Damballa updated its CSP appliances to help Internet service providers and telco carriers roll out systems that can monitor and identify infected subscriber devices on their networks.
Damballa updated its cyber-threat monitoring service for
internet service providers and telecommunications providers. The appliances detect
malware infections affecting any device on the CSP (Communications Service
Providers') networks, including PCs, Macs, tablets and smartphones.
Damballa CSP 1.6 passively monitors a carrier's network activity to identify malicious
, the company said May 26. Because it works out-of-line within the
network, criminals trying to evade detection don't even notice the appliances
monitoring their activities, according to the company. ISPs can use the
Damballa service to protect customers from attacks and malware, issue alerts about
possible infections and help remediate systems afterwards.
"We can deliver a light-weight, highly scalable end-to-end
solution that automates detection, correlation and remediation of the
subscriber infection," said Stephen Newman, vice president of product
management for Damballa.
ISPs and telecomm providers are facing pressure to provide
"clean pipes" and to protect customers from various online threats that try
to steal sensitive information, intercept login credentials, commit fraudulent
transactions or remotely control systems for other attacks, according to
Damballa. When subscribers are infected, it increases the cost of operations
for the carriers to identify the source and cause of the problem, according to Jennifer Pigg,
vice president of network research at Yankee Group.
"Network abuse is a primary concern for all carriers today,"
Carriers have to approach security differently than normal
enterprise network administrators, according to Damballa, as performing deep
packet inspection over subscriber traffic is typically not feasible or
permitted. Damballa CSP is an out-of-band appliance that sits inside the
carrier's network and passively monitors DNS (Domain Name Service) requests
from customer IP addresses. By monitoring DNS queries, Damballa CSP can
identify which IP address may be infected with malware.
Damballa CSP 1.6 categorizes suspicious network traffic by
"criminal intent," such as Downloader, Multi-Purpose, DDoS, Information
Stealer and Exploit Kit. Once categorized, the service provides details such
as information about the cyber-criminal behind the attack, known behavioral
patterns, names of variants, observed traits and capabilities.
Carriers are beginning to build out cyber-threat detection
and remediation capabilities to protect their subscribers, according to
Newman. Comcast has been offering a
Constant Guard Bot Detection and Notification service, powered by Damballa CSP
since last year. ISPs and telecommunications providers can deploy an automated
monitoring service based on Damballa CSP that will identify cases of network
abuse caused by infected devices and remove the infection, Newman said. The
service will also be able to detect compromised devices that are carrying out
instructions from a botnet's command-and-control server.
Damballa CSP integrates with a number of other products to
make it easier for carriers in the detection-notification-remediation process.
If the carrier is already using HP's Arcsight
Enterprise Threat and Risk
Management platform for monitoring and managing their security events, the
platform can pull data from Damballa CSP to automate correlation of infected IP
addresses to the actual customer.
Once the data is correlated, PerfTech can generate a
customized notification to the customer to alert them to the infection, provide
instructions and direct them to a security portal for assistance. The Threat
Intelligence data gathered by Damballa CSP 1.6 can also be correlated with
threats that can be remediated using Microsoft Safety Scanner and the Malicious
Software Removal Tool.
are growing as cyber-criminals develop new strains
of malware designed to take advantage of large amounts of sensitive and
personal data increasingly being stored on mobile devices. Other threats
include social networking scams designed to trick users looking at malicious
Websites on a small screen and viruses that send SMS messages to premium
numbers. Users often experience "bill shock" at the end of the month when they
see the sky-high data charges, text messaging costs, and fraudulent
Damballa CSP 1.6 is generally available. Pricing is based on the number of subscribers, according to Damballa.