Damballa™ Failsafe Security Integration
Advanced malware attacks have become the weapon of choice for criminal organizations seeking both automated and directed platforms for cyber threats. In fact, almost every enterprise network is already compromised by hidden malware that enables unauthorized criminal remote control.
Every one of these breaches is another hidden avenue for industrial espionage, identity theft, access to financial systems and more. That's why companies rely on Damballa Failsafe to augment their existing network and security solutions.
Damballa Failsafe delivers critical detection and threat termination for botnets, APTS and next generation malware threats that rely on network-based Command-and-Control (CnC) communications to build hidden criminal networks. Specifically designed for simple, transparent integration, Damballa Failsafe delivers advanced threat monitoring and network forensics that can provide alerts and critical threat detail to existing security infrastructure solutions. As a result, it improves overall security and remediation workflow without impacting normal network operations.
Damballa is a “certified” or “compatible” integration partner with McAfee ePolicy Orchestrator®, ArcSight® Enterprise Security Manager (ESM) and Lancope® StealthWatch, with more under development.
McAfee® - Endpoint/Host Security
As a McAfee® Security Innovation Alliance™ Partner, Damballa Failsafe is McAfee Compatible with McAfee ePolicy Orchestrator® 4.0. Damballa Failsafe integrates directly with the McAfee ePO™ dashboard for seamless, unified host security visibility. Damballa Failsafe provides fast, accurate threat identification and termination for botnets, APTs and next generation malware threats. It also provides alerts for malicious behavior via the McAfee ePO dashboard. This powerful combination delivers a network-wide view of criminal activity, and the enterprise network's overall security posture. This unified, holistic view integrates workflow, queries and reporting inside the McAfee ePO dashboard. The end result is dramatically improved visibility into enterprise security, and reduced costs associated with system and endpoint remediation management.
ArcSight® - SIEM Integration
As a member of the ArcSight® Common Event Format (CEF) program, Damballa Failsafe is ArcSight CEF Certified and integrates with the ArcSight Security Information and Event Management platform. The Damballa CnC detection and termination technology compliments the unique abilities of the ArcSight solution to manage advanced persistent threats, by providing critical forensic details associated with which hosts have been compromised and the related CnC activity.
Lancope® - Network Behavior Integration
Damballa identifies botnet, APT and next generation malware activity that has compromised hosts within an enterprise network and presents these alerts to the Lancope® StealthWatch netflow analysis system. Lancope customers then benefit from the ability to pinpoint the netflow activities that led to the compromise for each infected host, and can track the potential spread of the attack by examining additional netflows related to the breach.