Content

Botnet Defenses for Endpoint
and Networks

Comprehensive protection against targeted attacks

Botnets represent perhaps the biggest threat to enterprises today. Marshalling the resources of tens of millions of computers, a botnet can, within minutes, launch a targeted assault, initiate a distributed denial-of-service (DDoS) attack, steal valuable information, and threaten compliance status. Protection against botnets requires a comprehensive solution for endpoints and networks that works in unison to identify, clean, defend, and analyze threats. Point products alone can’t defeat the strength of a botnet attack.

Consider the following techniques to protect against botnets:

  • Identifying vulnerable servers
  • Identifying and cleaning infected endpoint devices
  • Preventing asset infections
  • Protecting against targeted attacks
  • Protecting critical corporate and regulated data while in motion, in use, and at rest
  • Getting professional assistance (bot owners stealth masters; it is very difficult to diagnose an attack yourself)

Tab Navigation

Overview:

Key Benefits

  • Identify and protect vulnerable servers—Bot owners search out underprotected or unprotected servers that can be hijacked and turned into malware servers instead.
  • Identify infected endpoints—Bot malware can be downloaded and infect any device that has Internet, email, or wireless access. Identification of infected devices in your environment is a critical step in combating these threats.
  • Isolate infected machines—Infected machines need to be isolated so the infection doesn’t spread. Companies should use network access control technology to deny network entry to any device that does not meet security policy standards.
  • Clean infected endpoints—Comprehensive security automatically searches out endpoint devices, determines their health status, and cleans any infections. In addition, McAfee provides a free service that cleans infected devices, even those that have disabled anti-virus updates. Run McAfee Labs Stinger to eliminate bot malware quickly and easily.
  • Prevent endpoints from becoming infected—Most bot malware comes from spam messages or malicious websites. Anti-spam solutions should have a 99+% effectiveness rating, and web solutions should have proven anti-malware capabilities to protect users from unwanted spam and compromised websites.
  • Protect the network from targeted attacks—Using advanced firewall, intrusion prevention systems (IPS), intrusion detection systems (IDS), and threat detection technologies with Global Threat Intelligence services will protect the network against known and unknown threats.
  • Protect data—Bot masters are looking to steal intellectual property, as well as sensitive and regulated information. To protect your enterprise, you need to secure data while in use, in motion, and at rest. Even if a botnet should infiltrate your network, your data should be protected.
  • Prevent changes to critical systems—One way to prevent botnet infiltration into your network is to ensure no unauthorized changes to applications can be executed on desktops or servers.
  • Identify suspicious user or device behavior—Track user and/or device activities in real time to understand how users access network assets and prevent any unauthorized or inappropriate activities.
  • Analyze forensics that can replay the entire attack—Identify anomalies in network flows, capture the entire attack payload, automatically de-obfuscate it for deep forensic analysis, and spot potential pre-cursor events that come before a full-blown attack by deconstructing, analyzing, and providing context on the threat.

Products and Services:

Identify already infected endpoint devices

McAfee Network Threat Response—Provides the earliest possible discovery and analysis of new targeted and stealth attacks, botnet channels, and malware impact vectors inside the network.

McAfee Network Threat Behavior Analysis—Maintains a comprehensive network security infrastructure. A single sensor collects traffic and analyzes host and application behavior to detect worms, zero-day threats, botnets, and reconnaissance attacks.

McAfee ePolicy Orchestrator (ePO)—Scans all endpoints and cleans infections without administrative overhead.

Keep assets from being infected

McAfee Application Control—Ensures only trusted applications run on servers and endpoints.

McAfee Email Gateway—Provides comprehensive protection from email-borne threats and prevents data loss.

McAfee Host Intrusion Prevention for desktops—Behavioral-based protection and signature detection prevents attacks using the same or similar signature patterns and identified behavior.

McAfee Integrity Monitor—Monitors files and directories for changes to content and permissions.

McAfee SiteAdvisor—Allows users to surf and search the web safely.

McAfee Total Protection for Endpoint—Protects endpoints from malicious threats, mitigates risk, and lowers costs.

McAfee VirusScan Enterprise—Combines intrusion prevention and firewall technology in a single solution for PCs and file servers.

McAfee Web Gateway—Proactive web security for defeating botnet threats.

Protect network assets and corporate data from targeted attacks

McAfee Network Threat Response—Provides the earliest possible discovery and analysis of new targeted and stealth attacks, botnet channels, and malware impact vectors inside the network.

McAfee Firewall Enterprise—A next-generation firewall with multilayer security combines Global Threat Intelligence and centralized management.

McAfee Network Security Platform—Scans all network traffic to identify, block, and mitigate botnets.

McAfee Unified Secure Access—Use network access control (NAC) to guard against noncompliant systems that can infect your network.