New Startup Hopes to Slay the Botnet

eldavojohn writes "How do you identify Botnet traffic on your network? Well, the problem with current commercial technologies is that they generate too many false positives. But a new startup name Nemean Networks hopes to solve all that by building signatures of traffic at many different levels of the network stack. 'Finding the proper sensitivity threshold for NIDS sensors has always been a problem for network and security administrators. Lower the threshold and some attacks get through the signature screening; raise it too high and false positives flourish. Nemean attempts to find the proper balance by gathering traffic sent to a honeynet to build signatures based on weighted data. The numerical weights are entirely subjective and based on the creators' expertise. The data is then clustered and fed through an algorithm to determine threat levels and develop signatures.'"