Hi,
There's some depressing reading at eWeek. "Is the botnet battle already lost?" accurately describes the pitiful state enterprises are in trying to combat botnets. The general feeling is the war is lost for at least the next year or two.
The battle may be lost but the war doesn't have to end unfavorably for enterprises. What the article says is that botnets with their trojan and malware attack vectors are going to successfully defeat your outer firewalls and anti-virus programs. What the article doesn't say is how to accept this and build a successful strategy. That's where a layered enterprise identity strategy comes in.
Read my paper "Battling botnets and rootkits - A layered identity strategy". It describes nine layers of enterprise defences.
While the first three outer layers should be worked at, you must assume they will be breached. the other layers provide ways to restrict access by the botnets, rootkits and other malware to the enterprises highest risk applications, information, networks, buildings, floors and rooms.
It's time to wake up and smell the botnet electrons and get a layered defense ready to at least contain the damage.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us