Battle of the Botnets: How MSSPs Play the Game

/in


In this article, MSSP Alert examines the tactics and technologies MSSPs and MSPs use to spot and stop botnets. Read part one of the two-part series: “What are Botnets and Why are MSSPs So Concerned?

Any time an MSSP or MSP signs up a new customer it’s an expedition into the unknown, an exploration on day one into a potentially under-managed and vulnerable cyberspace environment.

As you begin this journey, you’re wondering who had been watching the customer’s endpoints (hopefully, but not likely, all of points of entry) and what might have already slipped through detection (perhaps years ago) and infected its IT systems — like a botnet or some type of covert malware.

MSSPs and MSPs surely know the potential of a botnet finding its way into their own IT network or devices. Why wouldn’t the bad guys go after those who would prevent them from laying the track to a ransomware attack?

The tools and techniques of the cybercrime trade are not unsurprising inasmuch as the evolving sophistication of the instruments and tactics of today’s threat actors. For instance, AI is now being used by cybercriminals typically operating out of China, Russia and North Korea.

Waging the Botnet Battle

Jim Broome, president and chief technology officer at DirectDefense, said his MSSP employs a robust endpoint detection and response (EDR) solution with their customers.

“For us, it’s a two-fold answer,” he said. “The more traditional botnet activity that people are associated with is just malware. So we have a managed security services solution built around managed EDR, partnered with CrowdStrike and Cylance BlackBerry (and others). You have to put the two together to look for signs of infection.”

DirectDefense also has a dedicated practice around application security, largely penetration testing, red teaming, software development and lifecycle review. Essentially, these activities are delivered within a professional services package that complements its managed security services.

“This is how we’re helping organizations deal with the struggle of protecting their applications against botnet activity,” Broome said. “Time and time again we’re being called in either for incident response…

Source…