Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    Damballa Failsafe Detects, Prioritizes Botnet Infections in Enterprise

    By
    Fahmida Y. Rashid
    -
    December 10, 2010
    Share
    Facebook
    Twitter
    Linkedin

      Damballa trumpeted the ability to “triage” compromised systems with the latest version of its Failsafe botnet detection appliance.

      Failsafe 4.1, which Damballa officially announced Dec. 8, is “redefining cyber-security’s definition of risk,” said Stephen Newman, the company’s vice president of product management. Organizations generally approach risk as what “will happen if the system is compromised,” when they should be thinking, “what is the impact now that I’ve been compromised?” said Newman.

      Designed to sit behind the corporate firewall, Failsafe detects botnet infections on any system on the corporate network by flagging any attempts by the malware to call home to a command-and-control source for instructions, according to Newman. Malicious DNS queries, suspicious DNS behavior such as domain flux, and the frequency of attempts connecting to the egress or proxy servers are detected, he said.

      “We not only indicate that the asset is infected, we also profile the severity of the compromise relative to the other assets in their network that we have identified as being infected,” said Newman.

      Failsafe doesn’t remove botnet malware on the compromised system, but provides IT managers with the forensic evidence to find and eradicate it, said Newman. The appliance does have a mode where the IT manager can prevent the infected machine from communicating with the rest of the botnet until the security staff gets a chance to resolve the issue.

      The appliance lets the IT administrator analyze the list of infected assets and apply an “Asset Risk Factor” score, to prioritize the seriousness of the infection and the importance of the asset, said Newman. If a computer that no one is using has been compromised, that would have a smaller risk than if the computer belonged to the CEO, for example.

      IT managers assess risk based on seven factors, including on the number of connections attempted, the amount of data it’s sending out or receiving, as well as whether it has multiple infections or not, said Newman.

      It sounds a little cold-hearted to say that administrators should be deciding which assets to remediate first, but according to Newman, that is “the reality of cyber-threats today.”

      “Prevention is not enough. Yes, you still want to be preventive, but it hasn’t been hit yet, so you focus on the ones that have,” Newman said.

      IT managers have a limited staff, and they are tasked to protect the company’s infrastructure, data and brand, said Newman. If they suddenly uncover 100 compromised systems, the staff can’t address the issues all at once, so they have to “perform triage” and decide which ones need to be fixed first and which ones can wait, he said.

      To use a medical analogy, “We already found the sick people and we brought them to the hospital, and now we are helping you figure out who is sick,” Newman said.

      The passive appliance sits on the organization’s network and watches all the traffic to detect and identify all compromised systems, said Newman. The appliance looks at network activity so all devices-laptops, desktops, servers and mobile devices-are monitored, regardless of whether the company knows about them or not.

      Since it is not inline or on the host machines, cyber-criminals are also unaware that Failsafe is monitoring the network. As it watches the mirrored traffic from the router, Failsafe can monitor traffic hitting the DNS, proxy and egress servers, Newman said.

      Failsafe does more than just prioritize assets. The dashboard of the management interface lets IT managers correlate the information into a heat map, showing the number of compromised assets with the severity of the issues, said Newman. The dashboard allows managers to drill down based on “which type of malicious behavior they deem most dangerous,” he said.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×