1. Market Research
  2. > Computer Security Market Trends
  3. > The Forgotten Barometer: Bot Detection as an Integral Security Technology

This SPIE will analyze the value of bot detection in a security model; the perceived value of such features; the methods used to detect bots, and their respective effectiveness.

Introduction
The model for threat detection is continually evolving in response to changing tactics utilized by malicious actors. Network-based threats are increasingly deceptive and dubious in nature; and, as a result, security technologies must be able to detect signs of an attack or intrusion attempt, rather than an exact pattern of an outright threat.
One of the trends forcing a shift in threat detection methodologies is the growing importance of the bot as a go-to tactic for hackers and hacker groups. A bot is a computing system tasked with performing a specific Internet function, in an automated fashion. Not all bots are malicious in nature; there are bots that perform legal and useful tasks such as Web indexing, data collection, competitive research, and promotional activities on social networking Web sites.

For hackers, the benefits provided by bots are invaluable. The ability for bots to perform assigned tasks repeatedly, quickly, and in an automated manner enable hackers to control these systems en masse and to great effect. A group of coordinated bots, called a botnet, enable threat actors to perform massive scale distributed denial-of-service (DDoS) attacks and spam email campaigns. Though DDoS attacks and spam distribution are some of the most visible and well-known uses of DDoS attacks, the importance of bots is greatly underestimated. Essentially, the bot is the “go-to” tool that enables the command, control, communications, and coordination of covert operations by highly sophisticated threat actors.

Thus, while bot detection is a valuable pursuit in its own right, it may also be leveraged as a means to defend against a range of threats. Security solution vendors hope to be able to protect customer networks from a range of commodity malware, advanced threats, availability attacks, and other undesirable activities by identifying and blocking malicious bots. This SPIE will analyze the value of bot detection in a security model; the perceived value of such features; the methods used to detect bots, and their respective effectiveness.

The Need for Bot Detection as an Integral Component in a Modern Network Security Model
Too often, bots are overlooked as just another item of concern in a threat landscape characterized by a myriad of threats. However, bot detection is an important capability that can help to solve imminent threats, as well as less visible security issues.

Bot Detection to Mitigate DDoS Attacks and Spam
Bot detection is perhaps most closely associated with DDoS attacks and spam distribution. The first step in these attacks is to infect as many devices as possible. The Zeus trojan and similar malware families are capable of infecting a range of devices, and installing the necessary software for hackers to control the device. Next, the malware will direct the infected device to dial-out to a specified IP address, pertaining to the command and control (C&C) system, for directions. The C&C system can then direct bots to send unsolicited network traffic to targeted IP addresses as part of a DDoS attack.

DDoS attacks can be very costly for businesses, by inhibiting employee access and productivity, blocking sales and new customers, and by hurting the reputation of the targeted organization. As a result, DDoS attacks are increasing in frequency, volume, and potency.

Arbor Networks is the leading provider of DDoS mitigation solutions for service providers and enterprise networks. Bot detection is an important capability for the purpose of identifying and mitigating DDoS attacks reliably. For Arbor Networks, the ability to identify and block bots accurately helps to distinguish its products from entry-level DDoS mitigation capabilities integrated in standard network tools such as firewalls, intrusion prevention systems (IPS), and content distribution network (CDN) services. A complete analysis of the DDoS mitigation global market is provided in the Frost & Sullivan Market Engineering study available at www.Frost.com/ndd2.2

The owner of the bots and C&C system, called a bot herder, may also use the botnet to send massive amounts of spam email, as in the case of the Cutwail botnet. Spam email presents a range of threats, from a simple nuisance to a launching point for social engineering attacks, phishing, and distributing malware such as Cryptolocker. Additionally, spam can present a drain on businesses by tying up valuable computing resources involved in threat detection inspections, or by hijacking computing resources for the purpose of sending spam emails.

Bot Detection to Stop Malware and Advanced Threats
A particular trend that has forced a shift in the security model is the emergence of advanced persistent threats (APTs). Frost & Sullivan defines an APT as a cyber-based attack that
- Utilizes a type of advanced malware
- Targets or focuses on specific individuals or organizations (not a mass targeted attack)
- Looks to achieve a monetary or intellectual property gain
- Looks to penetrate and persist, undetected, in an environment (network or endpoint)

The term APT was originally coined to describe dedicated, skilled, and organized hackers and groups that conduct highly successful data theft and network intrusion actions. Often, these actions go unnoticed for several months and even years as APTs are designed to evade commercial threat detection systems, as well as obfuscate evidence of their activities. The first signs of an APT are typically discovered by the victimized organization’s partners and customers rather than the victim organization itself, and are fully uncovered only after a lengthy and exhausting forensics investigation.

Security companies continue to develop and refine multiple methods to detect APTs. Some solutions attempt to identify threats near the network perimeter, with FireEye as a well-known example. FireEye utilizes a sandboxing methodology to detonate malware in a virtualized computing environment, in order to identify APTs that are undetectable by traditional signature matching and behavioral systems. However, there is a pattern of escalation that indicates that future APTs will become resistant to these detection mechanisms. Already, advanced malware is being discovered with sandbox evasion capabilities, such as the ability to detect the presence of emulation or a virtualized environment, and stay dormant during the inspection process.3 Therefore, the detection of APTs increasingly requires the ability to detect and correlate multiple indicators in an automated and investigative manner.

Table Of Contents

The Forgotten Barometer: Bot Detection as an Integral Security Technology

View This Report »

Get Industry Insights. Simply.

  • Latest reports & slideshows with insights from top research analysts
  • 24 Million searchable statistics with tables, figures & datasets
  • More than 10,000 trusted sources
24/7 Customer Support

Talk to Veronica

+1 718 514 2762

Purchase Reports From Reputable Market Research Publishers
Asia-Pacific Distributed Denial of Service (DDoS) Solutions Market

Asia-Pacific Distributed Denial of Service (DDoS) Solutions Market

  • $ 13500
  • Industry report
  • September 2016
  • by Frost & Sullivan

Rise of Volumetric, Sophisticated, and Ransom DDoS Attacks Toward Organizations Driving the Market Growth momentum in the Asia-Pacific Distributed Denial of Services (DDoS) solutions market remained strong ...

Japan IT Security Products Forecast, 2016-2020

Japan IT Security Products Forecast, 2016-2020

  • $ 4500
  • Industry report
  • October 2016
  • by IDC

This IDC study is a translation of the Japanese document IDC #JPJ40602516, which provides a market size forecast for the Japan IT security product market. This market is categorized into the external threat ...

Japan IT Security Products Market Shares, 2015: External and Internal Threat Measures

Japan IT Security Products Market Shares, 2015: External and Internal Threat Measures

  • $ 4500
  • Industry report
  • October 2016
  • by IDC

This IDC study is a translation of the Japanese document IDC #JPJ40602616 that presents the Japan IT security products market vendor shares in 2015. The market is divided into external threat protection ...


ref:plp2014

Reportlinker.com © Copyright 2016. All rights reserved.

ReportLinker simplifies how Analysts and Decision Makers get industry data for their business.