CSI Resources

tiny workers on motherboard

Taking Your Cybersecurity to the Next Level with Botnet Traffic Filters

  • by Sean Martin
  • Sep 23, 2015

Chances are the term “botnet” may be new to you. But, we can all agree that it doesn’t sound good. And it isn’t.

Botnets are collections of autonomous software robots—or “bots”—that are typically malicious and operate as a network of compromised computers. In financial institutions, botnets are often tied to distributed denial of service (DDoS) attacks, information theft, data leakage and other cyber-related threats.

How Botnets Work

Botnet owners, or hackers who have access to botnets, will usually activate botnets by infecting computers through virus worms hosted on email or compromised websites. Botnets then function as malicious applications and receive commands from botnet operators to deliver spam, crash websites, hack passwords and much more. 

Known for propagating and mutating quickly, botnets seek power from such large, distributed resources as groups of internet-connected computers. And because botnets operate on these kinds of stolen resources, they’re dynamic and short-lived, making them hard to track and defeat. 

How Botnet Filters Protect Your Financial Institution

Due to the significant threat botnets pose to financial institutions, many banks and credit unions protect their businesses by using botnet traffic filters to monitor email and Web traffic. Though licensing for botnet filters can be obtained independently, many financial institutions work with managed service providers to acquire the necessary licensing to implement botnet filters.

Once implemented, botnet traffic filters check incoming and outgoing connections against a dynamic database of known good and bad domain names and IP addresses. Any suspicious activity is then logged and blocked. Some managed services providers—like CSI—issue monthly reports detailing how many attacks were prevented using traffic filters.

Botnet Traffic Filter Classifications

Botnet traffic filters provide a real-time view into security threats, even from sophisticated botnets that use dynamic or changing IP addresses. By inspecting all traffic in a given network, botnet filters can detect rogue traffic and then immediately notify system administrators of potential botnets or other malware attacking their networks.

Traffic is classified as one of the following:

  • Blacklist: Traffic to/from an IP address that is considered malicious
  • Whitelist: Traffic to/from an IP address that is considered good
  • Greylist: Traffic to/from an IP address that is associated with one or more blacklist entry and at least one unknown entry
  • Unknown/None: Traffic to/from an IP address that is not associated with a domain in either blacklist or whitelist

Any traffic classified as malicious is reported to the financial institution—or its managed service provider—for immediate risk mitigation. Several managed service providers, including CSI’s information security management, handle security threats, like botnets, on your behalf. They manage the vendor relationship and licensing, so you can focus on your priorities—banking. 

Whether you’re a bank and other financial institution, utilizing botnet traffic filters can be an effective tool for providing fast and accurate defense against botnets and other malware.

 

As operations manager for CSI Managed Services, Sean Martin implemented CSI’s managed security monitoring and management service, and he actively maintains this system. In his role, Sean identifies and implements solutions designed to maximize security and profitability for financial institutions. Sean speaks regularly on a variety of financial technology issues, ranging from managed services to IT security best practices.