BotHunter LiveCD and new releases
aaron posted in Uncategorized on November 12th, 2008
It looks like BotHunter has been busy since the last time I was looking at them. They have a new Live CD to test out the software, and some new releases with some new features (including a GUI) that are worth checking out. Here’s the blurb on what bothunter does:
BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter. Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.
Last time I tried them out, the installation was a bit clunky, but overall it was a very valuable tool. Having the correlation between the different major points in the bot life cycle really helps with a much more accurate detection. In tests it was doing a way better job at reducing false positives to come up with some usable results than a traditional IDS.
If you’re interested in the subject, this is a good white paper on their design, how they do the correlation between different points in the life cycle, and some of the anomaly detection features they’ve added among other things. I thought it was well worth the read.