If you saw a swarm of insects flying at you, what would you do? Most likely you would be running away or remembering to duck and cover. A swarm of insects has a lot of similarities to a botnet. Both are comprised of a seemingly massive number of members and despite one is alive and one is a collection of enslaved computers, they both exhibit patterns.
You cannot defeat a swarm one insect at a time – and neither can you defeat the activities of a botnet one at a time. You need to elevate your understanding of the situation in a manner that is repeatable and scalable. You need a process to gain insight into the botnet so that you have the intelligence you need to protect your organization. Here’s three key elements to keep in mind:
- Amass – as much data on the botnet as possible. Broad collection provides valuable data on various activities; where it is active and what its command and control infrastructure is. Deep collection yields details on the specific tactics that a botnet is carrying out, including its tools, communication methods and an understanding of how it evolves over time.
- Analyze – all of the data from as many perspectives to harvest as much intelligence as possible. Analyze with both automation and human engagement where data is categorized, compared and correlated. Develop as much understanding of the activities and evolution of the botnet as possible so you can understand how it evolves into active campaigns.
- Apply – that valuable insight and intelligence gathered as the ammunition to bolster your defenses to defeat the entire swarm, versus just using one particular tactic at a time.
Arbor’s ATLAS is the world’s largest globally-scoped threat analysis network. It allows Arbor’s Security Engineering and Response Team (ASERT) to understand botnets, to monitor them over long periods of time, and most importantly, gain valuable insights into their active attack campaigns. Together, ATLAS and ASERT provide an understanding on which botnets are using which attack tactics – when, against whom, and from where – over the duration of all of their campaigns. This insight allows us to develop specific protections that are continuously updated and fed back into our products via the ATLAS Intelligence Feed.
Check out ASERT’s blog for the latest research and analysis. They’re rock stars in the world of network security!
This month, the entire world is watching Rio. Amid police protests, violent crimes, terrorism threats, sanitation concerns, dangerous levels of viruses and bacteria in the water, major public transportation problems, Zika virus, and other fears, many Brazilians like myself are worried that our “cidade maravilhosa,” or “wonderful city,” was sadly not the most wonderful choice […]
In the information security world, we frequently speak of the three pillars of security: confidentiality, integrity, and availability. A viable security posture must take care to protect all three, and it’s a delicate balancing act to find equilibrium without stifling the flow or compromising the integrity of information. Never is this more apparent – or […]
I had a chance today with Scott Howitt to have a little fun at BlackHat. I’ve always enjoyed the show over the years for many reasons, not least of which is avoiding taking ourselves too seriously in ways that seem to be the norm at some other security shows. So this time, I thought let’s […]
Arbor Networks has been researching botnets and DDoS attacks for over 16 years. This research has a very technical aspect to it as our Arbor Security Engineering and Response Team (ASERT) infiltrates botnets on a worldwide basis, analyzes IPFlow and network packets, deconstructs malware etc., to determine “How” DDoS attacks work so we can, in […]
As my colleague discussed a couple of weeks ago, with DDoS attacks continuing to grow in scale and frequency, and increasingly being used to disguise other forms of cyber-crime, gaming companies now have a big target on their backs. e-Sports, organized, multiplayer video game competitions, has become an extremely popular and lucrative business with at least 70 […]
DDoS attacks have become the primary threat to the availability of networks and online services and the peak attack sizes have grown by a factor of more than 50 over the last 10 years. Today, botnets and easy-to-use tools for launching DDoS attacks have enabled a big increase in the number of attacks and the […]
When a gaming provider is taken offline it frustrates hard core users and damages the company’s reputation. Because availability is of such primary importance to gamers, these firms are frequent targets for attack. With DDoS attacks continuing to grow in scale and frequency, and increasingly being used to disguise other forms of cyber-crime, gaming companies […]
Many of you are probably already familiar with Cisco’s Visual Networking Index (VNI) initiative. If you are not familiar with the VNI, it is a great resource and highly recommended. Recently, Arbor Networks was invited to collaborate on their latest white paper, The Zettabyte Era: Trends and Analysis. Cisco highlighted a number of of interesting […]
This June it will be ten years since I joined Arbor and it’s always been a fun ride, one that gave me the opportunity to meet people from different cultures, customers from the Persian Gulf to Ireland, from Portugal to Romania, most of the times preaching the gospel of DDoS Mitigation together with my “sales […]