Not only are large companies fearful of having their assets used as proxies by all sorts of attackers, and any potential fines that such activity or related data loss could lead to, he said, they are also hoping to avoid the embarrassment of having machines inside their walls publicly revealed as spam and malware delivery stations.
Throughout 2007, researchers at network security technology vendor Support Intelligence repeatedly detailed spam runs emanating from well-known businesses, including Bank of America, Intel, and Nationwide Insurance, that were thought to be driven by botnet-infected computers.
At the core of the company's anti-botnet technology, delivered via its appliances, is its FireEye Analysis and Control Technology (FACT) engine, which looks for suspicious traffic, confirms attacks, and blocks access from infected devices to other machines on a network.
Using the information being drawn from its customers, which already include a number of large North American carriers and Fortune 1,000 companies, according to the CEO, FireEye claims that it also has the ability to backtrack its way through the networks of infected machines to scope out the size of botnet operations and work with carriers to snuff out the infrastructure.
Aziz contends that even if anti-botnet technologies become digested in broader suites by most companies or through carrier-provided services, FireEye -- whose virtualization-based technology was originally positioned for use in network access control (NAC) systems when it was founded in 2004 -- will be able to turn a profit by providing the intelligence needed by those systems to identify and track the attacks.
"The capability to build this intelligence about the botnets themselves is a sizable business opportunity. These companies offering services will need to constantly feed new data into their gateways," he said. "We feel this is a viable business model, finding the infrastructure that is out there and helping people understand where it lives and how it works."
Damballa, which takes it name from the realm of voodoo spirits, is already marketing its capabilities to both enterprises and carriers in a number of different models.
For instance, the company already offers three deployment options to enterprise customers: its Global Surveillance Network, a subscription service that alerts users if any of their machines are infected by known botnets; its Enterprise Protection package, which uses sensors placed on clients' networks to look for attacks; and its Extended Enterprise Protection offering, which utilizes sensors outside companies' firewalls to look for attempts by botnets to connect to users' computers.
It markets comparable services for carriers and other security OEMs.
Damballa leaders said that the key to earning a spot inside more companies' operations will be the continued evolution and maturation of the threats themselves, and the company's unique ability to chart botnet behavior.
"We definitely see a best-of-breed opportunity for fighting botnets. It depends on the customer, but most of the success we're finding is with organizations who already have a lot of security technologies in place but still find themselves dealing with this problem," said Tripp Cox, vice president of engineering at Damballa, which was founded in late 2006.