Endgame Systems is expanding from the government sector to commercial anti botnet services with a $29 million investment.
The headlines in recent months have been filled with news about busts of major botnet operations – Bredolab, Pushdo, Waldec and Mariposa among them. But botnets are still a major headache for businesses. A new hosted anti-botnet service, launched on Thursday, hopes to change that.
Endgame Systems, a two-year-old company based in Atlanta, announced that it has received a $29 million A-round investment from leading venture capital firms Bessember Ventures, Columbia Capital, Kleiner Perkins Caufield & Byers and TechOperators. The money is intended to help fund growth, including the release of ipTrust, a cloud-based botnet and malware detection service.
Started by Internet Security Systems (ISS) veterans Chris Rouland and Dan Ingevaldson, Endgame has spent much of the past two years serving customers in the federal government sector and building out a global, hosted anti botnet service. The company said ipTrust will function as a wholly owned subsidiary of Endgame, marketing the company’s real time database of threat data to ISVs, managed security services vendors and enterprises.
Botnet infections are a pressing problem. Microsoft said in its most recent Security Intellgence Report that botnets are a significant problem. The company cleaned more than 6.5 million botnet infected computers in the first six months of 2010 – double the number from the same period in 2009. A wide range of firms offer products and services to address that problem, from large anti malware vendors like Trend Micro, Symantec and McAfee, to services providers like Commtouch and niche firms like Damballa and FireEye.
Tech firms have come at the botnet problem from a variety of angles. Some analyze traffic from millions of hosts and try to aggregate data on the identity of bot infected hosts, which is then used to map the botnet and create a block list of compromised systems. Others reside on corporate networks, focused, instead on spotting botnet applications on network hosts and inbound and outbound traffic to botnet command and control servers to prevent data loss or the introduction of malicious programs.
Endgame co-founder and COO Ingevaldson said that early efforts to fight bots have run into a number of obstacles, including the fast-changing nature of botnet programs and networks, as well as shortages of resources and technical expertise to manage dedicated anti botnet tools within enterprises. His company is different than those firms: leveraging unique IP that allows the company to distill intelligence from trillions of botnet infections. That data is accumulated from a global network of sensors, as well as data OEM’d from third parties and unstructured data and used to inform a hosted Reputation Engine that allows enterprises and third party vendors to rate the trustworthiness of individual IP addresses inside or outside their network.
Ingevaldson says the fast-changing nature of botnets can make more static blacklists problematic: IP addresses that may have been bot infected at one time tend to stay on such lists, even after they’re no longer associated with a botnet, while newer bot infected hosts may not be spotted. In contrast, the ipTrust Reputation Engine is updated in real time, and older information is incrementally degraded, so that IP addresses that cease to exhibit bot-like behavior eventually recover their “reputation.”That’s a key feature for large providers that manage millions of IP addresses and that are wary of false positives.
The company will offer two products under the new ipTrust brand: ipTrust Web and ipTrust Professional.
Web is a hosted cloud based infection notification service that companies can sign up for online. Customers provide ranges or blocks of IP addresses for ipTrust Web to monitor. The company then generates notices when suspicious activity is spotted coming from those addresses and monitor their network using a Web based user interface.
Professional is an API that allows third parties to integrate the Reputation Engine into their own applications and services. For example: ISPs might use Professional to identify bot-infected customers, or managed security services firms might wrap it in with other hosted security intelligence offerings.
A free beta of ipTrust Web is available online at www.iptrust.com.
Botnet focused services are experiencing something of a renaissance. Umbra Data is another new bot-focused startup that launched a hosted bot feed dubbed Dark Side Intelligence on October 12.