A few weeks ago, I wrote about how you can use the IRC blocking capability of your web filter to detect the presence of bots on your network. In that post, I assumed that we all understood the threat posed by bots — why they’re different from good ol’ fashioned malware infections. I’ve been asked to expand on that a bit, so here goes.

As we all know, the Internet has become a critical business tool and criminals have taken notice. Just as there is money to be made in doing business on the Internet, there is money to be made in carrying out crime on the Internet. And as criminals have focused more on the Internet, their tools have necessarily evolved and become more sophisticated.

Five years ago, the typical virus or worm author’s sole purpose was to gain notoriety and cause end-user headaches. Liabilities were limited to business outages and user downtime. Those are significant liabilities to be sure, but they seem almost quaint in light of the new threat landscape.

(more…)

I worked for many years at Symantec in the Enterprise Security Group, where I wrote a slew of code for Symantec’s antivirus and client security products. In my time there, I talked to lots of IT Admins who were tasked (saddled?) with the responsibility of managing huge deployments of desktop security.

Their most difficult problems were always in the area of installation and deployment. Things like: How can you help me find all of the computers on my network that need AV installed on them? Can your product identify the source of an infection, so I can go find that computer and clean it up? It was all about managing and probing those dark corners of the network where desktop security wasn’t already deployed.

The solution is to use the security products that are at your gateway.

(more…)