Damballa is a one-of-a-kind solution for computer security breaches
As you read this sentence, could your computer be actively participating in a cybercrime syndicate?
A few years ago, such a question would have been laughable. Today, not so much. Around the world, millions of computers are under the command and control of organized crime – and the owners of these computers don’t have a clue.
The “zombie” machines aren’t just being used for spam. They’re stealing data, sending out communication, and linking to networks of compromised computers, known as botnets.
This emergence of cyber criminal activity has changed the game in computer network security. The rogue hacker seeking to make a statement has been replaced by organized criminals that snatch and sell valuable data from companies – or worse, organizations that seek to disrupt entire economies or cripple national defense.
Enter Damballa Inc., an Atlanta-based company and GRA VentureLab graduate that is mounting the next wave of network security and protection.
Born in the laboratories of Georgia Tech, the technology behind the Damballa solution seeks out abnormalities in how computers communicate with remote sources. Quite often, these abnormalities mean that an outside entity – a “dark hat” – has taken control of the computer and is using it for criminal activity.
“We have never gone into an organization without finding a significant number of compromised computers,” says Val Rahmani, CEO of Damballa. “We have witnessed cyber criminals sending encrypted files from a Fortune 1000 executive’s computer, and at one major company, the chief legal officer’s computer was the most infected of all.”
Rahmani, a former IBM executive, says that contrary to popular belief, the malicious software that constitutes today’s security threat is not placed there to destroy your computer. “Rather, the bad guys want to live on your computer for as long as possible, without being detected,” she said. “Some malware will even get rid of other problems on your machine so it can do its work.”
The anonymous third-party control of an individual computer is only part of the threat equation. A more insidious menace results when hundreds or thousands of individual computers are connected to each other. These botnets work together to harvest financial and security data, which is then resold on the black market.
At the extreme, many fear that such botnets could eventually paralyze a nation – shutting down power grids, sabotaging the water supply, or incapacitating the stock market or financial system. In his 2010 book “Cyber War,” former National Security Advisor Richard Clarke maps out how future wars will be fought in cyberspace, with catastrophic consequences.
To think that sophisticated and devastating criminal activity could begin or advance with the opening of a .pdf attachment seemingly sent by a friend or by clicking on a link posted to Facebook seems absurd. But it’s just that simple.
“The focus of enterprise security so far has been finding ways to keep malware off of machines – to build walls and lock doors – but the criminals still find ways in,” says Rahmani. “Damballa is like the security camera and the alarm system that spots the criminal. We are the only company with a solution looking at the command-and-control activity that represents communication between the infected computer and remote criminal source.”
Damballa Failsafe can also cut off the command-and-control communication before a compromised host computer can communicate back to the criminals who control it. Rahmani says the company’s research team is also developing intricate modeling that helps predict when, where and how criminals will strike next within networks.
“Damballa has a lot of knowledge about these criminals because we exchange information with law enforcement and the Federal government,” she says. “Damballa also works closely with several Internet Service Providers, which share huge volumes of data.”
GRA’s connection to Damballa came at two key points in the company’s development. In its most formative days, Damballa received a grant from GRA VentureLab, the Alliance’s nationally recognized commercialization program, to develop and commercialize the core technology. And in late 2009, the company became the first start-up to receive an investment from the newly minted GRA Venture Fund, LLC, a private investment fund that provides early-stage financing to promising VentureLab graduates.
More on Damballa >
More on GRA Venture Fund, LLC >