Product Watch: Damballa Rolls Out Early Detection Service

Damballa Monday introduced a new service that helps enterprises and service providers detect malicious activity early in its development and protect their systems "weeks or months" before malware appears in the wild.

"Damballa FirstAlert will discover cyber threats long before traditional preventative security solutions will have the signatures or blacklists they would need to detect the threat," the company says.

Damballa FirstAlert was the cyber threat intelligence system behind the discovery of the IMDDOS botnet that Damballa announced on September 13, 2010. In additional to real-world trials of the new inventions, Damballa Labs discovered multiple botnets in the early stages of their mass infection lifecycles.

"These botnets were taken down as a matter of course," Damballa says. "In all cases, the botnets were discovered weeks before the malware was first detected through traditional approaches [on average 30 days]."

Damballa FirstAlert is the cyber threat intelligence system that powers the Damballa Failsafe (for enterprise networks) and Damballa'CSP (for communications service providers). With Damballa FirstAlert, Damballa customers will be able to detect and terminate threats in the early stages of their infection lifecycle and long before traditional prevention systems would identify the infection or breach, the company says.

"The introduction of these new inventions comes at a time when customers are acutely aware of the enormous damage a network security breach can cause," says Val Rahmani, CEO of Damballa. "Any enterprise, ISP or telco network protected by Damballa products will detect and block cyber attacks weeks and possibly months before any malware-dependant solutions will ever be aware of the threat."

The two new inventions, Kopis and Notos, are both Damballa patent-pending technology.

Kopis is an early warning threat discovery system that monitors domain look-up behaviors across autonomous networks, uniquely capable of operating at different levels of the Internet hierarchy. The Kopis research paper will first appear in the August 2011 proceedings of the 20th USENIX Security Symposium.

Notos is a dynamic reputation system for DNS, which operates by utilizing the massive historical DNS data aggregated in the Damballa Labs. It assigns DNS reputation scores to new, previously unseen domains. The Notos research paper appeared last year in the proceedings of the 19th USENIX Security Symposium.

"Just as DNS is a critical component of the Internet's functionality, it is also the Achilles' heel of cybercriminals," says Gunter Ollmann, vice president of research at Damballa.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.