Network access control (that is, scan and block) technologies that can quarantine compromised hosts
Some reports have talked about a network of 100,000 compromised hosts
participating in these attacks.
Subscribers simply provide the address space to be monitored, and the service taps into Mandiant's proprietary cloud intelligence network, which tracks millions of compromised hosts
and thousands of command and control servers.
A new Automated Correlation Engine that identifies and prevents compromised hosts
in an organization's network by correlating patterns to pinpoint malicious activity.
The new work represents important steps forward in cooperative industry efforts to protect end-users by addressing the safe mitigation of botnets, ISP migration to IPv6, detection and reporting of compromised hosts
, Web messaging abuse and other outbound abuse.
0 is fueled by Indicators of Compromise (IOCs), XML-based descriptors of malicious activity that allow an organization to sweep tens of thousands of endpoints in search of compromised hosts
If compromised hosts
are the norm, cloud and hosting services can't be trusted.
The new capability to use IP reputation data to block communication with suspected botnet command and control centers allows administrators to reduce the risk of having potentially compromised hosts
on their network participate in spam or DDoS attacks.
Lancope's StealthWatch System and Damballa's Failsafe appliances interoperate to greatly accelerate administrators' ability to isolate and resolve botnet-driven targeted attacks by identifying malicious activity on the network in real-time, locating compromised hosts
and prioritizing the unauthorized activity in terms of severity and risk.
For example, previous reports identified two main contributors to the increase in web attacks; first, attackers have increased anonymity by looping through numerous open proxies or compromised hosts
and are therefore more brazen in their attacks, and second is the increased usage of automation.
As a result, Failsafe identifies compromised hosts
that other technologies miss, with very little chance of a false positive.
Return Path found that forty-six percent of email is being sent from hosts that should not be sending email at all - compromised hosts
, dynamic IP addresses, and other non-mail servers.
For 54 days not only can enterprises who rely on AV not find compromised hosts
, but even if they somehow discovered a system was compromised, they would not be able to remediate it.