Damballa (company)
From Wikipedia, the free encyclopedia
 |
|
| Type | Corporation |
|---|---|
| Founded | 2006 |
| Founder(s) | Merrick Furst |
| Headquarters | Atlanta, GA, United States of America |
| Key people | Linowes, Steve; Lee, Wenke; Dagon, David |
| Industry | Computer security |
| Products | Botnet detection |
| Website | http://www.damballa.com |
Damballa is a computer security company devoted to disrupting botnets.[1][2] Damballa was founded in Atlanta, Georgia by Merrick Furst, an associate dean and botnet researcher in the Georgia Institute of Technology (Georgia Tech) College of Computing[3]; he was joined by two of Georgia Tech colleagues, Wenke Lee, and David Dagon.[4] It is named after Damballa, a Vodou snake god[5] that protects against zombies, with the implication that Damballa protects against “zombie” computers operating as part of botnets. Two venture capital firms, Sigma Partners and Nora Mosely Partners, and angel investors Imlay Investments, provided it with a combined US$2.5 million in Series A[3] (initial) funding. Furst chose Steve Linowes as CEO soon after founding, with assistance[5] from Imlay Investments. According to its site, Damballa now seeks primarily ISP and corporate clients.[6] They also have had at least one federal agency as a customer.[5] Damballa says they have government customers because of infrastructure security concerns.[4]. In August 2007, Damballa secured $US 6 million in Series B funding .[7]
Damballa was initially reluctant to provide information about itself or agree to interviews until it emerged from its self-imposed dark period in late 2007. However, their general strategy has become clear. Damballa monitors Internet traffic from stations around the Internet in order to attempt to distinguish bot communication. It said that by April 2006, it had detected 13 million computers controlled by botnets.[5] Since the Fall of 2007, Damballa has been a frequent publisher of white papers and has made its staff available to a wide range of reporters. Most of these documents are available from Damballa’s Web site. The company also opened its first public blog late in 2008.
Damballa’s current product offerings rely on the Failsafe appliance, which its marketing materials describe as real-time identification and remediation for bot-oriented targeted attack activity that takes place inside enterprise networks. Damballa claims that Failsafe gains a performance advantage because it does not rely on signatures to identify malware. Instead, it applies a range of analysis technologies to automatically identify communications between botnet controllers and compromised systems, which simplifies and speeds the identification, isolation and remediation of bot-driven attacks. These assertions have been borne out by at least one public case study created by a prominent industry analyst.
In early April 2008 Damballa found itself in conflict with several security vendors, some of whom claimed that Kraken is merely the long-known Bobax worm[1] [2] [3]. Other security vendors, such as ISS and McAfee, have issued releases labeling Kraken as new under the Damballa-created label. [4] [5] Damballa subsequently issued a technical response to these claims on its website [6] and spoke to the media regarding the events[7].
In addition, a Washington Post / Dark Reading write-up on RSA 2008 conference proceedings revealed the startup company was hijacking Kraken botnet control servers. [8] This technique, as Brian Krebs of the Washington Post indicates, represented research at the Georgia Tech Information Security Center (GTISC) pre-dating the company's existence as an entity. [9]
Additional controversy was created by anti-virus (AV) vendor responses to Damballa's claim that Kraken had gone undetected by 80% of computers with AV installed. Subsequent investigation shows that Damballa's claim of Kraken being undetected by over 80% of AV users is based on Gartner AV marketshare data and VirusTotal logs released by the Washington Post. Comparing AV marketshare data with vendor-specific detections shows that in December 2007, 86.4% of computers with AV software installed failed to detect Kraken malware. [10] [11] Related, SANS Internet Storm Center used VirusTotal logs to identify Kraken samples with detections as low as 5/32 AV tools. [12]
[edit] References
- ^ Markoff, John (2007-01-07). "Attack of the Zombie Computers Is Growing Threat". The New York Times. http://www.nytimes.com/2007/01/07/technology/07net.html?em&ex=1168318800&en=79cc489d42f00bc8&ei=5087%0A. Retrieved on 2007-01-07.
- ^ "Company". Damballa, Inc. http://www.damballa.com/. Retrieved on 2007-01-07.
- ^ a b "Startup Aims to Detect and Thwart Botnets". Nerd Twilight. 2006-08-17. http://nerdtwilight.wordpress.com/2006/08/17/startup-aims-to-detect-and-thwart-botnets/. Retrieved on 2007-01-07.
- ^ a b Wilson, Tim (2006-08-15). "Startup to Challenge Botnets". Dark Reading. http://www.darkreading.com/document.asp?doc_id=101498&WT.svl=news1_6. Retrieved on 2007-01-07.
- ^ a b c d Rubner, Justin (April 7, 2006). "Tech spinoff gets $2.5M to go after 'zombies'". Atlanta Business Chronicle. http://www.bizjournals.com/atlanta/stories/2006/04/10/newscolumn1.html?from_rss=1. Retrieved on 2007-01-07.
- ^ "Customers". Damballa, Inc. http://www.damballa.com/customers.html. Retrieved on 2007-01-07.
- ^ "Internet Security Firm Lands $6M in New Financing". WRAL.com. 2007-08-29. http://www.localtechwire.com/business/local_tech_wire/venture/story/1754696/. Retrieved on 2007-09-01.
