Advanced Malware Detection Solution

Support

Home > Solutions > Damballa FirstAlert

Damballa FirstAlert – Advanced Cyber Threat Intelligence

Damballa FirstAlert is the cyber threat intelligence system that powers the Damballa Failsafe and Damballa CSP products. Damballa FirstAlert provides enterprise, ISP and telco security teams the earliest possible protection from advanced malware, botnets and persistent threats.

Damballa FirstAlert is architected and managed by Damballa Labs, a collaboration of academic researchers and some of the most recognized authorities in DNS, cyber threats and malware analysis. Damballa FirstAlert is a result of more than a half a decade of mining global passive DNS activity, advanced malware analysis and patent-pending machine-learning and predictive threat classification technologies that profile the command-and-control (CnC) infrastructure of criminal networks.

Early Threat Discovery

Damballa FirstAlert incorporates a number of new technologies that discover emerging threats on the rise. By detecting the CnC infrastructure of threats before they reach critical mass, Damballa FirstAlert protects Damballa customers from these attacks long before traditional security solutions will have any evidence of the threat.

By combining this early-warning intelligence with observed activity in a customer network, Damballa can pinpoint infected assets long before other traditional security solutions will become aware of the threat.

Award-Winning Scientific Research

The proven ability and accuracy of Damballa FirstAlert is founded in award-winning scientific research that has resulted in patent-pending, machine learning systems that automate the early detection of rising threats. The two most recent inventions are named 'Kopis' and 'Notos'.

Kopis is an early warning threat discovery system that monitors domain look-up behaviors across 'autonomous' networks, uniquely capable of operating at different levels of the internet hierarchy. The Kopis research paper will first appear in the August 2011 proceedings of the 20th USENIX Security Symposium, a top tier academic security conference.

Notos is a dynamic reputation system for DNS, which operates by utilizing the massive historical DNS data aggregated in the Damballa Labs. It automatically assigns DNS reputation scores to new, previously unseen domains. The Notos research paper appeared last year in the proceedings of the 19th USENIX Security Symposium. The Notos technology was originally developed at the Georgia Tech Information Security Center (GTISC), where research in DNS-based monitoring for botnet defenses has been supported by funding from the National Science Foundation, the Department of Homeland Security, the Office of Naval Research, the Air Force Research Labs, the Army Research Office, and Google.

Damballa FirstAlert Advanced Cyber Threat Intelligence & Defense Video
"We are truly in an arms race when it comes to fighting cyber crime. The criminals have vast resources and patience, and the sophistication of the infection tactics and associated malware continues to outpace our ability to block it or detect it. But even the criminals have to use the basics of the internet and DNS to communicate with the assets they infect. Advanced detection of malicious domain abuse could be the only way of staying ahead of this threat. Damballa is doing something special."
Kenneth A. Minihan
Lt. Gen, USAF (ret) and former Director
National Security Agency
"The ability for Damballa to detect cyber threats in their infancy is impressive. This is a win for the good guys – both the enterprise security teams tasked with protecting enterprise data and secrets, as well as the domain registrars and authoritative domain service providers who partner with Damballa."
Richard Stiennon
Chief Research Analyst
IT-Harvest