The Performance Zone

Other top security issues facing both consumer and business users next year include:

• Botnets - GTISC estimated in last year’s report that 10 percent of online computers were part of botnets, groups of computers infected with malicious code and unknowingly controlled by a malicious master.  This number was even larger in 2008 and is expected to continue.
• Threats to VoIP and mobile devices – the VoIP infrastructure is vulnerable to the same types of attacks that plague other networked architectures.
• Cyber warfare - Cyber warfare is predicted to accompany traditional military interaction more often in the years ahead.
• The evolving cyber crime economy - Sources of cyber crime will become increasingly organized and profit-driven.
  

I don’t have much to say about the evolving cyber crime economy or cyber warfare other than it’s scary and just plain wrong… But I do know that our customers are using the nGenius Performance Management solution to help combat a variety of security threats and thought I would share some of those stories.

Malware and bots are introduced into the network in a variety of ways— via Trojans, emails, instant message client or an infected Web site, like Facebook* or peer-to-peer sites like LimeWire**. Once installed, the bot usually disables any antivirus/security software and then communicates to a “command and control” server and awaits instructions, such as to send spam. Once the spam session is over, it shuts down and awaits new instructions.

Since bot communications are designed to look like normal Web traffic using accepted ports, firewalls and intrusion prevention systems have a hard time isolating bot messages. One of the ways our users have uncovered botnets is by using the Advanced Analytics capabilities of nGenius K2.

Because nGenius K2 detects small but significant changes in network behavior, it can detect  security breaches immediately after the break-in occurs, helping to contain and limit damage. nGenius K2, NetScout’s early warning system, looks for abnormalities or changes in patterns that could indicate a zero-day virus, zombie bots sending spam from compromised desktops, or denial of service attacks and alarms on them once they’re detected.

Then, once an attack or break-in is recognized, nGenius InfiniStream provides all the evidence needed to isolate and contain the infection. It acts like a video surveillance camera on the network, passively collecting packet-level data until it is needed for reviewing the scene of the crime. This packet data contains the “who”, “what” and “where” of the security breach and enables retrospective analysis and playback.  Because the nGenius InfiniStream tracks and records all applications, conversations and hosts, not just the “Top N” applications or those that exceed a certain threshold of activity, it is a very effective tool for catching low-level intrusions. In addition, it identifies source and destination IP addresses so you can easily figure out who else on the network is infected and contain the attack before it propagates throughout the enterprise.

The final point I want to make is that because the nGenius Solution works in a converged environment, i.e., you can monitor your VoIP traffic as well as your data traffic, you’ve got the added benefit of knowing that your voice traffic is safe, too.

Tell us how you solved some of your toughest security problems using the nGenius InfiniStream’s forensic analysis or nGenius K2’s analytics capabilities …

Footnotes:
* You can easily identify and monitor social networking sites simply by entering the URL into the nGenius Global Manager.
** All the popular peer-to-peer applications – KaZaA, Shareaza, Morpheus, BearShare, LimeWire, eDonkey, eMule and iMesh – are available for monitoring right out of the box.