Jeff Harris
Chief Marketing Officer

How to win the battle against botnets

June 13, 2016 by Jeff Harris

Is your business ready to battle botnets?  Botnet attacks have grown by 35% in Q1 2106, compared with the previous quarter, according to ThreatMetrix’s Cybercrime Report.  They are primarily used to launch distributed denial of service (DDoS) attacks to disable corporate websites and networks, and these are getting much stronger and more frequent too, according to Kaspersky Labs’ DDoS Intelligence Report and the Neustar DDoS Attacks and Prevention Report.  So what can you do to protect yourself?

Traffic management

Botnet protection strategies center on managing the traffic hitting your networks.  First, can it handle the sudden and often huge spikes in traffic that signal a botnet attack?  Here, load testing and balancing are useful first lines of defense, but a large-scale botnet attack could still bring applications to a grinding halt.

Second, can you identify and block the malicious traffic originating from machines that are controlled by botnets, using firewalls and other security tools?  This can be an effective approach, but even high-capacity firewalls can be overwhelmed by traffic volumes, and the processing power needed to analyze, identify and block malicious traffic is an additional drain on performance and throughput. 

However, there is a third way - preventing that malicious traffic from reaching your network in the first place by intelligently pre-filtering it.  This dramatically reduces the impact of an attack, while also improving the efficiency of your firewalls and related security solutions – making it easier for them to identify threats and reducing false positive alerts. 

This is done using a threat intelligence gateway such as Ixia’s ThreatARMOR, which continually monitors and proactively identifies IP addresses that are under botnet control, powered by real-time, constantly-updated data feeds on known bad addresses.  When traffic from known bad addresses is received by the gateway, it can be filtered at up to 10 GB line speeds – so malicious traffic never touches your networks.    

What’s more, you can also configure ThreatARMOR to filter IP addresses in geographic regions that you never do business with, to further reduce your exposure to potential threats.  Botnet command and control centers are not very geographically dispersed – in fact, 18% of all DDoS attacks come from Chinese IP addresses alone. Russia, Ukraine, Turkey, Pakistan and China are five of the top ten botnet originators.  So if you don’t have partners or customers in these countries, why not filter all traffic originating from there?   

Protecting from the inside out

It is also important to consider the traffic going out of your network.  ThreatARMOR can be used to prevent infected machines within your organization from connecting with known botnet command and control centers on the outside.  This stops any existing bot infections from stealthily exfiltrating your sensitive data – further cutting your risk exposure.

ThreatARMOR can reduce alerts and false positives by 30% or more, updates threat data every five minutes and yields a potential 15x return on investment after just 12 months. It drastically reduces the load on existing solutions such as firewalls, antivirus and sandboxes, and frees up the IT team’s time to be more strategic by reducing false positives.

Ixia also offers a sophisticated DDoS mitigation test and Application and Threat Intelligence subscription service, so you can proactively take control of your DDoS prevention and botnet protection strategies.  Why not find out more about how we can help you win the battle against botnets?