Damballa Failsafe is an automated breach defense system that leverages multiple techniques to detect true positive infections, terminate their activity and give responders the ammunition needed to rapidly prevent loss. Failsafe delivers actionable information about known and unknown threats regardless of the infection’s source, entry vector or OS of the device. It arms responders with definitive evidence so they can rapidly prevent loss on high-risk devices while blocking activity on the rest.
Built by leveraging Carbon Black’s open API, the Damballa Failsafe Connector for Carbon Black enables responders to rapidly determine additional attributes of the malicious activity, speeding up infection discovery on other devices, including those not on the enterprise network. Utilizing threat intelligence from both Failsafe and Carbon Black, risk and prioritization can quickly be established, dramatically reducing the time needed to positively identify infected devices, reducing the infection’s dwell time, and improving overall incident response time and security posture.
“To correlate seemingly disparate security events and catch attacks that span both of these layers, security and risk pros must integrate the network and endpoint layers wherever possible, focusing on integrated data analysis and coordinated blocking/remediation,” wrote Rick Holland, Chris Sherman and John Kindervag, in a March 2014 Forrester Research, Inc. report (Holland, Sherman, Kindervag, March 2014).
“Network and endpoint security solutions are typically purchased by different teams within the enterprise, but are increasingly being asked to work together to enhance the value from each, and share intelligence for the greater good,” said Paul Rolfe, VP of Global Alliances and Channels for Damballa. “By integrating with Carbon Black, Damballa is enabling enterprises to truly choose the best-of-breed network and endpoint protection, for organizations looking to improve their security posture and enhance the value received from both technologies.”
“The Failsafe and Carbon Black integration is a force multiplier, bringing together network discovery and investigation with our recorded history of endpoint activity,” said Tom Barsi, vice president of business development for Bit9 + Carbon Black. “Enterprises benefit from a checks and balances system by purchasing from different vendors, but can now also receive shared intelligence across our products, enabling them to coordinate remediation across the enterprise.”