– Ron Kaplan, director of products, EdgeWave (www.edgewave.com), says:
Why are EdgeWave’s Zero-Minute-Defense Email Security Solution & iPrism outbound botnet defense using ThreatSTOP technology useful in today’s enterprise data centers?
Cybercriminals create autonomous applications called bots that can infect networks in a variety of ways, via Web or email. A botnet is a network of these applications that are capable of acting on instruction once they are triggered. This happens when a bot, that may be dormant in your network,, “calls home” via any port. This allows perpetrators to control infected computers via their command and control hosts residing outside your network. In a study of 130 large companies done by TrendMicro, they found that 100% of them already had bots in their networks. That’s why a multilayered approach that combines stopping bots from being activated by blocking their outbound communications while detecting and blocking inbound threats is the best way to assure your network security.
iPrism Web Security leverages ThreatSTOP botnet technology to monitor and block any attempt at an outbound connection and the botnet threat is eradicated. ThreatSTOP continuously updates their Botnet Threat List, based on four feeds from three industry-leading sources: Abuse.ch, ShadowServer and Cyber-TA. The ThreatSTOP List is a proven service with no known false-positives and its experts constantly update their feed sources and correlation engine to mitigate false positives from blocking legitimate traffic. This unique approach:
· Results in no false positives and improved time to detection, without managing manual rules or signature updates
· Blocks emerging threats at its source, and adds 5-10% catch rate to existing endpoint, network or gateway AV/IPS solutions
· Mitigates data leakage and other non-compliance events with preservation and non-repudiation of logged event
· Adds no network latency and reduces potential bandwidth loss & peak loads
EdgeWave Email Security’s Zero Minute Defense provides a unique method of arresting developing threats from entry into and exiting your networks via email. Zero-Minute Defense detects emerging threats in close to real time, so action can be taken to block bots and other criminal malware before they get near email servers. This feature is activated when a threat is identified. EdgeWave engineers analyze it and immediately create a protection rule that effectively blocks the threat. Because threats are 100% human reviewed, accuracy is assured. The new rule is sent as an update to all EdgeWave Email Security appliance and hosted email solutions. New rules are sent as they are created so there is immediate protection from any new and emerging threats. These updates are occurring on a continuous basis so that networks aren’t left in a vulnerable state.
EdgeWave defense technologies operate automatically and use the distributed nature of these attacks against the hackers. There is no ongoing configuration management required by data center and IT managers to make the filtering effective.
Why should data center and IT managers be concerned?
Botnets are a huge problem facing today’s data center and IT managers. More and more they are becoming focused attacks launched by criminal syndicates bent on financial gain and aiming for larger enterprise companies. Small companies also face threats from individual hackers who have easy access to botnet kits readily available online. The resulting attacks are sophisticated, targeted and elusive. Cyber criminals will typically abandon immediately any attack that has worked and launch a new one, making them very hard to trace for conventional signature-based technologies.
Botnet threats have been increasing significantly over the past 18 months and are growing worldwide. Cisco’s Q4 2010 Global Threat Report states that global malware encounters grew by 139% in 2010. In sharp contrast, spam dropped dramatically from 375 billion pieces per month to 95 billion per month from January to December 2010 (from Q4 2010 Global Threat Report, Cisco Corp.). Several highly publicized breaches reported recently have shown the magnitude of the problem, e.g., Epsilon, Sony, HBGary Federal, Lockheed-Martin and others.
Current antivirus, antispam and conventional web filtering technologies are inherently deficient in their ability to stop these emerging threats. Data center and IT managers need a new set of tools to combat this highly distributed and targeted, socially-engineered attacks. EdgeWave’s arsenal includes a number of critical new developments that allow these threats to be mitigated. These defenses operate automatically and use the distributed nature of these attacks against the hackers. There is no ongoing configuration management required to make the filtering effective.
Overall priority in the data center.
Stopping such threats from both entering and leaving their networks should be a top priority. The embattled CEO of HBGary Federal, Aaron Barr stepped down and the estimate for the Sony network breach may reach more than a billion dollars. Upgrading the network security tools to leverage the latest advances and approaches so that networks are adequately protected is critical. Many security vendors have focused on revenue-generating commercial features and have left their core filtering/defense technologies lacking the R&D investment or focus they need to keep up with emerging threats. Crime syndicates and individual hackers alike have taken full advantage of this situation. The proof of this lies in the fact that organizations that have some of the largest IT budgets available are having their defenses easily bypassed. Sony had millions of Playstation user accounts accessed and Epsilon’s 100 million record breach was due entirely to an email-based socially-engineered phishing attack.
The biggest challenges.
The biggest challenge we see for data center and IT managers is finding security solutions that are effective for a reasonable investment. Many of them may feel their current security solutions are adequate and don’t even consider changes until a major breach occurs. They may be operating under an assumption that “if it’s not broken, don’t fix it”. The problem with that logic is that the core filtering technology available for both signature-based antivirus as well as the core technologies of the most widely used message filtering solutions are ill-equipped to handle these sophisticated, emerging threats.
Overcoming the challenges.
IT professionals need to educate themselves as to the available options and share that information with their colleagues. They also need to be aware of what the new threats are and how attacks are being launched. With new high-profile breaches seeming to hit the headlines every day, they should need no reminders that deploying effective strategies today will save them a lot of headaches in the future. They should do their homework and look for solutions that employ multi-layered approaches that don’t rely on a single technique for assuring protection from botnets and other criminal malware. It is possible to find cost-effective solutions, such as those offered by EdgeWave, with extremely low TCO, and unique technologies that will do the job as well or better that some more costly options.
In addition to the above, look for multi-layered approaches that use a variety of techniques to combat botnets and other malware. Solutions that protect both inbound and outbound threat techniques will give you flexibility and versatility when dealing with sophisticated criminal malware.