Is It Really Too Late to Beat Bots?

By Larry Seltzer  |  Posted 10-25-2006
Print this article   Print this article
Opinion: The experts are disconsolate over the battle against botnets, but I think the longer term is promising.
To my mind it's been obvious for many, many years, since before we even spoke of "botnets": The only way to stop them is to get ISPs on board, to have them look for malicious behavior and stamp it out, even from paying customers.

Recently a large ISP took such a step: BT (that used to stand for "British Telecom" the way "AT&T" and "IBM" used to stand for something) announced that it will be implementing outbound spam detection with products and services from StreamShield Networks. BT is a dominant DSL player in the United Kingdom.

For more on this topic, see Is the Botnet Battle Already Lost?

As I wrote a few weeks ago, tools are beginning to emerge for ISPs to fight back.

The ICSS tool I described there focuses on DNS, a very good place to look. There are many other approaches, and used in concert they can catch a great deal.

The StreamShield Networks Content Forensics tool that BT will be using looks for spam by monitoring SMTP traffic, a more conventional route. You can tell a lot just by looking at rates of mail transmission.


Another opportunity for ISPs comes from Simplicita, which lets ISPs network with others and with reputation and security companies to share data on bots and coordinate it with their own internal data.

CIO
INSIGHT
POLL
CIO
INSIGHT
VIDEO
  • The Role of Standards in Cloud Security

    Security is often cited as a primary cause for concern...

    Watch Now
  • Ensuring Resources for Mission Critical Workloads

    Application workloads can thrive in cloud environments,...

    Watch Now
  • Improving Security in the Public Cloud

    One of the main concerns about moving data to a public...

    Watch Now