Solutions Introduction
Enterprise
OEM
Click Here for White Papers and Case Studies

OEM Solutions

Introduction

Targeted attacks are the root cause for much of the crime on the Internet. From spam and phishing to click fraud and peer-to-peer attacks, there's a very good reason why these threats are an increasingly popular tool for increasingly sophisticated and organized online criminal organizations.

Simply put, targeted attacks such as bots and BotArmies know how to hide from firewalls, antivirus, anti-spam, intrusion detection/intrusion prevention (IDS/IPS) and other network security technologies. These products are very effective at achieving their designed goals. However, targeted attacks represent a new kind of threat – one that requires a new type of response. That's why Damballa specifically designed its solutions to make a broad array of other security technologies capable of identifying and combating targeted attacks.

How do these threats evade traditional defenses? As many as 40% of the malware samples in Damballa's Knowledgebase do not trip an AV signature. Even worse, traditional network security solutions can only see what happens inside the network perimeter. They can't easily identify threats such as bots, BotArmies, or the malicious behavior those BotArmies are perpetrating.

A bot can morph into hundreds of different configurations, each designed to avoid tripping AV signatures. There is no practical way to cover all the possible combinations and permutations. This traffic masquerades as low volume, normal communications, often across open ports such as those used by Web browsers. The result is a threat that firewalls, antivirus/anti-spam and IDS/IPS can't easily track.

Damballa starts with what targeted attacks do, rather than what or where they are. As a result, our technology isolates the one thing that must remain constant for bots to be a threat – the command-and-control communications that compromised systems use to receive operating instructions from external controllers. This global approach reaches across the Internet, not just across internal networks, to immediately reveal the presence and location of compromised systems. Damballa also details the type of attack and predicts the potential for future malicious activity.

In short, Damballa's services are uniquely positioned to strengthen other companies' offerings by making them easily and truly aware of targeted attacks. There are no signatures to match, no network behavior profiles to build, and no delays between the emergence of a new threat and the development of a suitable defense against it. The best, fastest way to protect your customers against targeted attacks – and to generate new revenue opportunities – is to incorporate Damballa's intelligence into existing product offerings.