Damballa Enhances Cyber Threat Protection for Telecommunications and Internet Service Providers

Damballa Inc., the company transforming the fight against cyber threats, today announced general availability of Damballa® CSP 1.7, the only commercially-available cyber threat solution for Internet service providers (ISPs) and telecommunications providers that detects subscriber malware infections by monitoring DNS traffic in the carrier’s network. This version of Damballa CSP incorporates first-ever detection capabilities and support for IPV6.

“Service providers are facing increasing pressure to provide ‘clean pipes’ and to protect their subscribers from cyber crime that threatens to steal customer credentials, commit fraudulent transactions, or commandeer the subscriber device to launch DDoS or other cyber attacks,” said Kirk Appelman, vice president, service provider solutions for Damballa. “Damballa is actively involved in industry-wide efforts to address this issue, including participating in developing the U.S. Anti-Bot Code of Conduct.”

“Cyber fraud and information theft stemming from botnet activity within Internet and mobile service provider networks are proliferating, and Damballa is leading the industry in early warning capabilities,” said Appelman. “Damballa is the only ‘out-of-the-box’ solution capable of detecting subscriber infections and threats by monitoring DNS traffic. Damballa CSP customers include some of the largest ISP and mobile network providers in the world.”

By monitoring a carrier’s DNS traffic as a means to detect criminal behavior, Damballa CSP represents a lightweight solution that can protect millions of subscribers with a single appliance while posing no risk of exposing any personally identifiable information (PII). Damballa CSP identifies cyber threat activity on any type of subscriber device including PC, Mac, iPad, iPhone, Android and all mobile and smartphone platforms.

Damballa CSP 1.7 offers important new threat detection capabilities, which help communication service providers (CSPs) detect emerging cyber threats weeks or months before the malware samples are first seen by the rest of the security industry and long before traditional preventative security solutions will have the signatures or blacklists they would need to detect the infection. With this latest release, Damballa has added enhanced detection and termination capabilities to combat the ever-advancing evasion techniques cyber criminals employ.

• Support for IPV6: As cyber criminals turn to new frontiers for infection, Damballa is leading the industry with detection for IPV6-based threats and full support for AAAA records.
• Domain Fluxing: A first-ever detection capability for CSPs. Now threats, such as the Mac-based malware Flashback, and information stealing threats, like Murofet, that utilize Domain Generation Algorithms (DGA) to evade detection and hide the criminal’s command-and-control infrastructure, can be detected due to their domain fluxing behavior. The ability to analyze behavioral characteristics, such as domain fluxing, enables Damballa CSP to detect active subscriber infections despite the malware’s attempts to evade detection, and without having seen or analyzed the malware previously.
• Policy and Termination: As service providers continue to strive for clean pipes, Damballa CSP allows them to set customized policies to terminate malicious activity initiated by compromised endpoints attempting to communicate with criminal command-and-control entities.

With mounting consumer and government pressure to fight cyber crime and develop an industry mitigation standard, representatives from the FCC and leading ISPs jointly developed a voluntary code of conduct, which provides a framework to help service providers address these threats and ultimately protect U.S. consumers. Gunter Ollmann, vice president of research for Damballa, is a member of the CSRIC Working Group 7, which developed the U.S. Anti-Bot Code of Conduct.

Damballa recently hosted a webcast titled “The Impact of CSRIC’s 'US Anti-Bot Code of Conduct' – Detecting Botnets in Service Provider Networks,” featuring Heavy Reading Analyst, Patrick Donegan, and Ollmann. To learn about effective approaches several large providers have used that have proven effective in meeting the requirements of the new Code of Conduct, view the webcast here http://www.lightreading.com/webinar_archives.asp.

About Damballa - Damballa is a leading provider of advanced threat protection solutions for corporate, telecommunications and Internet service provider networks. Damballa provides the only network security solution that detects both criminal command-and-control (C&C) behaviors and inbound malware; automatically correlating all evidence of criminal behavior to uncover hidden infections and terminate the criminal activity. Patent-pending solutions from Damballa protect networks with any type of server or endpoint device including PCs, Macs, Unix, smartphones, mobile and embedded systems. Protecting over 125 million endpoints worldwide Damballa customers include mid-size and large enterprises in every major market. http://www.damballa.com