Does anyone have any experience with Damballa (damballa.com)? Damballa thinks it has an answer to help enterprises gain visibility into cyber-attacks, even as such attacks become increasingly sophisticated, stealthy, and evasive. One distinction it offers is "behavior analysis". Unlike "sandboxing", this feature "watches" the behavior of a suspicious file in place and flags the file if it initiates threatening action. Would be good to know if anyone has some positive experience with the solution.