Service Provider Protection

Damballa for Service Providers sits out-of-band and monitors DNS requests from subscribers’ IP addresses, identifying which are infected with malware. Our solution has zero impact on network performance and does not monitor Personally Identifiable Information (PII).

Damballa CSP is fueled by our Threat Discovery Center, which includes data that we’ve been harvesting since 2006. Our machine-learning systems yield algorithms that are sent to Damballa CSP sensors, which monitor for behaviors indicative of a device under criminal command and control. Cyber criminals must communicate with the victim device to exfiltrate data. Visibility into this activity enables us to positively identify infections.

Detect

Damballa Service Provider Protection automatically discovers infections by monitoring non-PII subscriber network traffic.

Contain

Damballa Service Provider Protection contains threats by redirecting malicious communications.

Report

Damballa Service Provider Protection reports infections to security teams and integrates with other systems for automated notification, response and remediation.

1
2
3
4
5
Damballa CSP Technology
1

Network Observation

Sensors placed in key locations within your subscriber access network. They listen to passive DNS traffic to pinpoint compromised subscriber IP addresses.

2

Threat Intelligence

Reputation Systems – API driven machine learning systems that calculate threat reputation vectors using historical and real-time observations (ie-Notos, a dynamic reputation system for DNS). Predictive Systems – The application of threat modeling and classifier systems that forecast threats and predict abuse (ie-Kopis, a DNS early warning system for domain abuse). Correlation Engines – The application of automated Big Data and machine learning systems that correlate features and classify threat intelligence in real-time.

3

Detections

Suspicious and malicious evidence is aggregated at the management console (MC) and infections are isolated for automatic termination and subscriber notification.

4

Threat Mitigation or Infection Containment

Terminate malicious communications of infected devices by IP or threat actor/operator.

5

Actionable Information

Deliver infections and threats detail to security team for subscriber notifications and response.

Explore the benefits of Damballa Service Provider Detection with a Free Trial. Just click below for more information.