Beaconing Detection: A Required Defense

Wednesday, April 13, 2011

One of the hottest areas in network security is what I term beaconing detection.  The success of the vendors in this space is predicated on what is rapidly becoming a common observation: most organizations are infested with surreptitious malware (APT) .   

Examples abound of this type of infection, from Ghost Net, to attacks on the Pentagon, Google, RSA, and the McAfee Night Dragon incident.  Once a desktop or server is infected it “phones home” for additional downloads, instructions, and ultimately to exfiltrate stolen data. 

NetWitness is a pioneer in this space and growing at over 100% a year. Their sensors record network traffic and use a feed of data about threat sources associated with command and control servers.  Any communication with a suspect IP address is immediately identified.  Having the ability to automatically combine any source of data and compare it to live network flows makes many more things possible too.

Recently NetWitness announced that they have been acquired by RSA, the security Division of EMC.  I had a chance several weeks ago to interview both Amit Yoran, the CEO, and Tim Belcher, CTO of NetWitness. 

Watch Amit’s interview first to understand the threats that NetWitness is targeting.

And hear is the interview with Tim who explains Netwitness's approach to beaconing detection:

It is exciting to see RSA recognize the value of beaconing detection.  You can tell by listening to this Focus Round Table recording that I am very positive about this acquisition.  

Thanks to RSA/EMC’s market presence, beaconing detection will get more widely deployed quickly. It is one of the primary defenses against APT.   RSA’s customers will be well served. Netwitness’s customers will too.  The industry will pay attention and start to incorporate similar capability in firewalls and Intrusion Prevention Systems.

Possibly Related Articles:
Information Security
malware Advanced Persistent Threats Network Security IDS/IPS Beaconing Detection
Post Rating I Like this!