Network Protection System and Method

1. A remote intelligence gathering system operable to provide intelligence to at least one network manager, said intelligence comprising information relating to potential security threats to at least one client network the remote intelligence gathering system comprising: at least one communication unit configured to receive data queries from said network manager and to send said intelligence in response to said data queries; at least one infected machine configured and operable to deliberately join at least one botnet, to communicate with at least one criminal server and to gather malicious content therefrom; and at least one processing unit in communication with said at least one infected machine, said processing unit configured to: analyze the malicious content gathered by said at least one infected machine, to classify said malicious content into indexed data to store said indexed data in at least one storage unit, to filter said indexed data according to the data queries received by said communication unit, and to generate said intelligence for said communication unit to send to said network manager.

2. The remote intelligence gathering system of claim 1 , wherein said at least one client address and said at least one bot address are selected from a group of formats consisting of: IP addresses, IPv4 addresses, IPv6 addresses, MAC addresses, Virtual IP addresses representing load-balanced clusters, domain name mappings, host names, domain controllers and combinations thereof.

3. The remote intelligence gathering system of claim 1 , configured to collect a plurality of bot addresses from a plurality of sources.

4. The remote intelligence gathering system of claim 3 , wherein said plurality of sources are selected from a group consisting of: data sent from said at least one client address to said at least one bot address, data sent from said at least one bot address to said at least one client address, malware sensors, public domain knowledge, publically available files located on criminal servers, open access logs on servers, sinkholes, sandboxes, intrusion detection systems, intrusion prevention systems, anti-virus logs, firewall logs, data leakage prevention systems, operating system logs, URL filtering systems, security information, event management systems and combinations thereof.

5. The remote intelligence gathering system of claim 1 wherein said at least one machine is a virtual machine.

6. The remote intelligence gathering system of claim 1 wherein said at least one machine is configured and operable to download malicious content from said at least one criminal server.

7. The remote intelligence gathering system of claim 1 wherein said machine is operable to receive machine-specific-data-queries.

8. The remote intelligence gathering system of claim 7 wherein said processing unit is operable to classify said malicious content into machine-specific-indexed-data and to filter said machine-specific-indexed-data into machine-specific-filtered-data pertaining to said machine-specific-data-queries.

9. The remote intelligence gathering system of claim 8 wherein said machine is capable of storing machine-specific-indexed-data in said storage unit.

10. The remote intelligence gathering system of claim 1 wherein said at least one machine further comprises a recording unit operable to record communication between at least one client address and said at least one bot address.

11. The remote intelligence gathering system of claim 1 further configured to display said intelligence pertaining to said data queries to said network manager via a dashboard.

12. A method for protecting at least one client network from security threats, the method comprising: connecting, by said network manager, to a remote intelligence gathering system, said remote intelligence gathering system comprising at least one database and at least one machine connected to at least one botnet, said machine being configured and operable: to download deliberately at least one malicious software program, to communicate with at least one criminal server, to record communication between infected machines of said at least one botnet and said at least one criminal server, and to analyze said malicious software, to store data pertaining to said malicious software, and to index said data in said database; sending, by said network manager to said remote intelligence gathering system, at least one query relating to characteristics of said client network; and receiving, by said network manager from said remote intelligence gathering system, intelligence pertaining to the characteristics of said client network.

13. The method of claim 12 wherein said remote intelligence gathering system is operable to identify at least one future domain name used by said criminal server, register said domain name, record data sent to said domain name from other members of said botnet.

14. The method of claim 12 wherein said machine is further operable to identify other members of said botnet.

15. The method of claim 12 wherein said intelligence comprises at least one item selected from: at least one current IP address of said criminal server, at least one future IP address of said criminal server, at least one current URL of said criminal server, at least one future URL of said criminal server, at least one current domain name of said criminal server, at least one future domain name of said criminal server, at least one geographical location of said security threat; at least one vulnerability exploited by said malicious software, time stamps and combinations thereof.

16. The method of claim 12 wherein said remote intelligence gathering system is operable to identify at least one future domain name used by said criminal server, monitor traffic related to said domain name, record data sent to said domain name from other members of said botnet.