none

Botnet Filter & Statistics Module

For expressXG Framework

  1. Overview
  2. Benefits
  3. Features
  4. Applications

Overview

It’s well-known that the threat of cyber attacks, such as denial-of-service or spam, which can paralyze a site, is a harsh reality of doing business in today's technological world. As a service provider, government, or large enterprise, the cost to your organization from an attack can be excessive in many ways, beyond short-term financial, as hackers quickly take advantage of network vulnerabilities. For this reason it is essential to implement protection against malicious network attack mechanisms. One of the more insidious attack mechanisms that has caused massive disruption in recent times are botnets.

A botnet is a global network of infected "slave" computers, possibly hundreds of thousands or millions in number, all controlled by rogue servers that are adept at hiding their locations and existence. These servers provide instructions to compromised PCs to initiate a unified attack on a target network site, possibly a distributed denial-of-service (DDoS) attack. The best defense is early detection and rapid response, ideally before the attack even takes place.

Why traditional defense mechanisms don’t work

Timing. One of the typical approaches to dealing with botnets is to inspect Internet traffic in a network and identify communications occurring with a database of known or suspected botnet command and control hosts (i.e. blacklisting). Typically, an organization will receive periodic database updates from its central processing division (or third-party data feeds) that have taken the time to analyze and announce the latest cyber threat. These list-classification methods are limited by the accuracy and timeliness of the list, and may introduce an unnecessary time lag in implementing protective measures.

Furthermore, sophisticated botnets, utilizing fast flux techniques to obfuscate their location are not amenable to fixed list identification approaches.

Technique. Another standard approach to detecting botnet activity is to examine network traffic for specific activities coming out of suspected proxy PCs. While this approach may catch the botnet as it is involved in performing an attack, it is deficient in detecting botnets as they are still forming.

Location. Some DNS servers have software features to help detect suspected botnet traffic passing through them. Even if the DNS servers in your network have these features, botnets may simply be bypassing them and using other DNS servers outside your network.

Response. If you are relying on traditional techniques, by the time botnet activity is detected on your network, your ability to mitigate infection is greatly reduced, if not already too late. While you may be able to contain the attack or prevent its spread beyond the local network/segment, the local resources are still consumed by the attack.

The expressXG Framework solution provides an innovative, scalable approach to network security

The best defense against botnets and other malicious software is rapid, early detection that enables a swift response. The Botnet Filter and Statistics Module gives you the ability to do this in a powerful, scalable way that the traditional list-classification methods can’t match. Take action to secure your network by using the expressXG Framework solution.

Its main features and benefits include:

  • On-the-fly botnet activity detection and alerting - inspects traffic in real-time at 10GbE line-rate on multiple 10 Gbps links at once. No waiting for database or third-party updates. Your rapid response can begin before day zero of the threat, and can include sending out live alerts in real-time.
  • Detects botnets while they are still forming - use your valuable resources to "sniff" out the specific characteristics of traffic coming from suspected servers. This ensures only those local PCs that may be potential botnet members are flagged and analyzed before they become active (i.e. before day zero).
  • Detects single and double fast flux botnet activities - Fast flux network servers involved in cyber attacks are especially difficult to track with list comparison methods, because they communicate by using large numbers of rotating IP addresses, restricted time-to-live values and other characteristics in data packets. These are all patterns that can be exploited for botnet detection.
  • Detects botnets that use DNS resources outside your network - captures all DNS traffic, enabling detection of botnets that bypass DNS servers on your network.
  • Contains botnet attacks that use zero-day exploits - the real-time detection capabilities can provide on-the-fly updates to blacklists or ACLs helping to limit botnet recruitment that uses zero-day exploits.
  • Apply advanced filters and gather important statistics - the application module performs line-rate analysis of incoming traffic and, if enabled, filters traffic according to specified criteria. Advanced statistics gathering and reporting capabilities are also included to provide real-time network situational awareness.
  • Rapidly program a targeted reaction - define exactly how the network is to respond to detected threats and deploy rapidly.

Available Platforms

The expressXG Framework from AdvancedIO Systems runs across a variety of platforms, bringing high performance and scalability to networks of variable size. Its transparent porting capability safeguards a company's investment in application development.

Benefits

  • Provides early detection of cyber attacks using real-time traffic analysis without reliance on external databases or feeds
  • Provides real-time network situational awareness
  • Detects single and double fast flux botnet activities before day zero
  • Accurate alerting of suspected botnet command and control communications
  • Detects botnets that use DNS resources outside your network
  • Limits and contains botnet recruitment even when zero-day exploits are used
  • Enables rapid response to detected threats, based on real-time network information

Features

  • Processes all incoming traffic at 10 Gigabit line-rate speed
  • Generates log files and histograms of various traffic types
  • Provides programmable filters and statistical reporting for network traffic
  • Rich programming capabilities using high-level framework and APIs
  • Supports user authentication and access control levels for data privacy protection
  • Supports in-line and network-tap deployment

Applications

Botnet Datasheet

Look no further — request
the datasheet here.

Register now!

Talk to AdvancedIO about your real-time application: Contact Us | Call: 877.331.7755
© AdvancedIO Systems Inc.