ATLANTA--(Damballa Inc., the recognized experts in advanced threat protection, today announced the availability of a whitepaper authored by information security research and advisory firm Securosis entitled, “Network-based Threat Intelligence: Searching for the Smoking Gun.” The independent report explores the challenges of identifying malicious activity in the enterprise and how a network-based approach to threat detection can provide immediate and measurable benefits.)--
“Signature and blacklist-based approaches rely on seeing the malware. Only network behavior can expose the difference between legitimate user traffic and criminal communication, enabling enterprise security teams to rapidly discover hidden threats and terminate the breach before it can do real harm.”
According to Securosis, “Attackers try to hide in plain sight and obscure their communications within tens of billions of legitimate packets traversing enterprise networks. But they always leave a trail or evidence. Network-based threat intelligence is all about using information gleaned from network traffic to determine which devices are compromised.”
“Prevention technologies are not adequately addressing today’s advanced threats,” said David Holmes, vice president of marketing for Damballa. “Signature and blacklist-based approaches rely on seeing the malware. Only network behavior can expose the difference between legitimate user traffic and criminal communication, enabling enterprise security teams to rapidly discover hidden threats and terminate the breach before it can do real harm.”
This whitepaper explores the network-based indicators of advanced attacks and shares tactics to leverage them for quick identification of compromised devices. The paper addresses the Who, What, Where, When and How of network-based threat intelligence.
The whitepaper is available here: http://goo.gl/WxNdJ
About Damballa - Damballa automates the discovery of an organization’s highest risk devices under criminal control. As the experts in advanced threat protection, Damballa discovers and analyzes evidence of malicious network traffic in real time, profiling the criminal actors and rapidly identifying the compromised devices that represent the biggest risk. Our patent-pending solutions automatically detect and terminate criminal activity, stopping data theft and providing the forensics needed to expedite incident response and remediation. Damballa protects any type of server or endpoint device including PCs, Macs, Unix, iOS, Android and embedded systems across corporate, ISP and telco networks. Damballa protects more than 300 million endpoints globally at mid-size and large enterprises in every major market, and for some of the largest ISP and telecommunications providers in the world. http://www.damballa.com.