Product Watch: Damballa Rolls Out Early Detection Service

New offering could alert enterprises "weeks or months" before malware appears in the wild

2 Min Read

Damballa Monday introduced a new service that helps enterprises and service providers detect malicious activity early in its development and protect their systems "weeks or months" before malware appears in the wild.

"Damballa FirstAlert will discover cyber threats long before traditional preventative security solutions will have the signatures or blacklists they would need to detect the threat," the company says.

Damballa FirstAlert was the cyber threat intelligence system behind the discovery of the IMDDOS botnet that Damballa announced on September 13, 2010. In additional to real-world trials of the new inventions, Damballa Labs discovered multiple botnets in the early stages of their mass infection lifecycles.

"These botnets were taken down as a matter of course," Damballa says. "In all cases, the botnets were discovered weeks before the malware was first detected through traditional approaches [on average 30 days]."

Damballa FirstAlert is the cyber threat intelligence system that powers the Damballa Failsafe (for enterprise networks) and Damballa'CSP (for communications service providers). With Damballa FirstAlert, Damballa customers will be able to detect and terminate threats in the early stages of their infection lifecycle and long before traditional prevention systems would identify the infection or breach, the company says.

"The introduction of these new inventions comes at a time when customers are acutely aware of the enormous damage a network security breach can cause," says Val Rahmani, CEO of Damballa. "Any enterprise, ISP or telco network protected by Damballa products will detect and block cyber attacks weeks and possibly months before any malware-dependant solutions will ever be aware of the threat."

The two new inventions, Kopis and Notos, are both Damballa patent-pending technology.

Kopis is an early warning threat discovery system that monitors domain look-up behaviors across autonomous networks, uniquely capable of operating at different levels of the Internet hierarchy. The Kopis research paper will first appear in the August 2011 proceedings of the 20th USENIX Security Symposium.

Notos is a dynamic reputation system for DNS, which operates by utilizing the massive historical DNS data aggregated in the Damballa Labs. It assigns DNS reputation scores to new, previously unseen domains. The Notos research paper appeared last year in the proceedings of the 19th USENIX Security Symposium.

"Just as DNS is a critical component of the Internet's functionality, it is also the Achilles' heel of cybercriminals," says Gunter Ollmann, vice president of research at Damballa.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights