The document summarizes an integration between Damballa Failsafe and the Blue Coat Security Analytics Platform. It allows organizations to rapidly discover infected devices, analyze threats, and respond quickly. Damballa Failsafe can find hidden infections and prioritize risks, while the Security Analytics Platform provides comprehensive threat intelligence and analysis of network activity to help responders understand attacks. The integration enables information sharing so Failsafe alerts can be investigated further using full packet data from the Security Analytics solution.
1. Security
Empowers
Business
SOLUTION BRIEF
The prevailing security mindset has shifted from preventing infection to assuming compromise. As new advanced
threats continue to circumvent traditional security tools, enterprises are searching for better solutions that
improve visibility and time to respond. Tools that help responders adapt to the evolving threat landscape are in
high demand. Solutions need to rapidly discover, validate, and prioritize assets under a threat actor’s control.
Comprehensive, real-time threat intelligence and advanced forensics are keys to understanding the kill chain of an
attack and improving the overall security posture.
Solution Overview
Damballa Failsafe, a leader in finding hidden infections with certainty,
and the award winning Blue Coat Security Analytics Platform, have
teamed up to provide world class advanced threat discovery and
analytics to enable swift and intelligent incident response.
Together Failsafe and the Security Analytics Platform allow organizations to:
• Discover and Prioritize – Find infections in seconds, minutes, or hours,
not weeks or months. Dynamic risk scoring shows which infections
pose the highest damage potential.
• Analyze and Respond – Comprehensive and conclusive analysis
strengthens security incident response.
Damballa Failsafe is unmatched at finding advanced threats that have
bypassed prevention controls, and in prioritizing their risk.
The Security Analytics Platform extracts and reconstructs all attributes
associated with advanced malware and threats, including source and
destination IPs, as well as every packet, flow, file, and application
detail associated with an attack. The Security Analytics technology
also leverages the Blue Coat Global Intelligence Network – aggregated
threat intelligence from 15,000 customers and 75 million users – and
Blue Coat ThreatBLADES, which provide instant, actionable intelligence
about web, email, or file-based threats. The Security Analytics Platform
provides security professionals clear and concise answers to critical
post-breach security questions, including: Who did this? How? When?
What was accessed? It records and classifies every packet of network
traffic – from Layer 2 through Layer 7 – while indexing and storing the
data to provide comprehensive threat intelligence and post-breach
analytics on any security event.
How it Works
The open, web services REST API in the Security Analytics Platform
enables direct integration to Damballa Failsafe. Failsafe allows first
responders a pivot directly from an infected assets page to full packet-level
detail in the Security Analytics solution. This allows instant visibility
into other relevant activity from infected devices. The Security Analytics
Platform acts like a security camera on the network, to record and index
BLUE COAT TECHNOLOGY PARTNER:
DAMBALLA
Partner: Damballa
Partner Product: Failsafe
Blue Coat Product: Security Analytics Platform
Users Servers Mobile
API
Security Analytics
Appliance
with ThreatBLADES
Global Intelligence
Network
Damballa Failsafe
Tap/Span Tap/Span
1. Damballa Failsafe – Discovers infected devices, suspected devices, and
active C&C domains
2. Damballa Failsafe – Using the Security Analytics API creates lists of
infected assets, suspected assets, and active Command and Control
(C&C) domains
3. Security Analytics – Provides instant visibility into infected assets and
correlated endpoint processes
4. Security Analytics – Enables quick updates to security policies based on
corroborated evidence of an attack