Damballa Adds Cloud-based Analysis to Threat Detection Solution

Atlanta-based Damballa released Failsafe 5.0 this week, the latest edition of the company’s cyber threat detection and mitigation solution. Adding new cloud-based capabilities, this latest update promises to better track “Internet aware” malware and other threats.

Damballa’s Failsafe works by hunting for undetected threats on a given network. It’s able to correlate a variety of observed network behaviors that might indicate malware-infected devices (no matter if they are PCs, Macs, servers, smartphones, iPads, etc.) are communicating with criminals.

Failsafe 5.0 utilizes cloud-based dynamic analysis, which occurs at Damballa Labs in real-time. Customers can opt to automatically submit all suspicious files for analysis, or selectively submit files as desired. Once of the big advantages to the cloud-based addition is that the malware analysis is conducted in ‘dirty’ (anonymous, non-production) networks with Internet access.

“We now offer real-time malware analysis as additional forensic evidence that contributes to the threat conviction scores for threats identified on infected devices,” said Stephen Newman, vice president of product management for Damballa.

“Much of today’s malware is ‘Internet aware’ and won’t execute without Internet access or will act ‘benign’ to fool analysts. Letting the malware complete its initial beaconing allows Damballa to gain further intelligence regarding subsequent downloads and command-and-control behavior,” the company explained. The new malware analysis capability is included in Failsafe 5.0 at no additional fee and is a simple upgrade for existing customers.