Cisco BotNet Filter Proves Itself (Fast) in a Compromised K-12 Environment
Tony Rector, Sr. Support Engineer, CCIE
Botnets are an increasing source of concern for everyone. They are extremely difficult to detect, can propagate and mutate quickly, and pose numerous security risks, from data leakage to denial-of-service attacks. The Cisco ASA 5500 Series Botnet Traffic Filter is a great new feature available with the Cisco ASA 8.2 Software Release for botnet traffic detection. We recently put this solution in place for a school that was struggling with massive traffic issues, rouge devices, compromised PCs and large unnecessary downloads. The reporting functionality gave me so much insight that I was able to help the client rapidly pinpoint problem areas and then correct them.
It's a inexpensive subscription based SW solution that provides multiple levels of endpoint protection monitoring. It checks network ports for rogue activity and by detecting infected internal endpoints and bots sending command and control traffic back to a host on the Internet. The command and control domains and hosts associated with botnets and malware distribution are accurately and reliably identified using a dynamic database managed by the Cisco Security Intelligence Operations center. The reporting is very good, and you can easily obtain very important information about your network.
A free trial is available for qualified Cisco ASA 5500 users. Please contact your ALI Account Manager to initiate a request. If you are not sure who to contact, a quick email to firstname.lastname@example.org will get someone in touch with you quickly. As always, if you are experiencing security issues with your network, I am available for assistance via our Service Desk at (800) 283-2648 and push option 1 to speak to Jane Bankovich who schedules me.