Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8916

Number 9-8-8916
Priority Critical
Description Bot Detection and the Corresponding Notification Should Be Timely: ISPs should ensure that bot detection and the corresponding notification to end users be timely, since such security problems are time-sensitive. If complex analysis is required and multiple confirmations are needed to confirm a bot is indeed present, then it is possible that the malware may cause some damage, to either the infected host or remotely targeted system (beyond the damage of the initial infection) before it can be stopped. Thus, an ISP must balance a desire to definitively confirm a malware infection, which may take an extended period of time, with the ability to predict the strong likelihood of a malware infection in a very short period of time. This 'definitive-vs.-likely' challenge is difficult and, when in doubt, ISPs should err on the side of caution by communicating a likely malware infection while taking reasonable steps to avoid 0 notifications.
Network Type(s) Internet/Data
Industry Role(s) Service Provider
Keyword(s) Cyber Security;Intrusion Detection;
Reference/Comments Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.