CGNET is very excited about Damballa Failsafe’s approach for dealing with advanced threats. We’re using it on our network, and with some of our customers. Its results have been impressive, at a very reasonable cost. In fact, Damballa has given us special pricing which allows us to offer a significant discount to qualified nonprofits.
Advanced threats are more than high-level cyber-espionage by governments. While sophisticated malware may start there, it soon diffuses even to amateurs on the dark net. We are all going through a time where we are searching for something to fill the gap left by incomplete protection from anti-virus and other signature-based methods. Not only can bad actors often bypass barriers like anti-virus by using social engineering, but also they can slightly modify an existing virus so that it has a new, unrecognized signature. At this point, the simplest thing is to assume that some malware is on your network.
Second, we’re looking for something less labor-intensive than constant log analysis. If you analyze logs manually, you’re in for a lot of work, and you’d better have some skills. This can be too much for a smaller organization. Even if you automate log analysis, the existing systems tend to generate a lot of false positive alerts as they look at everything on your network.
How It Works
What Damballa Failsafe does is analyze particular behaviors on your network, detecting malicious payloads and threat actor activity. It focuses on the places that matter most: egress, proxy and DNS traffic. Malware needs to “phone home” to a command and control server, either to get more malware or to send out data from your servers. By focusing on malware’s communications, Damballa limits what it has to measure, but still guards the key point, where information could leave your data center.
It then identifies the devices that have been infected, with a method that avoids false positives. This involves a number of tests that reduce the number of suspected activities to those that certainly reflect threat activity. Acting on this intelligence, Damballa identifies the malware and tells you what machine it’s on. It also provides the trail of evidence justifying its determinations. With this information, you can eliminate the malware from your network.
Damballa is able to do this because it monitors nearly 15% of the world’s Internet activity, more than ½ billion devices, thanks to relationships with very large carriers and others. It analyzes more than 25 billion Internet records daily into Hadoop Clusters for analysis then creates machine-learning algorithms to find representations of malicious activity. It then delivers these classifiers to an appliance on your network, which uses them to spot the malware there.
This new approach adds an entire new layer to your network security. It allows you to check whether malware has already gotten by your current defenses, and it protects it on an ongoing basis. As I said, it’s working for us and for those of our customers who have tried it.
Ease of Use
One of the very best things about Damballa Failsafe is that it’s simple to use. Setting it up means installing an appliance on the network and doing some port mirroring, not big stuff. After that, Damballa monitors the network and constantly reports what possible threats it’s seeing. If something rises to the level of a real threat, you are notified, so you can take action.
Let us show you how Damballa Failsafe can work for you. It’s easy to set up a 30-day network security checkup which will determine what’s on your network now and show you what the service does. Oh, and did we mention we offer a significant nonprofit discount?