It's always been said that the best defense is a good offense. So when it comes to security, you have to wonder why so many IT organizations play strictly defense.
A good example of how an IT organization went on the security offensive can be found in the form of how FireEye, the maker of a security appliance, worked with an Internet service provider (ISP) to take down a botnet known as Mega-d/Ozdok in 24 hours by redirecting all the incoming malware traffic to a sinkhole server.
It takes a fair amount of time and effort to take down a botnet, but the good news is that, at least for the moment, FireEye has shown how it can be done. Of course, the only way to do that is to be able to see what is happening out in the wild on the Internet, so that means having the ability to do some security analysis in real time.
The FireEye appliance is based on a two-phased approach to security. The first phase identifies potential malware and temporarily quarantines that traffic. The second phase then runs that potential malware code in a virtual environment to determine if it really is malicious. That may seem like an obvious approach to security in this age of virtualization, but doing all that in near real-time requires a fair amount of complex engineering.
What ultimately matters, however, is that the industry as a whole is not only gaining more visibility into what is happening on the Internet, but is also starting to take proactive steps to stop malicious things at the source, as opposed to asking customers to be the front line of defense.
In any battle, the most amount of damage is going to be inflicted wherever the battle is actually fought. The secret to ultimately winning is to make sure that the actual battle takes place somewhere else other than your network.