Damballa’s Non-Signature based Approach to Cyber-Security Gains Momentum
It is conventional wisdom among the information security industry that the real threat to today’s network security isn’t a malicious computer virus created by a lone hacker in search of notoriety or Internet credibility. The world’s assets—both financial and intellectual—are increasingly online and exposed to attacks by malware and botnets that can go undetected for months, a fact not overlooked by modern cyber-criminals. These hackers are often part of organized criminal syndicates with vast resources that can be directed to stealing corporate funds and intellectual property. In 2011 alone, cyber crime was responsible for some $114 billion globally in direct financial losses, according to a report by Norton, a leading consumer antivirus software manufacturer.
In 2005, two researchers from the Georgia Institute of Technology, Drs. Merrick Furst and Wenke Lee, saw that the solution to the new cyber-security threat was to turn the problem on its head and watch not for “signatures,” the approach taken by most traditional anti-virus software, but instead scan for the electronic communications necessary to enable command-and-control (C&C) operations. The result was Atlanta-based Damballa, a company that seven years later is at the forefront of cyber security, with 70 full time employees.
“What we do is, we solve the kind of critical security problems that find a way around every other security solution out there,” said Damballa CEO Val Rahmani. “And we have a completely unique approach that is very different from the way everybody else attacks the problem, which is why we can solve things that no one else can.”
The explosion of mobile devices such as iPhones, Androids, Blackberries and tablets has only increased the number of potential targets for cyber-criminals and has served to overwhelm frustrated corporate network administrators. But Damballa’s technology works for any device.
“What sets us apart is we don’t care what your device is,” Rahmani said. “It makes no difference to us.”
By watching for network communications that resemble malicious C&C operations, Damballa’s patent-pending solution doesn’t need to search individual devices for infections. It doesn’t even need to be installed on those devices, an advantage not shared by other cyber-security solutions. As a result, Damballa’s customers are primarily enterprise networks and Internet service providers.
For enterprise networks, Damballa’s vigilant eyes watch for C&C communications, quickly shutting them down once identified. Additionally, the firm’s Damballa® FailSafe detects and analyzes suspicious executables and PDFs as they enter the network. Working in tandem, the solution provides network administrators solid forensic evidence and a complete playback of the sequence of events, providing accurate intelligence so that a security breach may be fixed quickly.
Businesses are generally reluctant to reveal security vendor solutions deployed on their networks for fear of attracting unwanted attention from cyber-criminals. In a rare public testimonial and a testament of the caliber of Damballa’s solution, Raymond James Financial, a Florida-based financial planning firm and Damballa customer, revealed in an April 2011 Wall Street & Technology article that it conducted a 13-week head-to-head test of possible security solutions and chose Damballa for its efficacy and cost-effectiveness.
For all the emphasis on enterprise security, the average home Internet user isn’t safe either and Damballa aims to protect them.
“We protect employees and companies,” Rahmani said, “but we also protect consumers who connect through telcos and service providers who work with us.”
Comcast is one Internet service provider offering Damballa’s security solutions to its customers, according to Rahmani. The technology is part of a suite of security solutions Comcast provides its residential subscribers.
“Increasingly, regulations and guidelines are coming in from a variety of sources signaling a real need for service providers to take responsibility and help their subscribers. And certainly, in this area, Comcast is really leading the way by saying, ‘Here’s how to do it.’”
The past year was been a good one for Damballa. In 2011, the company doubled its revenue, won awards and expanded its reach; it now protects more than 125 million individual devices.
But Damballa isn’t planning on resting on its laurels.
“We’ll continue to evolve our product and make it better and better to link in to what these companies already provide,” she said. “I think we’ll see a lot of growth.”
Rahmani joined Damballa after serving as General Manager of IBM’s Internet Security Systems (ISS) division where she was responsible for the strategic direction, growth and integration of all ISS products, services and research into IBM’s overall security offerings. She was born in the United Kingdom and holds a Master of Arts and Doctor of Philosophy from Oxford University.
She is also a member of the British aerobatics team, Rahmani revealed, piloting small planes through barrel rolls, flips and other “weird” maneuvers, often in air shows.
“I do crazy things in a plane,” she said, a welcome chance to shift her mental gears and blow off steam.