Home > Products > Palo Alto Networks > Identifying & Controlling Botnets
 
 
 
 
Identifying & Controlling Botnets
 
 
 
Protecting the network from botnets is challenging due to the efforts that malware authors put into keeping botnets and their propagation a secret. Protecting the network from botnet infestation is accomplished using a combination of elements including application identification, threat signatures and visibility into unusual traffic patterns.
 
 
Controls applications used for botnet propagation and command and control.

Organizations can use the application control enabled by App-ID to deploy firewall policies that control those applications that may be used by botnets as propagation channels or for command and control. Examples include:

  • Block P2P and IM applications such as MSN which have been known to propagate the Mariposa botnet.
  • Block known botnet command and control applications (e.g., IRC)
  • Control, inspect and monitor those applications that are emerging as command and control channels (Twitter, Gmail, Google Docs).
 
Prevents the propagation of known botnets.
The threat prevention engine can identify and block a wide range of known botnets such as Mariposa, Dark Energy and Rustock with new botnet signatures are added regularly via the weekly content updates.
 
Quickly determine which machines may be bot infected.
Using a range of datapoints including unknown applications, IRC traffic, malware sites, dynamic DNS, and newly created domains is analyzed with the results displaying the list of potentially infected hosts that can be investigated as members of a botnet.
 
Learn More
 
 
 
 
    Copyright © 2011 Bitrate (Pty) Ltd.