How to combat the full threat lifecycle

It is commonly understood that being connected to the internet is a fundamental requirement of modern business. It is also understood that connection brings risks.
The most typical attack seen today is part of the so-called bot threat cycle. Users are tricked into letting their computers become part of that network. Compromised computers then infect others and overwhelm web servers that attract the ire of the group controlling the bots.

Nearly every security company claims to stop bots and to some extent they do. Anti-spam, anti-virus, intrusion prevention, web filtering and other technologies can all be used to break the bot cycle at some stage. However, to truly combat the threat, it must be stopped at every stage, which requires a combination of security technologies.

The first step is to block emails being sent by bots. This means using a spam filter that can drop all traffic from known bots. IP reputation is one of the best tools in combating bots. The best solutions also look at the URLs in every received email and reject any that link to malicious web sites.

Businesses also need a web filter to block unsafe sites. These must have real-time updating since the average phishing site lasts less than 24 hours and does most of its damage in the first 90 minutes.

At the next stage of the cycle, an exploit installs software on the PC visiting the site. A good intrusion-prevention system is needed to detect the exploit and block access to the site immediately.

Next, the exploit typically fetches a virus from the internet. At this point, a gateway anti-virus solution capable of unpacking even nested compressed files is necessary.

Finally, it is critical that security protections be put in place to detect a bot infestation on the local network, to identify devices that have contracted a virus despite the gateway precautions.

While there is no sure-fire way to stop bots, addressing every step of the threat cycle is our only chance of taking back control of the web from the criminals lurking at one in four PCs worldwide.

Patrick Walsh is a BCS contributor