Simplicita Unveils Network-based Zombie Detection Software for Broadband Providers

Serial entrepreneurs Frank Bergen and Rob Fleischman are at it again. Today they officially take the wraps off a startup called Simplicita Software Inc. and its first product, software that helps broadband service providers identify and protect against zombie-infected computers on their networks.

“We address zombies and botnets that get put on consumer machines for bad purposes – like SPAM,” said CEO Bergen, who in 1995 and 1996 ran ISP RustNet, which was later sold to Verio. “But clearly the problem has migrated beyond SPAM to fraud, identity thefts, fishing attacks.”

Simplicita ZBX is network-based software that lets service providers automate zombie discovery and cleanup, and disable botnets. It finds bot-controlled machines that violate service providers’ acceptable use policies (AUP) and protects end users by detecting malware that is hiding on their PCs.

Bergen said AOL and EarthLink today offer security features that rely on similar software, but that those companies were forced to develop the software internally to do so. Meanwhile, McAffee Inc., Symantec Corp., Trend Micro Inc. and others provide infection control software, but those solutions rely on often-non-technical end users to solve the security problems that affect them, other users and their service provider, added Simplicita CTO Fleischman, who also founded Usenet network software provider Highwinds Software. Fleischman also worked with Bergen to found bCandid, which was later bought by carrier e-mail company Software.com. Simplicita, meanwhile, offers an off-the-shelf, network-based way to solve broadband service providers’ security problems; it is automated and can serve large numbers of subscribers.

In the last year, service providers have been searching for a network-based solution to the security problems of zombies and botnets, said Bergen, adding that the Federal Trade Commission “put an exclamation point behind that, saying this is a significant problem and offered five steps [which are really just general guidelines] to mitigate that.”

The economics of adopting the kind of network-based product Simplicita offers to address such security threats is compelling, said Bergen. He said most larger broadband service providers spend $15 to $30 per help desk call every time a user calls with a performance and/security issue. Simplicita software can help eliminate some of those calls.

ZBX, which does not require the installation of client software on subscriber machines, consists of the Reputation Knowledge Server (RKS), DNS Traffic Switch (DTS) and Walled Garden Server (WGS). Working together, these three components automatically identify zombies that violate carrier-defined AUP, switch them into Walled Garden quarantine, and provide a user-friendly environment where subscribers can access popular tools and resources to clean their PCs.

To pinpoint hijacked PCs on a service provider network, the RKS dynamically correlates disparate event data across regions and operation centers. This includes application and network infrastructure data such as DNS logs, third party reputation services, complaint feedback loops, and public DNS-based Block Lists. The DTS works with the RKS to determine when to switch DNS traffic into and out of the WGS. Since it operates at the DNS layer, the DTS can instantly switch any subscriber regardless of their network transport or Internet device. Conventional network layer solutions typically require service providers to re-provision infected subscribers using a "hard switch" to add and remove them from quarantine, according to Simplicita, which said this approach often imposes latency and complexity since carriers must re-provision customer premise devices to enable these actions.

The DTS disables botnets by redirecting all queries into the WGS that contain a known-bad domain such as a domain embedded in a Phishing URL. Instead of being directed to the Phishing URL, the WGS warns subscribers that they were protected from navigating to a malicious site.

To reduce workloads for abuse desk and customer care teams, the WGS enables carriers to present subscribers with customized content and self-remediation tools when they are redirected from using an Internet service such as Web browsing and e-mail. For redirected Web traffic, the service provider can present Web pages that notify the subscriber that their PC is likely infected and provide resources for scanning and removing malicious software from the computer. For e-mail traffic, the WGS presents e-mail messages that also provide a remediation experience.

ISPs can offer subscribers any number of options in the WGS. This includes the ability to explore disinfection resources immediately, or fix the problem at a later time and opt back onto the network instantly.

The Simplicita ZBX is available immediately from Simplicita and its business partners worldwide. Pricing is pay-per-use and calculated per individual subscriber that is remediated by ZBX. Simplicita ZBX supports Solaris 10 on Sparc or x86, and Redhat Enterprise v4 on x86.

Highwinds Software www.highwinds-software.com
McAffee Inc. www.mcaffee.com/us
Simplicita www.simplicita.com
Symantec Corp. www.symantec.com
Trend Micro Inc. www.trendmicro.com

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines