Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    Damballa Failsafe Detects, Prioritizes Botnet Infections in Enterprise

    Written by

    Fahmida Y. Rashid
    Published December 10, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Damballa trumpeted the ability to “triage” compromised systems with the latest version of its Failsafe botnet detection appliance.

      Failsafe 4.1, which Damballa officially announced Dec. 8, is “redefining cyber-security’s definition of risk,” said Stephen Newman, the company’s vice president of product management. Organizations generally approach risk as what “will happen if the system is compromised,” when they should be thinking, “what is the impact now that I’ve been compromised?” said Newman.

      Designed to sit behind the corporate firewall, Failsafe detects botnet infections on any system on the corporate network by flagging any attempts by the malware to call home to a command-and-control source for instructions, according to Newman. Malicious DNS queries, suspicious DNS behavior such as domain flux, and the frequency of attempts connecting to the egress or proxy servers are detected, he said.

      “We not only indicate that the asset is infected, we also profile the severity of the compromise relative to the other assets in their network that we have identified as being infected,” said Newman.

      Failsafe doesn’t remove botnet malware on the compromised system, but provides IT managers with the forensic evidence to find and eradicate it, said Newman. The appliance does have a mode where the IT manager can prevent the infected machine from communicating with the rest of the botnet until the security staff gets a chance to resolve the issue.

      The appliance lets the IT administrator analyze the list of infected assets and apply an “Asset Risk Factor” score, to prioritize the seriousness of the infection and the importance of the asset, said Newman. If a computer that no one is using has been compromised, that would have a smaller risk than if the computer belonged to the CEO, for example.

      IT managers assess risk based on seven factors, including on the number of connections attempted, the amount of data it’s sending out or receiving, as well as whether it has multiple infections or not, said Newman.

      It sounds a little cold-hearted to say that administrators should be deciding which assets to remediate first, but according to Newman, that is “the reality of cyber-threats today.”

      “Prevention is not enough. Yes, you still want to be preventive, but it hasn’t been hit yet, so you focus on the ones that have,” Newman said.

      IT managers have a limited staff, and they are tasked to protect the company’s infrastructure, data and brand, said Newman. If they suddenly uncover 100 compromised systems, the staff can’t address the issues all at once, so they have to “perform triage” and decide which ones need to be fixed first and which ones can wait, he said.

      To use a medical analogy, “We already found the sick people and we brought them to the hospital, and now we are helping you figure out who is sick,” Newman said.

      The passive appliance sits on the organization’s network and watches all the traffic to detect and identify all compromised systems, said Newman. The appliance looks at network activity so all devices-laptops, desktops, servers and mobile devices-are monitored, regardless of whether the company knows about them or not.

      Since it is not inline or on the host machines, cyber-criminals are also unaware that Failsafe is monitoring the network. As it watches the mirrored traffic from the router, Failsafe can monitor traffic hitting the DNS, proxy and egress servers, Newman said.

      Failsafe does more than just prioritize assets. The dashboard of the management interface lets IT managers correlate the information into a heat map, showing the number of compromised assets with the severity of the issues, said Newman. The dashboard allows managers to drill down based on “which type of malicious behavior they deem most dangerous,” he said.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.