Damballa helps enterprise organizations take back command and control of their networks. The key to a botnet or APT's success is its ability to deliver a stealthy, stable platform for malicious activity. That’s why Damballa® Failsafe is designed to detect Comand-and-Control (CnC) , rather than malware signatures and other elements that change often and are easily hidden. Damballa Failsafe isolates and terminates any online threat, such as a botnet or APT, that uses network-based CnC to link compromised systems together into a secret malicious network.
Damballa Failsafe identifies criminal communications in near real-time, then applies a unique set of advanced, automated techniques to confirm the specific nature and intent of each compromise. This advanced protection works without requiring malware signatures. As a result, Damballa even stops Zero-Day threats for which no other protection exists.
The result is a powerful system that delivers:
Viruses and hacks are yesterday’s news. Crimeware such as botnets and APTs have introduced a fundamentally different platform for online crime, and older defenses simply aren’t designed to respond to it. Damballa Failsafe delivers an easily managed, cost-effective solution that prevents sensitive information from leaving the enterprise, keeps enterprise assets from being used for criminal activity and protects without impacting network management, security management or end user operations.
Damballa |
Benefit |
Competitors |
Focuses on CnC, the essential element in binding compromised systems into a coherent malware army |
Detects malicious activity, regardless of how many malware variants are involved or how fast a malware army updates itself |
Dependent on outmoded detection methods that must identify malware files on individual hosts and/or inspect network ports, packets or protocols |
Applies passive technology and multiple analysis techniques for comprehensive, non-intrusive insight into targeted attack activity |
Enhances existing network security infrastructure without additional layers of performance overhead or managerial complexity |
Relies on inline devices that negatively impact network performance and represent a single point-of-failure that can inadvertently block an entire network or network segment |
Active threat termination prevents botnets and APTs from connecting with malicious CnC |
Enhances existing network security infrastructure without additional layers of performance overhead or managerial complexity |
Requires delays ranging from hours to weeks to find and disrupt botnet and APT activity |
| Detailed forensics, including complete replay of each malicious CnC session | Comprehensive reporting for reporting, remediation and e-discovery simplifies efforts to understand what happened and how to prevent a recurrence | Can only identify isolated components of an overall botnet or APT activity, which leaves the enterprise at risk for rapid reinfection |