Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8914

Number 9-8-8914
Priority Highly Important
Description Use Tiered Bot Detection Approach:ISPs should use a tiered approach to botnet detection that first applies behavioral characteristics of user traffic (cast a wide net), and then applies more granular techniques (e.g., signature detection) to traffic flagged as a potential problem.
Network Type(s) Internet/Data
Industry Role(s) Service Provider
Keyword(s) Cyber Security;Intrusion Detection;
Reference/Comments This technique should help minimize the exposure of customer information in detecting bots by not collecting detailed information until it is reasonable to believe the customer is infected.
Looking at user traffic using a “wide net” approach can include external feedback as well as other internal approaches.

Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.