The Failure of Prevention
Criminal organizations use botnets to steal enterprise information or attack other organizations every day. These malicious networks secretly and remotely control compromised PCs, laptops, servers, switches and other systems inside the enterprise. Each breach is a two-way communications link between a compromised system and its criminal controller – one that evolves constantly and easily evades traditional network security defenses.
Advanced crimeware such as botnets are a different kind of threat: 
- Their motive is profit and espionage, which puts a premium on stealth and resilience over time
- They are designed specifically to evade traditional defenses
- They can lie dormant for months – or reprogram themselves as often as every 15 minutes
When employed as a directed attack over a prolonged period of time, these advanced persistent threats (APTs) pose a new type of security challenge to the enterprise. Two decades of network security at the host and network perimeter have focused enormous resources on preventing malware infection – including the bot agents and remote access Trojans (RATs) that are essential for APTs. And yet, Damballa sees hundreds or thousands of these breaches inside a typical enterprise network on any given day.
Clearly, botnets and APTs have proven to be an unavoidable fact of life, even as businesses deploy sophisticated defense-in-depth strategies to try and stop them. Recent news of high-profile attacks on some of the world’s most technically sophisticated companies is proof enough that traditional security solutions are not a match for these threat.
Overview of the Botnet Threat to the Enterprise
