Lancope StealthWatch Extends Botnet Detection With Damballa Failsafe Integration

Integration will enable StealthWatch to identify and protect against bot-driven targeted attack activity inside enterprise networks

May 4, 2009

4 Min Read


ATLANTA and SAN FRANCISCO, April 20 /PRNewswire/ -- (RSA Conference 2009), Lancope(R), Inc., the provider of StealthWatch(R), the Best in NetFlow Analysis ( and the most widely used network behavior analysis (NBA) and response system, today announced StealthWatch integration with Damballa, Inc.'s Failsafe appliances. The integration will enable StealthWatch to identify and protect against bot-driven targeted attack activity inside enterprise networks.

Damballa's Failsafe technology rapidly isolates the Command-and-Control (CnC) communications needed to launch botnet attacks. Damballa is the only security vendor who can track this rallying activity in real-time, regardless of port or protocol. Based on Damballa's real-world experience, at least 3% to 5% of enterprise assets are already compromised with botnet malware. As a result of the integration with Damballa's Failsafe, StealthWatch customers will gain immediate and unprecedented visibility into compromised enterprise assets and actual botnet and targeted attack activity on the network.

During the first phase of integration, Failsafe will feed StealthWatch the IP addresses of CnC hosts on the Internet that are seen communicating with internal IP addresses. StealthWatch will use the information to send immediate alerts when an internal host attempts subsequent communication with one of these external CnC host IP addresses. StealthWatch will not only provide alerting and complete visibility of all egress CnC communications, but will provide the user with the ability to research and pinpoint extremely relevant internal communication patterns. For example, once an internal host is known to be communicating with a CnC host on the Internet, StealthWatch could be used to easily identify communications from that infected host to servers housing sensitive financial data or other network locations where private data resides creating a rich contextual picture of the compromise and its associated risk. CnC host communications and alerts will be visible from the StealthWatch Management Console.

"It is undeniable that enterprise computing assets are being compromised by bots, even in the presence of layered security technology, however, with a growing consensus and understanding of the problem, the ability to quantify and isolate the threat with traditional security technologies has been extremely limited," said Harland LaVigne, president and CEO of Lancope. "Lancope's consistent emphasis on network visibility paired with Damballa's unique ability to spot botnet communications on critical internal assets allows our customers the ability to not only identify bot-compromised systems, but to determine the severity and intent of suspicious activity, and disrupt active attacks."

"Botnets are indisputably the new platform for crime on the Internet," said Steve Linowes, CEO of Damballa. "By integrating Failsafe with StealthWatch, customers will receive a superior level of insight into bot-driven targeted attacks infiltrating enterprise networks to steal critical company resources. Failsafe provides unmatched understanding of targeted attacks, associated malware, bots, and criminal Command-and-Control infrastructure to track the type of compromise, when it happened, and how extensive the damage might be. It's an ideal complement to StealthWatch analysis of risky network behavior."

For more information, visit Lancope in Blue Coat booth #1751 during the RSA Conference 2009.

About Damballa, Inc.

Damballa protects businesses from bot-driven targeted attacks used for organized, online crime by using the Internet cloud to identify and isolate threats that evade other technologies. Our unique, global approach monitors the Command-and-Control that coordinates botnet attacks to rapidly identify compromised systems and enable immediate control of malicious activity. Global 1000 corporations, large Internet service providers, OEM partners and government agencies use Damballa's signatureless solutions and industry-leading research to reinforce existing security infrastructure and stop hidden Internet attacks. The result is dramatically improved security both inside and outside the network perimeter. Damballa is privately held and headquartered in Atlanta, Georgia. For more information, visit


Lancope(R), Inc. is the provider of the StealthWatch(R) System, the most widely used network behavior analysis (NBA) solution combines flow-based anomaly detection and network performance monitoring.

Delivering unified visibility across physical and virtual networks, StealthWatch eliminates network blind spots and reduces total network and security management costs. StealthWatch streamlines security, network and virtual monitoring into one process, reduces time and resources, and eliminates the costs and complexity associated with non-integrated point products. Both OPSEC and Common Criteria-certified, StealthWatch received the 2008 and 2007 Global Excellence Award in NBA. Defending the networks of Global 2000 organizations, academic institutions and government entities, StealthWatch protects hundreds of enterprise customers worldwide, more than all direct competitors combined. Lancope also partners with fellow best-of-breed solution providers through its Technology Alliance Program, which includes Cisco Systems, Brocade, Blue Coat, VMware, IBM Tivoli, Check Point, TippingPoint, ArcSight and A10 Networks. Lancope is a privately held, venture-backed company headquartered in Atlanta, Georgia. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights