informa
/
Analytics
News

FireEye Fans Anti-Botnet Flame

FireEye today is rolling out the latest in a series of anti-botnet offerings from security vendors

FireEye today became the latest security vendor to roll out a new anti-botnet product this year, with a software-as-a-service offering aimed at ISPs and large enterprises that detects botnet-driven attacks and also provides a view of the actual machines connected to the botnet.

FireEye's new product combines its Botwall 4000 Series appliance with its Botwall Network, which gathers intelligence from botnet activity on various ISP networks, akin to Arbor Networks' Active Threat Level Analysis System (Atlas) portal unveiled earlier this year.

Also this year, Symantec announced its Norton Anti-Bot bot client for consumers that detects and cleans up bot infections, and Mi5 Networks, an appliance that spots the tell-tale activity of bot-infected machines for cleanup. (See On the Dark Side of ISP Nets and Symantec Unveils Anti-Botware.)

"We can now light up the entire botnet command and control apparatus, versus just look at a single attack -- we're able to illuminate the 3,000 machines connected to it," says Ashar Aziz, FireEye's CEO. The view lets you see whether the botnet is using traditional Internet Relay Chat (IRC), or either HTTP or peer-to-peer channels to communicate, he says.

Botnet operators are constantly shifting gears to cover their tracks, and security experts say it's all about just trying to keep pace with these increasingly stealthy and persistent malicious networks, which ISPs now consider their number one threat. (See Report: Attacks on ISP Nets Intensifying.)

Aziz says the key to FireEye's new offering is it captures and analyzes botnet activity in a virtual machine environment and then maps the botnet network to get a more detailed view of the command and control makeup. "Deploying this within multiple ISPs lets them gain intelligence [on botnets] and extract and federate that across different ISPs and their networks." Enterprises can also leverage that data, he says.

FireEye's Botwall appliances start at $10,000 on the low-end, plus a $10,000 annual subscription fee for content and support. The high-end Botwall 4700 costs $60,000 for the hardware plus a $60,000 annual subscription fee.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • FireEye Inc.
  • Arbor Networks Inc.
  • Symantec Corp. (Nasdaq: SYMC)
  • Mi5 Networks Inc.

  • Recommended Reading:
    Editors' Choice
    Amichai Shulman, CTO and Co-founder of AirEye
    Biagio DeSimone, Enterprise Solution Architect, Aqua Security