How to combat the full threat lifecycle

Fighting off bot networks is possible but it requires a combination of technologies

Written by Patrick Walsh

Computing, 16 Oct 2008

It is commonly understood that being connected to the internet is a fundamental requirement of modern business. It is also understood that connection brings risks.
The most typical attack seen today is part of the so-called bot threat cycle. Users are tricked into letting their computers become part of that network. Compromised computers then infect others and overwhelm web servers that attract the ire of the group controlling the bots.

Nearly every security company claims to stop bots and to some extent they do. Anti-spam, anti-virus, intrusion prevention, web filtering and other technologies can all be used to break the bot cycle at some stage. However, to truly combat the threat, it must be stopped at every stage, which requires a combination of security technologies.

The first step is to block emails being sent by bots. This means using a spam filter that can drop all traffic from known bots. IP reputation is one of the best tools in combating bots. The best solutions also look at the URLs in every received email and reject any that link to malicious web sites.

Businesses also need a web filter to block unsafe sites. These must have real-time updating since the average phishing site lasts less than 24 hours and does most of its damage in the first 90 minutes.

At the next stage of the cycle, an exploit installs software on the PC visiting the site. A good intrusion-prevention system is needed to detect the exploit and block access to the site immediately.

Next, the exploit typically fetches a virus from the internet. At this point, a gateway anti-virus solution capable of unpacking even nested compressed files is necessary.

Finally, it is critical that security protections be put in place to detect a bot infestation on the local network, to identify devices that have contracted a virus despite the gateway precautions.

While there is no sure-fire way to stop bots, addressing every step of the threat cycle is our only chance of taking back control of the web from the criminals lurking at one in four PCs worldwide.

Patrick Walsh is a BCS contributor

reader comments

related articles

Houses of ParliamentPublic Sector

MPs snub laptop security initiative

95 per cent of MPs fail to respond to free laptop lock offer 11 Sep 2008

 

IT risks not being communicated

There is little common language between business and IT, survey finds 03 Sep 2007

Security

Top vendors collaborate on IT security

Big five IT companies have set up a consortium to tackle internet security issues 30 Jun 2008

Security

UK hacker extradition appeal reaches law Lords

Gary McKinnon takes his fight to avoid facing a US court to the House of Lords 12 Jun 2008

Communications

UK army to trial electronic warfare system

Command and control system to be tried out 02 Jun 2008

Internet

E-crime police urged to get tough in 2009

Attack is the best form of defence, argues security firm 05 Jan 2009

Internet

Massive UK and US botnet uncovered

Finjan finds Ukraine-controlled network of nearly two million compromised PCs 22 Apr 2009

Security

Spammers exploit heightened interest in the economy and US election

Attackers are increasingly using legitimate sites to host their malware 27 Oct 2008

related whitepapers

today's top stories

Ecommerce

What does Windows 7 mean for Microsoft?

With the sting of Vista still fresh, Redmond has to make next Windows work 10 Jul 2009

Management

A smarter way to use BI

Getting the most from business intelligence systems requires not only careful management on the part of IT leaders, but also the committed involvement of decision-makers across the organisation 08 Jul 2009

Mainstream Matters

The truth behind the Google/Microsoft/NHS rumours

Before Monday 6 July, did you know that Google and Microsoft had services for storing health records? Thanks to an article in... 10 Jul 2009

Management

Quenching a thirst for IT modernisation

A substantial restructure at soft drink supplier Nichols -­ purveyor of Vimto - ­led the company to update its software to Sage 1000 to replace its in-house application. This resulted in the streamlining of the IT department and an opportunity to customise the system 08 Jul 2009

Management

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will Google Chrome OS be a genuine alternative to Windows?

Will Google Chrome OS be a genuine alternative to Windows?

Tell us your views on the new operating system rivalry

View poll results

> More polls

Latest audio and video articles

network cablesVideo

How to maximise the value of your IT networking investment

A panel of experts discuss networking strategies that deliver real value to business 03 Jul 2009

green footprintsVideo

How to manage enterprise energy use - and the role IT can play

A panel of experts explore how firms can get to grips with their carbon footprint and make smarter use of energy 01 Jul 2009

> More audio and video

Latest in-depth articles

Google ChromeAnalysis

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Satyam CEO CP GurnaniNews

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More in depth articles

Advertisement

Primary Navigation