Damballa automates the discovery of an organization’s highest risk devices under criminal control. By tracking and analyzing evidence of malicious traffic in real-time,Damballa profiles criminal actors in your network,rapidly identifying the stopping data theft and providing the forensics needed to expedite incident response and remediation.   

Damballa protects any type of server or endpoint device including PCs, Macs,Unix,iOS,Android and embedded system across corporate,ISP and telco networks.Damballa protects more than 300 millioon endpoints worldwide at mid-size and large enterprises in every major market.
A new generation of cyber threats has emerged, and today’s attacks on specific targets are to use hidden malware and command control architectures to provide commercial espionage to steal confidential information. This type of attack uses a sophisticated malware design to bypass the protective layer of Signature-Base (such as IPS, anti-virus software, etc.) to provide cybercriminals a pipeline to steal customer data, intellectual property, and trade secrets.
If the invisible malware infects the terminal computer device (PC, Mac, iPad, smart phone, etc.), the program will communicate with the cybercriminals through the legal access to the Internet.
The Command-and-Control (C&C) can issue commands to malicious software to steal data and confidential information, and continuously update/modify malware to further evade detection or specific tasks. These invisible threats are currently the safety teams in various industries urgently need to solve .
According to recent researches, the average corporate network vulnerability would be detected more than 170 days.To Quickly detect vulnerabilities and end criminal communication is the best way to prevent data from being stolen.
Damballa Failsafe
  • The complete real network behavior detection technology, monitoring real network packets (not the behavior detection in the sandbox for playing house), quickly discovering hidden malicious software, even the most advanced Sandbox-Aware malicious software can not be escaped from the eyes.
  • No need to install Agent software, and it doesn’t need to rely on sandboxes, so it is not restricted from the type of platforms.And it can support all kinds of servers connecting with Windows, Mac, Linux, iOS, Android, Symbian, embedded, and PC, mobile phone, tablet, POS…
  • The DGA (Domain Generation Algorithm) detecting patent–can intelligently find rapidly changeable malicious URLs in C&C hosts.
  • There are currently 400 million devices worldwide protected by Damballa Failsafe.
  • Automatically detecting and analyzing suspicious executable files and PDF files to discover zero-day or unknown malware attacks in the network.
  • Quickly identifing C&C behaviors and the amounts of cybercriminals on corporate networks.
  • Provides complete, accurate, and immediate evidences of malware and malicious communication-related infections.
  • Blocks criminal communications to prevent data from being stolen.
  • Provides complete detection evidences and traceable events sequence, and provide operation patch to reduce vulnerabilities.
The known threats are just the tip of the iceberg, and Damballa can defend against unknown hidden threats.

The Damballa Failsafe sensor can monitor the network traffic of DNS, Proxy, and firewalls, and can use a multi-dimensional depth detection engine to detect relevant suspicious behaviors and quickly analyze and isolate attack behaviors.
Damballa LAB Labs have the most advanced cyber threat intelligence, and Damballa Failsafe can accurately detect unknown Zero Day threats and effectively reduce the risk of these malicious behaviors and prevent malicious programs from communicating with C&C server endpoints.
Damballa Failsafe 
Hunting for Advanced Malware, Persistent Threats and Targeted Attacks 
Fast and accurate detection–Damballa FailSafe uses the Out-of-Band sensing system to monitor network communication including Firewall traffic, DNS queries and HTTP requests. Monitor network behaviors, special files, C&C and related information to identify existing malware and identify infected devices.
Danballa Failsafe sensor uses a multi-dimensional packet depth resolution engine to detect malicious threats:
‧ Automated Malware Analysis
– Detects and captures suspicious executable programs and PDF files. If it is determined to be a malicious file, it will further analyze the communication behaviors between the analysis file and C&C in Damballa Lab ,and provide host-related communication details.
‧ Behavioral Analysis
– Tracks asset communications –and to determine that certain communications are much like automation or human behaviors, but in fact it’s not man-made operations.
‧ Profiling Communications
– Analyzes network traffic to determine if the target is suspicious ,or communicating with known possible C&C , poor reputation DNS, or ambiguous targets.
Damballa Failsafe can perform complete data packet capture and generate analysis reports for suspicious traffic, the variety of malware in the devices of defining the victim,and provide a complete management picture to illustrate, Who, What, Where, and Why.
The situational function provides security teams a clear and operational intelligent analysis and reduces wasting time in tracing misjudged caveat.

※Damballa Failsafe provides security teams a clear and operational intelligent analysis and reduces wasting time in tracing misjudged caveats.


Damballa Failsafe 
Protects various terminal devices 
Damballa Failsafe can protect all computing devices in enterprises by monitoring network communications, including all application systems or platforms like servers, desktops, PC, Mac, iOS, Android devices, and even embedded devices .
In addition, it can protect enterprises from infected devices connecting to corporate networks, such as travellers, contractors, mobile devices, and employee-owned devices (BYOD).
Provides action guidelines for quick reactions to events
By automatic analysing the evidences of malicious network behaviors, Damballa Failsafe can eliminate false caveats common to products,and pinpoint the location of the infection ,and prioritize the needs of the event responses .
Basically,Damballa Failsafe has no probability of false-positive misjudgment. Communication Profiling takes charge of collecting evidences of suspect criminal behaviors and make conclusions after cross-checking.
Risk Profiling indicates which infected devices exposing to the highest risk of data theft according to the device and the network segment where the threatening activities happen , providing clearer information and prioritization to the incident response team.
Resists the new threats at any time
Damballa Labs can discover emerging threats by Big Data analysis and patented machine learning systems ,earlier than other security companies discovering and analyzing them to recreate signatures.
If you have to see malware before taking protective measures,you have lost the war.
For most of the industry, finding malware is just the beginning of the entire investigation. For Damballa, finding out malware is just confirming we have taken of evidences.
APT protection plan with reasonable prices
Damballa Failsafe is quick and easy to install – no adjustments, no modifications, and low maintenance requirements. Our solutions are easy to install and often can find threats that were not discovered before, within a few hours of installation.
We currently take charge of protecting 400 million installations around the world. DamballaFailsafe can integrate seamlessly with your existing security infrastructure (SIEMs, Loggers, Netflow) to optimize procedures and shorten the time of completion.
Damballa Failsafe can automatically discover the highest risk devices that are controlled by criminals in your organization.
Damballa Failsafe can instantly detect and analyze the trail of evidence of malicious network transmissions, analyze criminal types and quickly identify high-risk devices that are invaded.
Damballa Failsafe has speeded up the response time of the security incidents because the system can provide clear guidelines for criminal events in the network.

Damballa Failsafe 
Advanced Cyber Threat Intelligence 
Damballa Failsafe protection can find out the C&C architecture and emerging cyber threats with Damballa FirstAlert, the early industry’s leading warning capability technology, which can find out threats and provide malicious software samples for security companies before several weeks or months.
By using the threat intelligence of the Damballa FirstAlert network, Damballa Failsafe can detect advanced malware infections in commercial networks before traditional preventive security solutions,and take the effective detection and protection.

In addition,the traces collected by Communication Profiler will be given to Case Analyzer to judge and then draw conclusions – not just warnings – but also to find out high-risk devices which have been controled by cybercriminals.

※Enterprises can know which devices need to be immediately noticed by relevant evidences, so that they can effectively make sure the priority of restoration.

  • It’s the exclusive solution that can automatically detect the highest-risk devices controlled by cybercriminals in enterprises.
  • Protects more than 400 million devices worldwide.
  • Has access to the world’s major vertical industries and the largest ISPs and telecom enterprise.