Do you Damballa?

Does anyone have any experience with Damballa (damballa.com)?  Damballa thinks it has an answer to help enterprises gain visibility into cyber-attacks, even as such attacks become increasingly sophisticated, stealthy, and evasive.  One distinction it offers is "behavior analysis".  Unlike "sandboxing", this feature "watches" the behavior of a suspicious file in place and flags the file if it initiates threatening action.  Would be good to know if anyone has some positive experience with the solution.

Rate this article: 
No votes yet

There is 1 Comment

There is a current hypothesis that says "all attacks are attended with *abnormal* activity". In the old days people would propose various means of *anomaly* detection that required users to write rules (maybe heuritic) or do some sort of trainng. Now various vendors (Thetaray, Verizon, Darktrace) are claiming that they can do zero configuration learning of what *normal* behaviour is. Tough to verify. The real point is that by the time you detect a problem is it already too late? Can we rely on detection alone or do we have to ensure robust response and recovery?