Trend probes cloud for bot insurgents
Spots and isolates the living dead.
By Paul F. Roberts, InfoWorld | Published: 13:52, 26 September 2006
Trend Micro has announced a new service to help large organisations and ISPs deal with a range of menaces, including botnets.
The new service, dubbed InterCloud, was announced Monday and is intended to help organisations fight botnets, fast-changing networks of rogue computers that are used in denial of service (DOS) attacks, spam campaigns, identity theft, and other malicious acts.
The new service uses behavioural analysis technology, developed by Trend, and known as Behavioural Analysis Security Engine (BASE) to spot and isolate bot machines on managed networks, according to Paul Moriarty, director of product development for Internet Content Security at Trend.
Related Articles on Techworld
BASE analyses application and network infrastructure data, such as DNS queries and Border Gateway Protocol (BGP) routing tables. The engine can spot behaviour indicative of bots, such as an abnormal series of DNS queries.
The service also uses data from Trend's global network of researchers and customers to provide intelligence on new or evolving bot activity. The company's Bot Identification Team identify and monitor bot activity globally, Trend said.
InterCloud relies, in part, on a new, hardened and revamped DNS server that allows Trend to aggregate suspicious data and report on host systems that may be infected with bot programs, Moriarty said.
"We can take a day's worth of DNS logs and tell them how many spambots or zombies they have. That's a capability that most ISPs lack," he said.
InterCloud customers can remediate infected systems by denying them access to the network, or by quarantining them and pushing out necessary updates or scanning and disinfecting them, said Dave Rand, CTO of Trend's Internet Content Security group.
The InterCloud service includes a Web-based management portal for viewing and reporting on bot activity and managing security policies, Trend said.
