IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Members Area | Registration 
Archive  | Papers  | Research  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
7th October - Using scripting to improve accessibility
Jon CollinsFreeform Comment
Jon Collins
3rd October - Is IT offshoring ready for "Designed in India"?
Clive LongbottomQuocirca
Clive Longbottom
3rd October - PUE, DCiE and TCE - and what's still missing...
IdaRose SylvesterFreeform Comment
IdaRose Sylvester
2nd October - Socialtext Launches Socialtext 3.0, Battle for Enterprise 2.0 Heats Up
David TebbuttTeblog
David Tebbutt
2nd October - Social software and a troubled bank
Bob TarzeyQuocirca
Bob Tarzey
2nd October - McAfee and the provision of secure computing
Module Header
Q. How many email addresses do you have?
 
  • addtomyyahoo4
  • Subscribe in NewsGator Online
  • Add to My AOL
  • Subscribe with Bloglines
  • Add to netvibes
  • Add to Google
Blogs > Sageza Says
Is Bot Defense the IDS of 2008?
Lawrence Dietz By: Lawrence Dietz, Research Director, Sageza Group, Inc.
Published: 6th December 2007
Copyright Sageza Group, Inc. © 2007
 Logo for Sageza Group, Inc.

I don't think there is any question that bots and botnets are a dangerous threat. The combination of a worm delivery vehicle and a malware payload of varying capabilities is a potent one that attackers have morphed to suit their own purposes. Bot defense is proving to be a difficult task even as traditional AV vendors and others have purported to include bot defense in and among the various protections they offer.

There are also a couple of specialty vendors that focus on the threat and claim to be able to identify not just the threat, but the best way to defeat it in the future. If this all sounds strangely like the rhetoric surrounding Intrusion Detection Systems in the early days—it's because it does. As you may recall, IDS vendors all touted their ability to identify attacks. The market bifurcated itself into network and host and vendors pretty much camped out on one side or the other.

Then one day, at a Gartner security conference of all places, an analyst (Richard Stienon, now with Fortinet) coined the phrase "IDS is dead!" The market went into a tizzy with much scurrying around by vendors to re-position themselves as Intrusion Prevention rather than Intrusion Detection. In retrospect Stienon merely stated the obvious that end user organizations didn't want a complete description of their problem, they wanted technology to make sure the problem didn't occur in the first place.

So should it be with bots and botnets. The community wants and needs prevention more than it needs detection and identification. I offer this blog as a call for vendors to develop measures that do more than diagnose the threat but can provide detailed guidance to non-security professionals such as those that work in the Network Operations Center (NOC) to help them thwart these efforts in an exceptionally timely manner. Ideally perhaps the products would also offer the capability to invoke the recommended solution with a key stroke or two in accordance with previously approved security and operations protocols and permissions.

We know that the edge belongs to the attacker. Security professionals have to win all the time to keep their IT world safe, attackers only have to win a few times to accomplish their goals. Let's hope that the botnet world becomes a proving ground for being one step a head of the enemy, rather than behind them.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.
Advertisement


Analysts
Bloor Research Freeform Dynamics Hurwitz & Associates Hydrasight Macehiter Ward-Dutton Quocirca Sageza Group, Inc. The Information Difference
Amplitude Research, Inc. Applied Computer Research, Inc. Callio Technologies Computer Economics CoreBrand Cranfield School of Management DMC Valuations Group eMarketer
About The Website | Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)203 051 5760
Fax: +44 (0)870 345 9922

Published by: IT Analysis Communications Ltd.
T: +44 (0)203 051 5760 | F: +44 (0)870 345 9922
Email: