Press Releases

Browse our press release archive

24 Oct 2006

Sophos and Simplicita partner to help ISPs detect and remove botnets on their networks

Sophos joins Simplicita Reputation Data Partner Program

Simplicita logo
Sophos joins Simplicita Reputation Data Partner Program

Sophos, a world leader in IT management solutions, and Simplicita, the company that frees carrier networks from zombies and botnets, today announced a strategic partnership that enables Internet Service Providers (ISPs) to automatically identify and quarantine botnet-hijacked computers on their networks within minutes of infection. As part of the alliance, the companies have integrated a real-time data feed from SophosLabs, Sophos's global network of virus and spam analysis centers, to the Simplicita ZBX remediation system. The combined Simplicita-Sophos offering is currently in trials with several telecommunications and cable network operators. Sophos has also joined the Simplicita Reputation Data Partner (RDP) Program announced today.

Automated detection and quarantine

To identify zombie infected computers, Sophos maintains an extensive worldwide network of spamtraps, which collect unsolicited emails from spam zombies for analysis by SophosLabs™. Under the partnership with Simplicita, SophosLabs delivers Simplicita, a continuous feed of IP addresses of zombie computers that are actively sending spam. Simplicita then distributes the data in real-time to ZBX deployments at service providers around the globe for active quarantine switching. The entire process occurs dynamically and within minutes.

In addition, the companies are using modular adaptors to enable a real-time data interface between ZBX and the Sophos PureMessage email security gateway, which is deployed in ISP networks. This integration will enable threat information detected in outbound emails by the PureMessage gateway to be simultaneously imported into ZBX and transformed into reputation information using the service provider's acceptable use policy. Once ZBX identifies hijacked machines on a carrier's network, it uses a DNS traffic switch to isolate the zombie into a walled garden quarantine. Here subscribers are alerted to the problem and provided with resources to fix their machines, including connectivity required to download tools, security definitions and operating system updates.

"Using a single data source or technology to detect botnet-controlled machines on a service provider network is both difficult and a recipe for generating a huge trail of false positives," said Rob Fleischman, CTO of Simplicita. "The integration of live and continuous reputation data feeds from Sophos with our existing reputation assessment resources enables ZBX to make precise real-time decisions on whether a computer has been hijacked. We are pleased to be working with Sophos, one of the most respected security organizations in the world."

"Hackers and spammers are exploiting innocent users' computers to bombard the Internet with unwanted marketing messages, malware and denial-of-service attacks," said Mark Harris, global director of SophosLabs. "ISPs have a vital role to play in the fight against botnets and zombie computers. Simplicita and Sophos can help provide operators with a means to identify and remove hijacked PCs before they can cause serious disruption."

The Sophos-Simplicita partnership

As part of the RDP Program, Simplicita has licensed and integrated into ZBX real-time data feeds on zombie infected PCs and phishing data from Sophos. The companies are also integrating PureMessage and ZBX to allow for direct information exchanges between the two products. The companies will conduct joint marketing, selling and referral programs for these service provider software products.

Pricing and availability

The Sophos data feed for Simplicita ZBX is available immediately from Simplicita and its business partners worldwide. Data feed pricing is calculated as an annual fee based on the number of subscribers served by the ISP. Simplicita ZBX pricing is calculated per individual subscriber that is remediated by ZBX. Simplicita ZBX supports Solaris 10 on Sparc or x86, and Redhat Enterprise v4 on x86.

About Simplicita

Simplicita frees carrier networks from zombies and botnets. The company has developed the first commercial software product for ISPs, including cable and telco network operators, which dynamically identifies, isolates and fixes computers that have been hijacked by zombie-botnet malware. The company's management team has built Internet infrastructure businesses acquired by, Excite and Verio. For more information, visit

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at