Damballa's Failsafe and Harbinger quickly and accurately identify targeted attack activity that originates inside the network perimeter.Damballa’s Failsafe and Harbinger Solution protects enterprise networks against targeted attacks such as BotArmies. This network-based offering combines Damballa’s Global Surveillance Network with easily deployed and managed Failsafe appliances and an optional Harbinger analysis appliance placed inside the network perimeter to provide immediate identification, protection, and feedback on internal targeted attack activity.
Failsafe and Harbinger utilize Damballa’s unmatched understanding of targeted attacks, bots, and the command-and-control (CnC) infrastructure that BotMasters use to control BotArmies to track the type of compromise, when it happened, and how extensive the damage might be. Within minutes of an active compromise, Damballa alerts clients with essential details for administrators, including steps to contain and remediate the compromise. For even tighter integration, Damballa’s portal integrates easily with popular trouble ticketing systems, so that the correct people in your organization always receive the information they need, as soon as it becomes available.
Failsafe and Harbinger Protection Benefits
| Feature |
Description |
Client Benefit |
| Rapid identification of internal compromise activity |
- Sensor tracks new and newly active targeted attack traffic
- Instant analysis of type/severity of compromise
- Fast, accurate identification of bot activity
|
- Faster recognition and alerting drives a more flexible, more thorough response
- No guesswork. You know what's compromised
|
| Protection |
- Locates actual IP address of BotMaster
- Isolates BotMaster command-and-control
- Prevents individual bots from acting as a unified BotArmy
|
- Allows client to prevent individual bots acting as a unified BotArmy
- Allows client to prevent bots from taking the actions issued by the BotMaster
- Protects other internal devices from compromise
|
| Fast, accurate analysis of targeted attacks |
- Malware attack, reconnaissance and polymorphic capabilities
- Recent targeted attack activity including rallying and attack information
- Relative BotArmy size
- Remediation guidance for compromised systems
|
- Opens window for controlled remediation
- Assists in prioritizing remediation activities
- Assists in locating the exact file, or binary representation, on the compromised machine
- Educates executive management on targeted threats to intellectual property
|
| Finds threats that AV and IDS/IPS miss |
- Works without signatures
- Recognizes polymorphic targeted attacks
- Finds threats that evade network -based security
|
- Provides comprehensive protection for network-based threats that signature- and packet-based security technologies can't detect
|
| Detailed reporting and real-time alerting |
- Daily summary reports
- Customized alerting for each user
- Internal and external threat trends over time
- Complete history of compromised hosts
- Detailed compromise information, including communications between compromise and CnC
- BotArmy membership, capabilities and intent
|
- Delivers critical insight into the severity and risk introduced by each compromised asset
- Ensures that the user receives the actionable information in the most efficient manner possible in order to protect the enterprise.
|
| Global Internet visibility client |
- True global view of targeted attack activity
|
- Recognizes threats before they attack
|
