Damballa Failsafe Technology

Failsafe is fueled by our Threat Discovery Center, which includes data that we’ve been harvesting since 2006. Our machine learning systems yield algorithms that are sent to Damballa Failsafe sensors, which monitor for behaviors indicative of a device under criminal command and control. Cyber criminals must communicate with the victim device to exfiltrate data. Visibility into this activity enables us to positively identify infections.

Detect

Failsafe detects threats that bypass prevention controls.

Contain

Failsafe initiates mitigation action to speed containment of active threats.

Respond

Failsafe provides a full case of prioritized evidence so responders can immediately prevent damage.

1
2
3
4
5
6
7
8
1

Network Observation

Sensors placed in key locations, within your network, observe egress, proxy and DNS traffic. They listen to traffic passively and talk to each other so they can track a device’s activity over time.

2

Behavioral Analysis

Multiple detection engines apply threat intelligence fed by our Threat Discovery Center in analyzing behaviors and content.

3

Case Building

Suspicious evidence is examined by the Case Analyzer, a context aware engine that builds a case of suspicious or malicious status for each device.

4

Not Infected

Devices that are designated as clean are removed from the case list to allow response teams to focus on what matters (or reduce clutter).

5

Risk Level Assessment

When a case of evidence moves from suspected to infected, nine different Risk Profilers assess the level of risk based on the threat activity, intent and importance of the device to the organization.

6

Actionable Information

True Positives Cases are prioritized based on their risk score and sent to the Breach Response team with complete forensic evidence for immediate action.

7

Suspected Cases

Suspected cases are automatically closed without ever needing manual attention.

8

Proven Infection

Only truly malicious cases are isolated for your security team to address and respond to.

The best way to discover the benefits of Damballa Failsafe is to see it in action. Just click below to schedule a live demo of Damballa Failsafe.