Damballa's Failsafe quickly and accurately identifies targeted attack activity that originates inside the network perimeter.Damballa’s Failsafe appliances protect enterprise networks against targeted attacks such as BotArmies. This network-based offering integrates with Damballa’s Global Surveillance Network to create a comprehensive security solution that provides immediate identification, protection, and feedback on internal targeted attack activity.
Failsafe applies Damballa’s unmatched understanding of targeted attacks, associated malware, bots, and criminal command-and-control (CnC) infrastructure to track the type of compromise, when it happened, and how extensive the damage might be. Within minutes of an active compromise, Damballa alerts clients with essential details for administrators, including steps to contain and remediate the compromise.
Reports and alerts are distributed via Damballa's secure Web portal. For even tighter integration, the portal integrates easily with popular trouble ticketing systems, so that the correct people in your organization always receive the information they need, as soon as it becomes available.
Enterprise organizations need the ability to determine the actual intent and risk that arises when suspicious but unconfirmed activity occurs on corporate networks. Damballa’s Failsafe delivers exactly this level of insight, supplementing traditional DiD deployments by reducing or removing real-time uncertainty in tracking previously undiscovered or newly emerging targeted attacks.
Failsafe Protection Benefits
| Feature |
Description |
Client Benefit |
| Rapid identification of internal compromise activity |
- Sensor tracks new and newly active targeted attack traffic
- Instant analysis of type/severity of compromise
- Fast, accurate identification of bot activity
|
- Faster recognition and alerting drives a more flexible, more thorough response
- No guesswork. You know what's compromised
|
| Protection |
- Locates actual IP address of BotMaster
- Isolates BotMaster command-and-control
- Prevents individual bots from acting as a unified BotArmy
|
- Allows client to prevent individual bots acting as a unified BotArmy
- Allows client to prevent bots from taking the actions issued by the BotMaster
- Protects other internal devices from compromise
|
| Fast, accurate analysis of targeted attacks |
- Malware attack, reconnaissance and polymorphic capabilities
- Recent targeted attack activity including rallying and attack information
- Relative BotArmy size
- Remediation guidance for compromised systems
|
- Opens window for controlled remediation
- Assists in prioritizing remediation activities
- Assists in locating the exact file, or binary representation, on the compromised machine
- Educates executive management on targeted threats to intellectual property
|
| Finds threats that AV and IDS/IPS miss |
- Works without signatures
- Recognizes polymorphic targeted attacks
- Finds threats that evade network -based security
|
- Provides comprehensive protection for network-based threats that signature- and packet-based security technologies can't detect
|
| Detailed reporting and real-time alerting |
- Daily summary reports
- Customized alerting for each user
- Internal and external threat trends over time
- Complete history of compromised hosts
- Detailed compromise information, including communications between compromise and CnC
- BotArmy membership, capabilities and intent
|
- Delivers critical insight into the severity and risk introduced by each compromised asset
- Ensures that the user receives the actionable information in the most efficient manner possible in order to protect the enterprise
|
| Global Internet visibility client |
- True global view of targeted attack activity
|
- Recognizes threats before they attack
|
