Botnet (CnC) Detection

Detect Botnets Before They Wreak Havoc

If your enterprise is connected to the Internet, then you are the target of a bot-driven attack. It is not a question of if or when you'll be compromised — it's a question of how bad the problem already is, and how soon before your staff can identify or minimize the damage. Unlike widespread attacks, targeted botnet attacks are very stealthy in nature and are difficult to detect using traditional security solutions. However, despite their quiet nature, they can cause very expensive, sometimes irreparable damage to an organization.

Through advanced behavioral analysis, Lancope's StealthWatch System can detect the command-and-control (CnC) communications between botnet attackers and compromised hosts within the network. This way, botnets can be quickly contained before they wreak havoc on network assets or performance, or even ruin a company’s reputation or financial health. This innovative approach is cost-effective and enables fast, effective remediation of this especially damaging attack method.

The SLIC Threat Feed adds another layer of protection by continuously monitoring customer networks for thousands of known command-and-control (C&C) servers and adding new botnets to its radar as they are identified in the wild. The threat feed draws upon global threat intelligence to uniquely provide information around the full security incident for dramatically improved risk management.

With Lancope's Operational Network & Security Intelligence (ONSI) dashboard, StealthWatch security alarms are closely aligned to the various steps of the cyber attacker’s “kill chain," including CnC communications. This provides greater security context for faster threat detection, more precise incident response and improved troubleshooting of these stealthy, malicious behaviors. Additionally, through StealthWatch Labs security updates, Lancope delivers behavioral protection algorithms for top threats lurking online to customers outside of their regular product upgrade cycles. These security updates provide additional assurance for defending networks from the latest threat vectors.

 

Find Botnets and Command-and-control

Lancope’s StealthWatch System can detect C&C communications
between botnet attackers and compromised hosts within the network.

StealthWatch Botnet Detection

  •  Detection of either attempted or successful C&C communications
  •  Reporting on the specific botnet name responsible for the infection
  •  Detection of C&C servers operating within a network
  •  In-depth traffic reporting and analysis of the C&C communications
  •  Accelerated priority of other suspicious network activity from infected hosts
  •  Visual tagging of malicious hosts for fast identification
  •  Correlation of user and device information for the infected hosts to add context
  •  Utilization of application metadata such as HTTP URLs from the StealthWatch FlowSensor™ to increase accuracy of detection

Download Lancope's Market Brief: A Multifacted Approach for Detecting Botnets