If you saw a swarm of insects flying at you, what would you do? Most likely you would be running away or remembering to duck and cover. A swarm of insects has a lot of similarities to a botnet. Both are comprised of a seemingly massive number of members and despite one is alive and one is a collection of enslaved computers, they both exhibit patterns.
You cannot defeat a swarm one insect at a time – and neither can you defeat the activities of a botnet one at a time. You need to elevate your understanding of the situation in a manner that is repeatable and scalable. You need a process to gain insight into the botnet so that you have the intelligence you need to protect your organization. Here’s three key elements to keep in mind:
- Amass – as much data on the botnet as possible. Broad collection provides valuable data on various activities; where it is active and what its command and control infrastructure is. Deep collection yields details on the specific tactics that a botnet is carrying out, including its tools, communication methods and an understanding of how it evolves over time.
- Analyze – all of the data from as many perspectives to harvest as much intelligence as possible. Analyze with both automation and human engagement where data is categorized, compared and correlated. Develop as much understanding of the activities and evolution of the botnet as possible so you can understand how it evolves into active campaigns.
- Apply – that valuable insight and intelligence gathered as the ammunition to bolster your defenses to defeat the entire swarm, versus just using one particular tactic at a time.
Arbor’s ATLAS is the world’s largest globally-scoped threat analysis network. It allows Arbor’s Security Engineering and Response Team (ASERT) to understand botnets, to monitor them over long periods of time, and most importantly, gain valuable insights into their active attack campaigns. Together, ATLAS and ASERT provide an understanding on which botnets are using which attack tactics – when, against whom, and from where – over the duration of all of their campaigns. This insight allows us to develop specific protections that are continuously updated and fed back into our products via the ATLAS Intelligence Feed.
Check out ASERT’s blog for the latest research and analysis. They’re rock stars in the world of network security!