Damballa provides much deeper insight into targeted attacks than is possible with host- or LAN-based products. It’s no longer enough to recognize that a threat exists, or even to identify that threat. Instead, enterprise organizations need:
- Deeper protection against targeted attacks than is possible with signature-based host, LAN or gateway security technologies
- Comprehensive, real-time visibility into targeted attack rallying activity both inside the enterprise and across the Internet, with the goal of predicting attacks before they arrive, or at least before they can damage corporate assets
- The ability to disrupt and resolve targeted attacks such as BotArmy compromises, so that remediation can take place in a planned, orderly manner
Damballa’s ability to see the breadth of the problem means that it is the only security vendor that can deliver this critical level of actionable intelligence. The key to Damballa’s approach is that we recognize the futility of attempting to find individual compromises within the network perimeter, then linking those compromised machines to tens of thousands of other systems organized into a coordinated attack engine – all of which are located on other networks.
Damballa starts by identifying malicious activity within the Internet itself. Our Global Surveillance Network and advanced analysis tools separate legitimate from suspicious traffic, then isolate the command and control nodes that targeted attacks must use to communicate with individual compromised systems. No matter how fast or how often online criminals change these locations, Damballa tracks the communications that unite these resources into a coherent threat. This insight greatly simplifies the challenge of identifying individual compromised systems, determining the severity and intent of suspicious activity and disrupting active attacks.
Damballa supports a comprehensive defense-in-depth strategy without adding unnecessary layers of complexity, headcount or expense. Our products and services deliver an exceptional stand-alone solution for combating targeted attacks. However, our technology is designed specifically to integrate easily with traditional network security infrastructure so that the entire system becomes more efficient and effective.
