Symantec announced a web monitoring service intended to unearth evidence of botnet-related malware activity within an organisation by continuously looking at outbound HTTP traffic for suspicious signs of Trojans on compromised computers trying to "call home" to their criminal controllers.
According to Grant Geyer, vice president of Symantec's global managed security services, the around-the-clock monitoring service is an extension to Symantec's current security services portfolio. The Web Monitoring service uses several ways to identity botnet-related traffic within an organisation's network, including capturing streams of log data from secure web gateways, including those from Symantec, Blue Coat, Citrix and Imperva, and analysing this at Symantec's security operation centers (SOC). Symantec's service, which relies on a specialised security appliance installed the customer's network that can interact with the Symantec SOC, is also able to store logs for a minimum of 92 days.
Typically, botnets that can steal data are trying to hide their attempts to connect back to their controllers in the HTTP streams of the victim companies, Geyer says, and the Symantec Web Monitoring service is intended to catch that "first attempt to connect" in order to immediately notify the customer and start any remediation process necessary. Symantec declined to provide pricing.