FireEye is installing malware detectors in ISP networks so it can tell its corporate customers when their machines have been commandeered by bots.

The company has installed between 10 and 20 nodes of its Botwall appliances in the networks of five ISPs to locate bot command-and-control servers and individual zombie PCs that have been taken over by bots.

Called Botwall Network, the service reports which machines in customer networks are communicating with bot servers or are attempting to propagate bot maleware to other machines, says Ashar Aziz, president and CEO of FireEye.

The company recommends that these machines be reimaged to make sure the bot software is eliminated entirely.

“The idea is that by putting their appliances in with ISPs, they can see more traffic and can react better at client sites,” says Raffi Jamgotchian, CIO of Canaras Capital in New York City. Canaras has a FireEye appliance in its network to detect many kinds of malware, but the network service can help pinpoint bots, he says.

The network can also give a broader perspective on attacks, says John Oltsik, an analyst with Enterprise Strategy Group. For instance, if bot activity is detected in the Asia-Pacific region via Botwall Network, it can help customers in regions where the bot has not yet started to work to protect themselves, he says.

FireEye gear monitors network traffic looking for anomalies and suspicious traffic patterns, and when it identifies suspect code, runs it on virtual machines within the Botwall appliance to determine whether it is malicious and what it does when executed.

The devices can block malicious traffic using port blocking, null routing or TCP connection resets. They also log suspicious activity and actions they take and alert IT management to traffic it flags.

With Botwall Network, customers can let their FireEye appliances report suspicious behavior to the network to add data on overall global malware activity. FireEye will not reveal in which service provider networks it has established nodes of Botwall Network.

The approach is similar to Symantec’s DeepSight System, which also uses customer input to discover threat behaviors on the Internet, Oltsik says.

FireEye is also introducing two new Botwall appliances, the Botwall 4100 and the Botwall 4700. They have the same features as the company’s earlier Botwall 4200, but differ in performance.

Whitepapers

• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper
• Driving Business Success Through Workgroup Choice and Flexibility
• Toward More Flexible, Next-Generation Collaboration Solutions
• Collaboration Tools and Organizational Success Whitepaper
• The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise

View more SECURITY whitepapers

Webcasts

• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions
• Transforming the Enterprise WAN Edge: Video from Cisco

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports