Back on Election Day, our network security team received a small, but unexpected, early “holiday gift.” Since most people were off on a government holiday, network traffic was slow. Several members of the team were in monitoring traffic – looking for anything unusual that could disrupt the Michigan election. While the election and associated computer systems ran without a hitch, our team found over a dozen “suspicious” computers. Without going into the details, I can say that our IDS, IPS, and other security tools were much more effective at finding the “bad actors” that day. If you want to know more about bots and the potential damage that they can do, you can go to this Computerworld article or Google botnets.What did we do? Nothing unusual, open an incident, block the IP traffic and/or ports, and have the PCs checked, cleaned and/or rebuilt. Thankfully, no sensitive information was lost.The interesting thing was that the “one off” situation (network traffic levels) appeared to be different than normal weekends or off-hour situations. We suspect that more people just left their computers on for that day, whereas they turn them off for the weekends. Slow days at the office are often the times when I cleanup the stacks of papers on my desk or catch up by reading updates on important enterprise projects. Perhaps we should spend more of this holiday time watching unusual patterns on our networks.With over 50,000 PCs on Michigan State networks, this may not seem very significant, but stopping each bot or zombie helps. Of course, when you find bots, you should report them the US- CERT or your Information Sharing & Analysis Center (ISAC). We reported our findings to the MS-ISAC. Obviously, this monitoring activity should be going on all the time, but some days yield more results than others. We all get busy, and many government shops are short-handed. I recommend taking slow days to go fishing (note the spelling) for bots and zombies. For more tips on stopping zombies and bots, see this article from IT Business Edge Related content opinion 3 security career lessons from 'Back to the Future' You don't need to be able to predict the future to have a successful security career, but you had darned well better be able to learn from the past. By Dan Lohrmann Jan 12, 2021 6 mins Careers Security interview Secrets of industry-hopping CSOs Who says you can't change industries? Veteran security leaders Mark Weatherford and Cheri McGuire teach you how it’s done. By Dan Lohrmann Mar 02, 2020 12 mins Careers Security opinion Why security pros are addicted to FUD and what you can do about it Despite professing anti-FUD rhetoric, cyber experts fan the flames, breathlessly sharing the details of the latest data breaches. It's a risky addiction that can lead to security apathy in enterprises. Here's how to harness it. By Dan Lohrmann Sep 06, 2018 7 mins Security opinion Bridging the smart cities security divide There are plenty of organizations that seem to be working on answers to secure smart cities, but in many ways it's like the early days of cloud computing with everyone building their own solutions. By Dan Lohrmann Feb 01, 2018 6 mins Internet of Things Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe