The Internet has become a place you never walk alone. Between users concern for the safety of their identities and with the United States being the number one malware producing country, the time has come for major policing. Cybercriminals are becoming more organized, threats are becoming more advanced, and it’s clear that the average end user can’t adequately defend him or her self against this evolving force. Internet communities all over the world are handling the malware crisis differently, but the general consensus is that the ISPs are in the best position to combat malicious activities such as infected network traffic and child pornography.
Their involvement won’t create a utopia, but it’s certainly an important, overdue step. The cyber landscape will continue to change and hackers will continue to thwart anti-malicious activities, but not in well-monitored areas. Qwest Communications found that when they implemented stronger security settings, bad actors started avoiding their network. It’s more lucrative to leverage less secure areas of the network that are not subject to enforcement.
A good policy definition is also important so that it is clear what should take place when malicious activity is encountered. The Australian government has dictated law instructing ISPs how to respond to threats. Virgin Media in the UK has chosen to create their own policy and are sending customers a letter informing them if their PC is infected. Germany has created an initiative asking service providers to participate in centralizing technical support.
Key to getting the ISPs to step up is managing the customers. Once service providers are named the protectors, customers will turn to them with all of their security problems. Similar to the way that you would call your water utility company if you had contaminated water. Customers who experience technical problems are going to contact their service provider even when the issue has nothing to do with the ISP. There needs to be a way for service providers to cope with this increase in liability without increasing their labor costs and pricing. Customers need a way to voice complaints and ISPs need a way to both minimize the number of complaints and deal with them efficiently without increasing costs. Failure to address this aspect could easily cause overall failure and discontinuance by ISPs.
In the case of any policy, whether self-created or mandated by law, the most comprehensive accurate intelligence is needed to determine what is malicious activity. Umbra Data’s Dark Side Intelligence facilitates service providers in taking action to enforce their policy requirements so that they can serve to minimize end user impact and the ISP’s cost of doing business.
ISPs are in the best position to take on the botnet problem and standardize security protocols. All network traffic gets passed through the ISP’s network so that makes it an ideal place to implement effective security mechanisms. Existing security solutions are ineffective, and using an effective method such as breaking communication from the bot to the C&C servers is best implemented at the service provider level.
The old argument that integrating block lists at the cloud level would block legitimate traffic isn’t relevant with new malware intelligence. Customers are asking to be protected and will be more satisfied with their ISP as a result. If service providers take measures into their own hands it will prolong government mandates, lower costs, increase customer satisfaction, and make the argument that, “the market will take care of itself.” ISPs need to step up to the plate and start swinging! We are rooting for you!
- Marc
testing