Type Corporation Founded 2006 | Industry Computer security | |
![]() | ||
Key people David Scholtz; Tom Savini; Stephen Newman; Paul Rolfe; Ron Wilson; David Fortune; Julie Preiss Products Advanced Threat Protection Headquarters Atlanta, Georgia, United States Founders Wenke Lee, Merrick Furst, Richard J. Lipton, David Dagon Parent organization Core Security Technologies Profiles |
Damballa is an American computer security company focused on advanced cyber threats such as zero-day attacks and advanced persistent threats (APT). The company’s system uses massive data sets and machine learning to identify malicious activity based on network behavior, content analysis and threat intelligence. The system constantly “trains” on new data, which enables it to detect previously unknown threats.
Contents
Damballa was acquired by Core Security Technologies in July 2016 for $US 9 million, a significant loss on the $US 60 million in funding it had received.
Origins
Damballa was founded in 2006 in Atlanta, Georgia by Merrick Furst, an associate dean in the Georgia Institute of Technology (Georgia Tech) College of Computing; he was joined by two Georgia Tech colleagues, Wenke Lee, and David Dagon. The company is named after Damballa, a Vodou snake god that protects against zombies, with the implication that Damballa protects against “zombie” computers operating as part of botnets. According to its site, Damballa now seeks primarily corporate clients and ISP.
Funding
In April 2014, Damballa secured $US 13 million from its existing investors to grow sales and marketing efforts along with global expansion. Since the company was founded in 2006, Damballa has raised a total of $US 57.5 million in venture capital funding led by the following firms: Sigma Prime Ventures; InterWest Partners; Palomar Ventures; Paladin Capital Group; and, Adams Street Partners. Additional investors include: GRA Venture Fund; Noro-Moseley Partners; and, Imlay Investments.
Offerings
Damballa’s current product offerings are:
Advanced Threat Protection
Damballa's advanced threat protection solution for enterprises, Damballa Failsafe detects successful infections with certainty, terminates their threat activity, and gives incident response the intelligence needed to rapidly prevent data breaches. Damballa Failsafe is able to detection malicious files (malware) and track suspicious behavior over time in the network, delivering actionable information about known and unknown threats regardless of the infection’s source, entry vector or OS of the device. It provides incident responders with definitive evidence so they can rapidly prevent loss on high-risk devices while blocking activity on the rest. It was recommended on the Advanced Threat Protection shortlist buyer's guide for 2015.
ISP Subscriber Protection
Damballa CSP, which is designed for service providers and ISPs, identifies malicious activity originating from subscriber’s devices, whether PC, tablet or mobile. Damballa CSP sits out-of-band inside the service provider’s network and monitors DNS requests (non-PII traffic) from the subscriber’s IP address, which enables it to identify subscriber devices infected with advanced malware.
Patents
In 2013, Damballa was granted its first two patents, related to detecting advanced threats. Patent 8,566,928 describes methods for detecting a first network of compromised computers in a second network of computers, while patent 8,578,497 describes methods for analyzing domain names that are not registered that are collected from an asset in a real network.
In February 2014, the company was granted a third patent, # US20120198549, for its "Method and system for detecting malicious domain names at an upper DNS hierarchy", which describes a methodology for identifying potential malicious domain names used to propagate threats.