Symantec has announced a web monitoring service intended to unearth evidence of botnet-related malware activity within an organisation by continuously looking at outbound HTTP traffic for suspicious signs ofTrojans on compromised computers trying to "call home" to their criminal controllers.
According to Grant Geyer, vice president of Symantec's global managed security services, the around-the-clock monitoring service is an extension to Symantec's current security services portfolio. The Web Monitoring service uses several ways to identity botnet-related traffic within an organization's network, including capturing streams of log data from secure Web gateways, including those from Symantec, Blue Coat, Citrix and Imperva, and analyzing this at Symantec's security operation centers (SOC). Symantec's service, which relies on a specialized security appliance installed the customer's network that can interact with the Symantec SOC, is also able to store logs for a minimum of 92 days.
Typically, botnets that can steal data are trying to hide their attempts to connect back to their controllers in the HTTP streams of the victim companies, Geyer says, and the Symantec Web Monitoring service is intended to catch that "first attempt to connect" in order to immediately notify the customer and start any remediation process necessary. Symantec declined to provide pricing.