Dynamic signature identification is a key feature at Damballa. With the use of machine learning it creates generic signatures and inspects each packet looking for “patterns of activity” in order to determine which devices a file is communicating with and what looks suspicious, says Stephen Newman, Damballa CTO.

Compromised systems exhibit identifiable behaviors and Damballa’s solution models how these systems communicate. It can determine within hours whether the network or a device on the network has been attacked.

The solution includes a Failsafe Dashboard that employs what Damballa calls a Threat Discovery Center.

Damballa sensors observe traffic and send it on to its behavioral analysis tool. If the risk assessment tool identifies the traffic as a true positive threat the Breach Response team is alerted. The Center has been collecting data since 2006 and using machine learning, it identifies unusual behavior that might indicate an attack.

Pricing Model: Subscription based on the number of devices in the system.

Read our reviews of leading security specialists latest tools: 

⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new

⇒Fortinet provides multi-threat protection through a single device integrated network

⇒IBM Security offers a threat protection solution using both hardware and software integration

⇒Juniper Networks uses static and dynamic inspection to manipulate files to detect malware

⇒Symantec Endpoint Protection shields devices using reputation technology to identify threats

Helpful advice on planning your purchase of IDS and IPS tools:

• How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
• 3 key factors to plan your budget for an intrusion protection system 
• What to watch: IDS and IPS features to consider when comparing different vendors products