Damballa reduces ‘time to containment’

Damballa has announced general availability of Damballa Failsafe 5.2 for enterprises, which provides increased visibility into advanced threats, and reduces the time to containment and remediation - stopping active infections from becoming incidents or breaches.

  • Thursday, 21st November 2013 Posted 11 years ago in by Phil Alsop

Damballa Failsafe provides enterprises with actionable intelligence to act efficiently and decisively to find, contain and respond to all of the active infections in your network, prevent breaches and eliminating risk from advanced threats. The latest version of Failsafe expands Damballa’s detection capabilities to include Android APK Sandboxing & Proxy Domain Fluxing Detection, making it one of the first to market with Android support.
Failsafe now also delivers deep level Splunk and SIEM integrations. It also provides executive, security management and incident-responder level reporting, offering organizations unprecedented visibility into their current advanced threat posture. New reports offer visibility into key metrics such as remediation success, hibernating infections, and devices most frequently re-infected.


“Reducing containment and remediation time for advanced threats requires breaking down of security silos and enabling your incident response team to quickly gain visibility into the current state of your environment,” said Brian Foster, CTO of Damballa. “By expanding our threat detection capabilities and expanding the ecosystem of providers with which we can share and correlate data, we continue to help our customers gain the visibility, confidence and actionable intelligence they need to respond decisively to active threats.”


Failsafe SIEM enhancements enable rapid response workflow with industry leading SIEM solutions, including HP ArcSight, RSA enVision and NetWitness, IBM Security QRadar and Splunk for Enterprise security. New functionality enables:
• Simple Detection Validation: gives you the confidence and actionable intelligence to respond decisively to stop the losses from proven and active threats in your network
• Prioritized Response: Device knowledge, including status of device and user, and location, enables rapid pivoting from discovery to response
• Containment Actions, through the ability to block C&C destinations and quarantine infected device