Arbor catches botnets further upstream
Arbor, which markets technologies used by enterprises, ISPs, and other carriers to monitor for attacks in the traffic flowing over large networks, launched an updated version of its PeakFlow SP platform, which includes new capabilities for sniffing out botnets.

Among the upgrades to the package that will help its customers separate zombie activity from legitimate traffic are new capabilities that give network operators the ability to see what type of applications are responsible for individual packets of data, company officials said.

In addition to helping carriers and large enterprises figure out how to best align their network resources to adjust to the growing adoption of emerging technologies like VoIP, the latest version of PeakFlow will allow the companies to identify botnet attacks before they ever reach end-users, cutting off the threats further upstream, said Rob Malan, Arbor's co-founder and CTO.

"We're finding that with all the latent firepower in the networks, there are greater numbers of botnet controlled endpoints. You have all these homes and offices that have been connected to broadband, and they're being targeted, and dealing with the problem is at the top of a lot of the carriers' priorities," Malan said.

Industry watchers said that customers are looking for ways to fight the botnet issue but contend that they remain wary of being forced to pay for additional products to address the problem.

In that sense, Symantec's addition of the botnet-fighting service at no extra charge to its services customers and Arbor's play to arm carriers with defense mechanisms to protect users upstream could be well received by enterprises.

Andrew Jaquith, a security analyst for Yankee Group, said that many large corporations remain unaware of botnet activity on their networks, as evidenced by the "30 Days of Bots on the Fortune 500" project carried out by software maker Support Intelligence, which has recently highlighted the presence of zombie PCs on IP addresses controlled by massive firms, including Intel, Nationwide Insurance, and Bank of America.

Jaquith said that while more of the infections are being discovered all the time, he believes that the undiscovered botnet issue may be the biggest untold security story of 2007.

The analyst said that customers are desperate for any way that they can prevent the attacks, but he believes that if carriers attempt to turn anti-botnet technologies into paid services, then enterprises might begin pushing back.

"It's encouraging to see activity that's looking to solve the problem, but it's hard to tell if there will be a market for paid products and services, especially when the industry could use some simpler root cause techniques to address it instead of adding technology," Jaquith said. "Enterprises like those named by Support Intelligence might have an interest, and for carriers it makes sense if they approach it the right way, but they might find that they do not get good a reception from enterprises if they're looking to add more charges."

The analyst contends that carriers should be the parties responsible for protecting customers against botnets and that they could already do so if they adopted more of a white-list style approach to the types of traffic they allow onto their users' networks.

"I'm not sure if the world needs more solutions to solve this problem; what would really be helpful would be if carriers would stop pretending that they simply provide dumb pipes that deliver traffic," he said.

"The approach shouldn't be charging for extra services to keep the network clean," Jaquith said. "It would be much better if they were to limit the types of acceptable traffic in general and deny anything unusual unless customers want to pay for extra services because they support the types of traffic in which the botnet attacks are typically hidden."