Simplicita Taps Real-Time Data from Around the Globe to Precisely Identify and Eliminate Botnets on ISP Networks

October 24, 2006; 08:35 AM
Simplicita, the company that frees carrier networks from zombies and botnets, today announced its Reputation Data Partner (RDP) Program. The RDP Program is designed to aggregate real-time feeds from the world’s leading providers of internet reputation data into the Simplicita ZBX remediation system to help ISPs precisely pinpoint, quarantine, and eliminate botnet-hijacked computers on their networks within minutes of infection. The RDP Program’s charter members are Cloudmark, Habeas, Shadowserver, and Sophos.

Automated Detection

To identify zombie infected computers, Simplicita ZBX enables ISPs to aggregate and correlate internal reputation data from network devices, application and DNS server logs, and third party data such as spam traps or “honey pots”, and complaint feedback loops. With the creation of the RDP Program, leading third party data feeds of IP addresses that belong to zombie infected computers and bad domains that belong to botnets from around the world are pre-integrated with ZBX and supported by Simplicita. This enables carriers to mix and match best of breed reputation data sources and purchase them from a single source. RDP Partners continuously supply live data to Simplicita, which instantly reformats and distributes the information to ZBX deployments at service providers worldwide. The entire process occurs dynamically and within minutes.

In addition, Simplicita and RDP Program members that provide network-based security elements are developing modular adapters to exchange data between their respective products and ZBX in real-time. This integration will enable threat information detected in network traffic streams by in-line products to be simultaneously imported to ZBX and transformed into reputation data.

Instant Quarantine

Armed with this real-time information, ZBX identifies hijacked machines on a carrier’s network the instant they attempt to connect to the Internet or send e-mail, and then uses a DNS traffic switch to isolate the zombie into a walled garden quarantine. Here subscribers are alerted to the problem and provided with resources to fix their machines including connectivity required to download tools, security definitions and operating system updates.

“Positively identifying zombies on a service provider network requires timely and accurate data from a variety of sources to eliminate false positives,” said Danny Winokur, vice president of business development for Simplicita. “The integration of reputation data from the industry’s leading sources with our ZBX remediation system enables service providers to add valuable real-time intelligence for accurately and immediately pinpointing botnet-controlled machines and switching them into quarantine. We are pleased to be working with these world leading security organizations.”

The charter members of the RDP Program each extend the reputation assessment capabilities of ZBX in the following ways:

• Cloudmark - Provides the leading messaging security solution for filtering spam, phishing and viruses. Cloudmark’s solution is based on its Global Threat Network of over 120 million users that provides visibility into all threats in propagation. Cloudmark automatically applies this intelligence to identify in real-time and on a global basis zombies located within service provider networks, including those on port 25 blocked ISP networks.
• Habeas – The Habeas SenderIndex is a combination of data from DNS block lists (DNSBLs), information collected from worldwide Apache SpamAssassin queries and a set of proprietary Habeas reputation tests that produce a distilled list of spam zombie addresses.
• Shadowserver Foundation – This team of volunteer researchers employs a collaborative network to finger the “botmasters” that remotely control zombies and bot armies, making it possible to more easily identify and clean entire blocks of zombies being used for a range of malicious activities including identity theft, phishing and denial of service attacks, as well as spam.
• Sophos - Sophos ZombieAlert^TM Service is based on an extensive international network of spam traps that trigger alert notifications identifying spam zombies, often within minutes of infection. The immediacy of these alerts enables prompt disinfection of compromised computers and limits damage.

The Simplicita Reputation Data Partner Program

As part of the RDP Program, Simplicita has licensed and integrated into ZBX data feeds on zombie infected PCs from Cloudmark, Habeas, Shadowserver, and Sophos. Data feeds on phishing URLs are also being provided by some of these partners. In addition, Simplicita is working with RDP companies that supply network-based appliances to integrate their products with ZBX using modular adaptors. Simplicita will conduct joint marketing, selling, and referral programs with RDP Program members.

About Simplicita ZBX

ZBX is a network-based solution which enables broadband ISPs to automate zombie discovery and cleanup, and disable botnets. Unlike conventional solutions that simply block Zombie traffic, ZBX uproots bot-controlled machines that violate ISP acceptable use policies (AUP) and protects end users by detecting malware that is hiding on their PCs. ZBX dynamically identifies hijacked PCs, switches them off the network, and provides subscribers with disinfection tools.

Pricing and Availability

The RDP data feeds for Simplicita ZBX are available immediately from Simplicita and its business partners worldwide. Each data feed is priced separately. Simplicita ZBX pricing is calculated per individual subscriber that is remediated by ZBX. Simplicita ZBX supports Solaris 10 on Sparc or x86, and Redhat Enterprise v4 on x86.

About Simplicita

Simplicita frees carrier networks from zombies and botnets. The company has developed the first commercial software product for ISPs, including cable and telco network operators, which dynamically identifies, isolates, and fixes computers that have been hijacked by zombie-botnet malware. The company’s management team has built Internet infrastructure businesses acquired by Software.com, Excite, and Verio. For more information, visit www.simplicita.com.