Monitoring and Correlation service to further defend enterprise networks against the growing threat of malicious botnet attacks.  Using new proprietary detection tools, BT can identify which hosts within a customer’s network are under the control of botnets and then assist the customer with quarantine and remediation efforts to restore the network’s integrity.

Botnets are a significant security risk to businesses because they are primarily used to execute criminal activity.  A business is not only at risk from compromised corporate and individual user information, but could also be liable for criminal activity resulting from their infected networks.

Even businesses taking responsible precautions and exercising best practices can still be compromised by bots and be unaware they have been infected.  Since most bots communicate only infrequently with their command and control hosts, the chances of detecting infected machines prior to a critical event, without significant technology and infrastructure investment, are slim. However, since bots do communicate and these communications generate firewall traffic, BT’s Managed Security Solutions Group has created the ability to detect bots by monitoring and analyzing firewall traffic.

This solution provides significant value-added service to BT’s existing Event Monitoring and Correlation customers worldwide and eliminates additional infrastructure spending, since customers do not need to buy additional proprietary detection technology or add IDPS (Intrusion Detection and Prevention Systems) capability to their network. Firewall traffic is collected and analyzed at the BT Security Operations Centers for patterns of activity that bear the hallmarks of bot communications.  Customers also benefit from BT’s proprietary technology to correlate across multiple security technologies and its diverse customer base, significantly improving the accuracy of these alerts.

When botnet activity is detected, the customer is notified immediately.  Activity is summarized for customers in daily reports which form an historical record they can then use to identify broader trends on their networks. This assists customers in prioritizing remediation and policy activity. 

"Our botnet detection tools provide customers with a significant layer of additional protection that wasn't previously available," explained Jeff Schmidt, Vice President and General Manager, Managed Security Solutions Group, BT Americas.  "Industry projections show that on a typical business day, there are upwards of seven million separate bot attacks.  It's essential that companies ensure they have maximum and continuous early-warning security measures in place to protect the integrity of their assets and mitigate risks."

For customers who monitor their firewalls as part of their subscription to BT’s Event Monitoring and Correlation Service, powered by BT Counterpane, the Botnet Detection Module is automatically enabled as part of the standard service.  Existing BT customers who do not subscribe to the firewall monitoring service should contact their BT account manager to take advantage of this new feature. New customers can contact BT at 1.888.710.8175 or via email at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it to speak with a security specialist to learn how they can get a head-start on threat monitoring.

Information Source:    BT