We’re pleased to join Fidelis Security Systems in announcing that they are leveraging our Dark Side Intelligence™ in their latest offerings. Bottom line: Fidelis is teaming up with us to help their customer base detect and disrupt communications with botnet command and control (C&C) systems.
This is one of several cases where Umbra Data can help network security vendors bolster their solutions’ security smarts and ultimately the level of proactive protection they can offer their customers. As Mark Nicolett of Gartner put it, “Everything changes if there is threat intelligence that indicates that the destination is associated with botnet control.”
Umbra Data will continue to join forces with technology partners such as Fidelis Security Systems. After all, it’s our belief that enterprises should not be asked to manage yet another dedicated security product to protect themselves from today’s botnet threats. Instead, organizations should expect their existing vendors to seek out the industry’s most cutting edge threat intelligence services, such as Dark Side Intelligence, and reap the benefits of a well-integrated solution. Fidelis CEO Peter George notes that by using our best-of-breed anti-botnet threat intelligence, “Fidelis XPS strengthens its position as an invaluable tool in an organization’s cyber security workbench, protecting their most sensitive and classified information from exfiltration and attack.” That’s the “better together” message we believe resonates with enterprise IT teams today more than ever.
Botnet threats are becoming increasingly sophisticated, which is a large part of why there needs to be broader protection and a set of global standards for cyber security. Most public utilities have laws regarding user’s safety and Internet connectivity should be treated with the same level of concern. Government participation and global cooperation are necessary to develop an effective overall Internet security policy. A minimum security bar that would give users the correct assumption that if the standards are met on their PC that they can safely operate their PCs free from concern of being attacked, regardless of which carrier they use.
Countries such as Australia, Germany and Japan are implementing security programs and dictating laws to protect their e-citizens. While individual government efforts are a hopeful step, global cooperation, implementation, and enforcement are key to securing the Internet. One of the benefits of the Internet is that it has no borders, so how can its regulations?
Recent announcements reported that the FCC is becoming more involved and would be an excellent agency to implement and enforce these laws within the USA. The Obama administration is reviewing Australia’s cyber security program and is implementing a number of initiatives that suggest ISPs take responsibility for their customer’s protection.
The Messaging Anti Abuse Working Group (MAAWG) is also a noteworthy resource that gathers and analyzes botnet information and statistics from a variety of organizations for its members. MAAWG would be a good place to focus research and could potentially contribute a large sample base to provide a more complete view and better understanding of the threat landscape.
Calls to action are being answered by ISPs and governments and it looks like the Internet is going to have safety standards similar to all public utilities. The next step is uniting governments and security groups around the world to aggregate and analyze malware information, dictate global security standards, and enforce cyber laws to generate the best possible threat intelligence.
A cyber security campaign has been launched by the Department of Homeland Security. Malware is becoming a serious enough threat that the US government is taking precautions by educating end users on Internet safety. The campaign is called Stop, Think, Connect, and offers support forums and education on cyber security strategies. While Stop, Think, Connect is an excellent effort there is only so much that the end user can do to protect themselves from ever-evolving cybercriminals and it may mot be the most effective place to concentrate of resources.
Similar to a person’s health or a car’s mechanics, regardless of how much you educate people on their health or how to maintain their car, they will still need to visit the doctor or the mechanic for their expertise. Furthermore, educating people on how to protect themselves from infection doesn’t stop the viruses from developing. Cyber citizens should however be aware of and practice the basics, which most users do not. For this reason, the Stop, Think, Connect campaign will be to some degree helpful.
The Australian government has had a similar campaign that offers malware awareness month, Stay Smart Online website, and other resources. Chapter 10 of the government’s cyber strategy is devoted to “Community Awareness and Education Initiatives.” Australia was also named one of the most concerned countries about Internet security in RSA’s 2010 Global Online Consumer Security Survey. While you would hope that being aware and concerned would be enough, a recent Microsoft Intelligence report also named Australia the most at risk from the Alureon botnet. So end user awareness and malware protection do not necessarily go hand in hand.
It’s unreasonable to suggest that if users do everything by the book that cybercriminals will not continue to succeed as they have in the past. This campaign alone is not going to change the security landscape. Government involvement is key to securing our e-citizens. In all public utilities there are certain safety standards and codes in place to establish a reasonable level of safety and the Internet should be no different. There needs to be a coordinated set of standards and methodology to reduce the level of end user knowledge required to be safe, and have the experts provide functional and cost effective solutions to complement that level of user knowledge.
There have been a lot of negative responses to Microsoft’s recent call to action proposing global Internet health. Their concept has been criticized for looking good on paper but having little effect when implemented. While the critics are not 100% wrong it’s important to realize that what Microsoft is suggesting is a small piece to the security solution puzzle, but an important one. A global collective effort to establish security standards is overdue and ISPs, governments, and security vendors need to work together to contribute to an overall solution.
Many service providers, such as Comcast have already started to contribute to Microsoft’s proposed effort by offering increased protection to customers. A 2010 MAAWG survey suggested that 65% of customers believe that ISPs are responsible for stopping the spread of malware and it seems service providers are responding.
Virgin in the UK alerts their customers when they are infected similar to Comcast and directs them toward centralized support. In Germany and Australia ISP and government cooperation has already started to take place. A survey done by the German government suggests that if the top 5 German service providers would participate in the Botnet Initiative Program then 80% of German citizens would be protected under the ISP umbrella. Wouldn’t it be nice to apply that at a global level?
There is a key piece to making a global Internet health plan work, a coordinated methodology. There are hundreds of security vendors, all with different services, and a coordinated methodology where information is exchanged, documented, and aggregated will allow for a more complete view of cyber threats and how to best protect customers. One place where standards would be addressed, solutions would be compared and reviewed, and partnerships could be facilitated. Statistics could be generated that showed the effectiveness of different solutions on customer infection rates and malware behavior in general. The botnet subgroup within MAAWG comes to mind as a possible candidate for coordination and sharing.
In the current marketplace, selecting the proper security solution is a costly process because you are never really sure what combination of products is going to be best suited for your organization until you have trialed them. Organizations are in the trend of simplifying and that includes vendors. They would rather get everything from one place in a concise package that they know is the most effective for their needs.
Umbra Data exchanges information with various community sources, provides free trials to organizations, and supports the idea of a cooperative effort to combat threats. We encourage other vendors to do the same. Cyber citizens safety should be qualified by solution efficiency, not market timing, and a coordinated forum could make this possible. So while Microsoft’s plan may not yield magical results, it contributes foundation pieces to the puzzle and is a step in the right direction toward collaborated research, effective solutions, and an overall safer Internet community.
Comcast recently announced its Constant Guard Bot Detection service that emails customers if they have been infected with malware and directs them to central support to remediate the infection. Other service providers, such as Qwest, have taken similar measures to protect their customers and now Comcast’s tremendous first step deserves a big round of applause.
It is clear that all end users do not hold their computer security to the proper standard, either because of lack of expertise or lack of concern. Professionals in the industry know better, and that’s why steps such as Comcast’s Constant Guard are key to our overall safety. The more service providers can do to centralize Internet security without driving customer prices way up, the better. It is much easier to fight off infections at the service provider level, where all traffic flows through, than rely on millions of users to uphold proper safety standards.
Other service providers, like Virgin Media in the UK, have been responding to the botnet concern similarly by alerting customers whose PCs are infected and pointing them toward some form of customer support. In Australia, the government has started mandating that ISPs who do not maintain security protocol and block the RC content list are fined as much as $25,000/ day.
The German government has started the Anti-Botnet Initiative Program that enlists ISPs to participate in centralizing technical support. Their survey revealed that if the top five ISPs would participate in the program, 80% of Germany would be protected. The Internet has become a public utility and if service providers don’t adjust their security as Comcast has, the government is going to do it for them. Governments, service providers, and security vendors need to continue to work together to combat this threat with the best tools available.
Anti-botnets efforts such as block lists, dns zones, etc. are much more effective when implemented at the service provider level. In order for a cybercriminal to succeed, the individual bots must be able to communicate with the Command and Control (C&C) servers who send commands and data back and forth. The same way resources are saved by blocking malicious traffic at the C&C level, so does protecting your network at the service provider level. Accurate botnet data, like Dark Side Intelligence provides insight into C&C status and enables service providers to block malicious traffic in a manageable, effective way.
This is only one piece to the solution, but Constant Guard is certainly a great first step to botnet protection and I applaud Comcast’s efforts. ISPs are said to be the “gatekeepers” of the Internet, a place where all traffic passes through, and therefore the best place to address network filtering. Hopefully Comcast has started a trend among service providers to respond to the malware evolution in an effective way that directly benefits their customers.