Anti-botnet vendors plug in

A small group of IT security startups are hoping to cash in on the rise of the botnet scourge as businesses -- telecommunications carriers and Internet service providers, in particular -- seek new methods for stopping the attacks.

While larger security software makers, including Symantec, McAfee, and Trend Micro, have built botnet-fighting functions into their existing products, and carrier security specialists such as Arbor Networks have added tools for detecting the threats in their network monitoring systems, a handful of smaller companies are attempting to market themselves as purists in the anti-botnet field.

As carriers, ISPs, and large enterprises investigate techniques to keep computers on their networks, and those of their customers, from being recruited into the zombie armies of botnet-controlled devices, some experts say that there may be a market for stand-alone technologies that address the problem -- at least for the next several years.

"If you look at the change in the characteristics of malware attacks over the last year, and the public outrage over data breaches, private and government organizations have reached a point where the botnet issue is directly accessible," said Nick Selby, analyst at The 451 Group.

"Botnets are very relevant to data loss, and without question, customers are looking for in-the-cloud protection and clean pipes; the problem is too complex for any individual user to deal with alone, even large enterprise users," he said. "Anti-botnet vendors could see compliance and media-fueled growth because everyone understands the issue of data loss."

Just as Webroot was able to build and maintain a business dedicated to fighting spyware -- even in the face of competition from larger rivals who built tools for warding off those attacks into their integrated security suites -- vendors staking a claim to the anti-botnet space contend that there will be plenty of demand for their specialized skills.

Perhaps the two best-known providers making noise in the segment are FireEye, a Silicon Valley startup backed by funding from Sequoia Capital and Norwest Venture Partners, and Damballa, an Atlanta-based company with roots at Georgia Tech backed by Sigma Partners and Noro-Moseley Partners.

Leaders with both companies maintain that their businesses are already taking off as botnets take over.

"These networks of infected PCs have become, in essence, the world's largest computing grids. They dwarf the world's supercomputers in terms of their power, so that tells you something about the severity of the overall threat," said Ashar Aziz, chief executive of FireEye, who maintains there are currently as many as 150 million botnet-infected computers worldwide.

"This is the actual infrastructure that connects all the malware, spam, and denial-of-service attacks," he said. "A feature built into an end-point client is not going to solve the problem on its own; large enterprises and carriers are looking for something today that is going to help them keep their assets from being victimized."

In addition to the carrier crowd, Aziz said that a growing number of large enterprises are seeking to take things into their own hands to ensure that their networks aren't being exploited by botnet commanders.