“We’re often asked what can be done to combat botnets, and here is the basic answer: We need to make sure that individual machines are not infected in the first place. We need to do this by delivering security faster than our adversaries deliver malware…Indeed, having real-time visibility into emerging threats and a comprehensive view across the threat landscape is a powerful means of defeating botnets, which can multiply extremely quickly. One robust technology that enables this real-time global visibility is called Global Threat Intelligence. With Global Threat Intelligence, millions of sensors scan the Internet across the globe and feedback real-time data on botnets and other threats. This data is instantaneously correlated and fed back into security products, delivering real-time protection to customers, as we identify and block the malicious files, IPs and URLs used by the botnets. With even more threat data from more security organizations fed into this network, customers would get even more comprehensive visibility into the quickly changing patterns of botnet infestations and could take immediate steps to counter them.”
Mr. DeCesare’s comment at the White House today echoes what all security professionals know: constant monitoring of the Internet by security firms and real-time analysis of the vast quantities of data collected is absolutely vital to the fight against infected computers and other cybersecurity threats.
Other companies also collect and analyze Internet data for the purpose of cybersecurity threat detection. Google recently launched a notification effort for users of computers and routers infected with the DNSChanger malware. Users will see a message at the top of the Google search results page. Without the compilation and analysis of vast amounts of Internet information such a notification project could not even get off the ground.
The problem is enormous. According to McAfee’s latest quarterly report, more than 5 million systems were infected with botnets per month between January and March of 2012. The collection and analysis of massive amounts of Internet data for security threats cannot by itself solve this worldwide collective problem. But without it efforts to reduce the problem will surely fail.
At the White House meeting today, speakers emphasized the need for public private partnerships, collaboration across industry, the need for all agents in the ecosystem to do their part, the importance of the government as a convener of collective effort. While all this is important and can be done with additional regulation, the domestic and international policy space must be large enough to accommodate the needs of security firms to collect and analyze large amounts of Internet data.
Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.