As the pioneering leader in targeted attack protection, Damballa knows that the only way to combat botnets and advanced persistent threats (APTs) is to understand the full breadth of their capabilities, propagation, and Command-and-Control (CnC). Our approach includes deep research and analysis into the unique networked, borderless nature of these threats – something very different from simple signatures or packet analysis. The powerful insight provided by Damballa™ Failsafe quickly identifies both individually compromised machines and entire compromised networks operating internationally across corporate boundaries.
As a result, Damballa Failsafe delivers a number of advantages over other security offerings, including:
The end result is an easily managed solution that prevents sensitive information from leaving the enterprise and protects with minimal impact on network management, security management or end user operations. As such, Damballa represents a powerful advance in protection against targeted attacks, and a valuable addition to any Defense-in-Depth (DiD) security infrastructure.
Leading organizations use Damballa to find systems inside their network that are under malicious remote control; attacks initiated by malware that evaded your existing AV or IDS/IPS systems. Damballa Failsafe sensors placed at key Internet access points and network intersections rapidly identify internal communications typical of criminal activity. The sensors forward this information to the Damballa Failsafe management console for threat termination and forensics, and to third-party workflow and SIEM solutions.
Damballa Failsafe uses a system of out-of-band sensors linked to a management and reporting console to notify clients when a new compromise is detected. Threats are stopped even before actual malware has been detected and regardless of the origin of the breach. Damballa Failsafe operates independently of host or operating system, and represents the only technology that delivers system-wide visibility into criminal infrastructure inside the enterprise.
Damballa Failsafe detection capabilities feature:
Modern malware, botnets, and APTs represent a serious security breach, which is why Damballa Failsafe features advanced threat termination that severs malicious communications to and from botnet and APT controllers. Compromised systems and devices retain their ability to perform normal authorized actions, but the crimeware itself can no longer communicate with its CnC network.
Unlike IPS, Web gateways or any other system that relies on signatures or deep packet inspection, Damballa Failsafe blocks botnets and APTs without impacting normal network traffic. The out-of-band design also means that Damballa Failsafe deployments cannot be seen by crimeware seeking to evade detection.
Our focus on criminal CnC gives Damballa Failsafe a powerful, effective threat termination capability that severs CnC communications before a compromised host can connect to its malicious controller. Enterprise networks gain the ability to terminate threats without impacting normal online operations – as well as detailed insight into the nature of the botnet or APT and the location of compromised hosts.
Damballa Failsafe accelerates the identification and containment of botnets, APTs and other advanced crimeware threats. The Damballa Failsafe management console provides flexible alerts for active crimeware attacks, drill-down reports that identify compromised hosts and detailed descriptions of the evidence gathered by Damballa Failsafe to identify and “convict” malicious communications.
In addition, Damballa Failsafe delivers critical information on botnet and APT activity to existing network and security infrastructure. Damballa Failsafe is designed specifically for simple and transparent integration. By making existing security investments smarter, faster and more effective, Damballa Failsafe improves overall security performance for automated threats that originate and operate within the enterprise and across the network perimeter.
Damballa Failsafe provides detailed information on botnet and APT malware, including detailed information on criminal operator infrastructure, as well as comprehensive evidence playback for e-discovery and other forensic activities. The result is an automated, flexible network security defense that responds to current and future threats, especially those that evade traditional antivirus, firewalls and IDS/IPS systems.