Automatic Breach Detection & Defense

Automatic Breach Detection & Defense

Damballa LogoAs a leader in automated breach defense, Damballa delivers advanced threat protection and containment for active threats that bypass all security prevention layers. Damballa rapidly discovers infections with certainty, pinpointing the compromised devices that represent the highest risk to a business, and enabling prioritized response and refocusing of security experts to the areas of greatest risk to an enterprise.

Whatever your defenses, data breaches are more common and potentially more harmful than ever. Fast, thorough breach detection is vital to ensuring the confidentiality and integrity of information assets. Damballa Failsafe is an automatic breach defense system that detects APTs and advanced malware infections with certainty, terminates their activity and gives responders the ammunition needed to rapidly prevent loss.

Patented solutions leverage Big Data from one-third of the worlds Internet traffic, combined with machine learning, to automatically discover and terminate criminal activity, stop data theft, minimize business disruption, and reduce the time to response and remediation. Damballa protects more than 400 million endpoints globally - any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems - at enterprises in every major market and for the world's largest ISP and telecommunications providers. Click the Damballa logo to visit

Damballa FailSafe - Video Overview

This quick video highlights the key attributes of the Damballa Failsafe approach.

Damballa Failsafe - Key Features

Detects malware and Advanced Persistent Threats (APTs)

  • Failsafe does not depend on signatures or sandboxing at perimeter, with no requirement to observe malware traversing the network - including "customized" malware, with unknown signatures
  • FailSafe detects infected machines, by malware behaviour and traffic - on any device, on any operating system

Appliance-based solution, deployed inside network perimeter

  • Monitors network egress, DNS & proxy traffic from clients, to identify typical malware behaviour and traffic
  • FailSafe works when traffic is encrypted - no need to inspect packets, or decrypt payloads

Failsafe presents an evidence-based case that a machine is infected, to prioritize remediation efforts

  • Prioritizes cases by asset "value" and risk, based on malware type, origin and observed activity
  • Collects logs & traffic as forensic evidence, to reduce False Positives, and enable fast, effective responses

For details, resources and more, visit


Deploy Failsafe Quickly - Empowered Can Help

Empowered can rapidly deploy a Failsafe appliance – in less than an hour, with minimal configuration – to contain and respond to a breach in progress, to verify what your existing security tools don’t catch, or as a proof-of-concept demonstration.  Each appliance is completely sanitized before implementation, and before removal from secure environments. Our unique skills and real world experience in network and security monitoring, forensics and loss prevention are always available to assist with system design, deployment and ongoing analysis, to help our customers get the full value of their investments in Damballa's advanced solutions.



Business Moves Fast – Agility is Everything