelOps can help you keep your network safe? Contact us; we’re here to help.

Authors


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone


Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud
security
big data
RSA
analytics
compliance
Q&A
PCI DSS
HIPAA
Sarbanes Oxley (SOX)
Target breach

About Accelops

AccelOps provides analytics-driven IT Operations Management for cloud and virtualized infrastructures. The virtual appliance software manages security, network performance and compliance, all on a single screen. AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security,applications and users.

Keep Social