Damballa Inc., a company that helps identify and defend against cyber threats, today launched the latest version of its cyber threat solution designed to detect subscriber malware infections in Internet service provider (ISP) and telecommunications provider networks.
Damballa CSP 1.6, identifies cyber threat activity on any type of subscriber device including PC, Mac, iPad, iPhone, Android and all mobile and smartphone platforms by monitoring a carrier’s DNS activity for malicious network traffic.
Designed to handle the massive scaling requirements of large carrier environments, Damballa’s solution can automatically detect and correlate subscriber infections with threats that can be remediated using Microsoft’s anti-malware technology. Combined with in-browser notification, redirection, and/or ‘walled garden’ technologies, customers can be notified by their internet service provider (ISP) of a threat and directed to the Microsoft Safety Scanner, allowing the subscriber to remove the infections.
ISPs and telcos are facing increasing pressure to provide ‘clean pipes’ and to protect their subscribers from cybercrime that threatens to steal customer credentials, commit fraudulent transactions, or commandeer the subscriber device to launch DDoS or other cyber attacks.
“Network abuse is a primary concern for all carriers today,” said Jennifer Pigg, vice president of network research, Yankee Group. “Subscriber infections not only create a poor customer experience, but they increase the cost of carrier operations due to the massive effort required to identify the source and cause of network abuse. And ultimately, the infections can lead to the carrier having to respond to inquiries and allegations of abuse emanating from their network.”
Damballa CSP 1.6 introduces a number of new capabilities including:
• Identification of Threat Intent – With Damballa CSP 1.6, attribution is provided for the subscriber infection indicating the criminal intent. Threat Intent types include Downloader, Multi-Purpose, DDoS, Information Stealer, Exploit Kit, etc.
• Description of Threat Threat Details – Now provide intelligence regarding what is known about the criminal operator including Threat Behavior, Malware Names, Observed Traits and Capabilities.
• HP ArcSight Common Event Format (CEF) Certification – Many carriers are using the ArcSight Enterprise Threat and Risk Management (ETRM) platform for monitoring and managing their security events. With certification of Damballa CSP with the ArcSight platform, the integrated solution can now automate the correlation of infected IP addresses to the subscriber account, completing an important step of the detection-notification-remediation process.
• Integration Partnership with PerfTech – PerfTech is a provider of in-browser notification solutions. Once Damballa CSP detects the threat and it is correlated with the subscriber account, a customized notification can be generated alerting the subscriber to the infection and providing next steps for remediation, even directing them to the ISP’s security portal for remediation assistance.
• Correlation of Threat Intelligence with Microsoft Remediation Solutions – Damballa CSP 1.6 provides Threat Intelligence about the subscriber infection and is then correlated with the threats that can be remediated using Microsoft’s anti-malware technology like Safety Scanner.
“With Damballa CSP 1.6 and our growing list of integration partners, we can deliver a light-weight, highly scalable end-to-end solution that automates detection, correlation and remediation of the subscriber infection,” said Stephen Newman, vice president of product management for Damballa. “Most carriers are just beginning to build out their cyber threat detection and remediation solutions. With this collaboration of best-of-breed technologies, ISPs and Telcos can be up and running quickly with a highly automated solution for identifying and removing network abuse caused by advanced malware and subscriber devices under criminal command-and-control.”
