PrintPrint

Awards

Topic Information Award/Contract Number Proposal Information Company Performance
Period
Award/Contract
Value
Abstract

H-SB06.1-008
BOTNET DETECTION AND MITIGATION

NBCHC080048 0612014
(FY06.1 Phase II)
Enterprise Botnet Detection and Mitigation System

HBGary, Inc.
6900 Wisconsin Avenue, Suite 706
Chevy Chase, MD 20815-6114

12/01/2007
to
03/30/2011
$975,000.00

Since botnets have both host and network components, detection must occur from both hosts and the network. A problem is that network management systems have no visibility of hosts, and host detection systems have no visibility of the network. Network management systems generate mountains of data that overwhelm network security administrators. Many host-based products use signatures to detect viruses and spyware, but stealthy malicious bots are not being detected. More flexible behavioral based host detection systems are emerging, but these products require frequent modification, have variable accuracy performance, and are limited to endpoint awareness, so they do not add to enterprise-level awareness. HBGary intends to develop a botnet detection system that automatically collects host and network evidence from all over the enterprise and reasons over that evidence as would a subject matter expert to determine if botnets are present. Essentially, the system will automate the analysis and conclusions of subject matter experts. The system will instruct the security response team operator on what actions to perform. The system will also provide a human analyst the ability to "drill down" to forensically analyze the threat.