Growth of Anti-Botnet Startups Points to AV Deficiencies

News Analysis: Venture capitalists are pouring money into such startups, which analysts say is an indictment of the anti-virus industry.

A slew of software companies new and old are shipping tools aimed at slowing the botnet epidemic, but the emergence of this new market is seen by some analysts as an indictment of the existing anti-malware industry.
With reliable statistics showing a dramatic rise in botnet-related computer infections, venture capitalists are now pouring money into startups with technology promising to find and eradicate backdoor Trojans, keystroke loggers and stealth rootkits.
The latest company to cash in is NovaShield, a nine-employee company working on a specification-based monitoring product capable of identifying malicious botnet-related activities in real-time. The company has raised $5 million in two rounds of financing, including a small business innovation research grant from the U.S. National Science Foundation.
"These are new threats with new types of opportunities [for technology companies]," said Somesh Jha, co-founder and chief scientist at NovaShield. "My view is you can't use old, signature-based technology to protect against malware associated with botnets. You have to look ahead a bit, focus on finding ways to stop botnet communications."
Botnets - broadband-enabled PCs hijacked and seeded with software that connects to a server to receive communications from a remote attacker -have emerged as the key hub for well-organized global crime rings. The bandwidth stolen from these compromised computers -called drones or zombies - is used to steal money via spam, denial-of-service attacks and other nefarious Internet activities.
NovaShield's technology, now in beta, will be sold to consumers and licensed to businesses. It will work alongside existing anti-virus and anti-malware defenses, providing another layer of desktop and network security.
Other companies cashing in on what is widely viewed as a gap in traditional anti-malware coverage include: Damballa, a venture-backed company with roots at the Georgia Institute of Technology; FireEye, a startup funded by Sequoia Capital; Sana Security, which sells behavioral security software; and PC Tools software. Several big-name anti-virus players, including Symantec and Trend Micro have already shipped standalone anti-botnet utilities, suggesting that Trojans and other botnet-related software should be treated as a separate product category.
This does not sit well with Andrew Jaquith, an analyst with The Yankee Group. "It's not a good thing that security products are failing and not catching all the threats. The fact that there's a perceived market need [for anti-botnet protection] is an indictment of anti-virus companies in general," Jaquith said.
"It reminds me of the spyware market," he added, noting that several companies marketed anti-spyware tools on top of anti-virus subscriptions.
"It's a classic cycle," said Jose Nazario, a botnet tracker and a senior software engineer at Arbor Networks. "It's spyware all over again. New gaps emerge and new products and companies emerge."