The common wisdom is that botnets take advantage of PCs belonging to unsuspecting consumers and under-protected small businesses. Enterprises are though to be more highly protected and therefore less vulnerable.
That thinking, according to this Dark Reading story, is mistaken.
An interesting question is whether the increase in botnet activity on business local-area networks (LANs) is being noted simply because there is more scrutiny or if the overall rise in botnets -- led by the insidious Storm -- and the growth of harder-to-protect mobile connectivity options has led to an actual spike in corporate botnets.
The thesis of the Dark Reading story -- that the IT community underestimates the threat from botnets -- is validated by this Government Technology piece. Forrester Research conducted a study on behalf of Secure Computing Corp. on Web 2.0 security. The survey, which involved 153 IT and security personnel from companies with 1,000 or more employees, revealed that 97 percent think they are prepared for Web 2.0 threats.
The key takeaway: Seventy-nine percent are concerned about viruses, 77 percent are concerned about Trojans, but only 12 percent are concerned about botnets.
The bottom line of this interesting and rather sobering Network World piece is encapsulated in an accompanying graphic. It says that 44 percent of respondents say zombies and botnets have been discovered on their networks, but that the problems have been taken care of; 30 percent say botnets are a growing problem; 10 percent say botnets aren't a big problem; 10 percent say they haven't run into the issue and 6 percent say they haven't seen them on the network and so aren't taking any precaution beyond typical anti-malware steps.
The first step is to get beyond residual denial. The author of the story quotes Rick Wesson, CEO of Support Intelligence:
Most companies run pretty tight networks, but the idea that you are not going to have bot networks running on your systems is naive. We have a lot of data that says a sizable portion of the Fortune 1000 has bots.
The good news is that tools are emerging. For instance, FireEye this week introduced the FireEye Botwall Network. It combines the FireEye Botwall 4000 appliance and the FireEye Botwall Network service. The integrated offering is designed to operate at three levels: Discovery, control and audit. More specifically, the system provides insight into the botnet's command-and-control structure, analysis of its propagation processes and other factors that can be used to diagnose and confront the problem.
FireEye is not alone. Mi5 also is taking steps to protect corporate networks from botnets. The Webgate family is aimed at malware in general, but the product specifically addresses the botnet threat. It can recognize and "disinfect" zombie machines based on the organization's policy settings. Indeed, Mi5 founder and CEO Doug Camplejohn is quoted to the effect that bots are emerging as the biggest threat to corporate security. Clearly, the announcement is interesting both in terms of the technology itself and the fact that botnets are paid equal or perhaps even greater attention than other forms of malware.
Botnets are a big problem. The bigger issue, however, is denial on the part of enterprise IT and security personnel. The good news is that there clearly that more people are taking the threat seriously.