Field of the Invention
The presently disclosed system and method relates to network system security, and in particular, relates to a system and method of active remediation and passive protection against cyber attacks.
Description of Related Art
Network resources or devices compromised by malicious software have become a modern pandemic. With the ever increasing complexity in software and heavy emphasis on feature driven development instead of security, the prevalence of software exploits have created whole industries dedicated to exploiting and commandeering network resources for personal and economic gain. As software become more complex, so has the sophistication of exploits, Trojans, viruses and/or malicious software created by hackers, malicious entities, businesses, or even government agencies (malware developers).
Moreover, with practically almost every network capable computer, resource, or device connected to the internet, malware developers have found new ways to utilize the interdependence of networked computers, resources, or devices to aggregate their network capacity and computing power into a botnet, or a network of compromised resources or devices each individually known as a robot or bot and each executing malicious software that are under the control of one or more entity for a variety of purposes. These botnets can then be remotely controlled for purposes such as, for example, Distributed Denial of Service (DDoS) attacks and/or rental services relating to DDoS attacks, distributed decryption of stolen encrypted data, bitcoin mining, email spamming, and/or web crawling.
To combat against botnets and/or malicious software installed on network resources or devices, antivirus and/or antimalware software are generally installed on such resources or devices. However, in many cases, antivirus and/or antimalware may not be sufficient, especially when Trojan, virus, and/or malware scans are not executed on a regular basis due to potential downtime it may cause, or the entity in possession and/or control of the network resource or device may not be aware of the infection on their resources or devices because the current version of the antivirus or antimalware is incapable of detecting this type of malicious software. Additionally, while intrusion detection/prevention systems and firewalls may offer only limited protection against attacks already in progress, it is simply incapable of stopping or preventing attacks at its source. Without the ability to prevent recurring attacks, or alert authorities or persons or entities in possession or control of the commandeered resource or device, these commandeered resources or devices may be used repeatedly to attack its target or infect new network resources or devices. Accordingly, an improved system and method is needed.