Lancope StealthWatch Extends Botnet Detection with Damballa Failsafe Integration

Leading Network Behavior Analysis System Will Help Customers Respond Quickly
and Accurately to Bot-driven Attacks

ATLANTA and SAN FRANCISCO, April 20 /PRNewswire/ -- (RSA Conference 2009), 
Lancope(R), Inc., the provider of StealthWatch(R), the Best in NetFlow
Analysis (http://www.lancope.com/news/08052008.aspx) and the most widely used
network behavior analysis (NBA) and response system, today announced
StealthWatch integration with Damballa, Inc.'s Failsafe appliances. The
integration will enable StealthWatch to identify and protect against
bot-driven targeted attack activity inside enterprise networks. 

Damballa's Failsafe technology rapidly isolates the Command-and-Control (CnC)
communications needed to launch botnet attacks. Damballa is the only security
vendor who can track this rallying activity in real-time, regardless of port
or protocol. Based on Damballa's real-world experience, at least 3% to 5% of
enterprise assets are already compromised with botnet malware. As a result of
the integration with Damballa's Failsafe, StealthWatch customers will gain
immediate and unprecedented visibility into compromised enterprise assets and
actual botnet and targeted attack activity on the network. 

During the first phase of integration, Failsafe will feed StealthWatch the IP
addresses of CnC hosts on the Internet that are seen communicating with
internal IP addresses. StealthWatch will use the information to send immediate
alerts when an internal host attempts subsequent communication with one of
these external CnC host IP addresses. StealthWatch will not only provide
alerting and complete visibility of all egress CnC communications, but will
provide the user with the ability to research and pinpoint extremely relevant
internal communication patterns.  For example, once an internal host is known
to be communicating with a CnC host on the Internet, StealthWatch could be
used to easily identify communications from that infected host to servers
housing sensitive financial data or other network locations where private data
resides creating a rich contextual picture of the compromise and its
associated risk. CnC host communications and alerts will be visible from the
StealthWatch Management Console. 

"It is undeniable that enterprise computing assets are being compromised by
bots, even in the presence of layered security technology, however, with a
growing consensus and understanding of the problem, the ability to quantify
and isolate the threat with traditional security technologies has been
extremely limited," said Harland LaVigne, president and CEO of Lancope.
"Lancope's consistent emphasis on network visibility paired with Damballa's
unique ability to spot botnet communications on critical internal assets
allows our customers the ability to not only identify bot-compromised systems,
but to determine the severity and intent of suspicious activity, and disrupt
active attacks." 

"Botnets are indisputably the new platform for crime on the Internet," said
Steve Linowes, CEO of Damballa. "By integrating Failsafe with StealthWatch,
customers will receive a superior level of insight into bot-driven targeted
attacks infiltrating enterprise networks to steal critical company resources.
Failsafe provides unmatched understanding of targeted attacks, associated
malware, bots, and criminal Command-and-Control infrastructure to track the
type of compromise, when it happened, and how extensive the damage might be.
It's an ideal complement to StealthWatch analysis of risky network behavior."

For more information, visit Lancope in Blue Coat booth #1751 during the RSA
Conference 2009.

About Damballa, Inc. 

Damballa protects businesses from bot-driven targeted attacks used for
organized, online crime by using the Internet cloud to identify and isolate
threats that evade other technologies. Our unique, global approach monitors
the Command-and-Control that coordinates botnet attacks to rapidly identify
compromised systems and enable immediate control of malicious activity. Global
1000 corporations, large Internet service providers, OEM partners and
government agencies use Damballa's signatureless solutions and
industry-leading research to reinforce existing security infrastructure and
stop hidden Internet attacks. The result is dramatically improved security
both inside and outside the network perimeter. Damballa is privately held and
headquartered in Atlanta, Georgia. For more information, visit
www.damballa.com. 

About Lancope

Lancope(R), Inc. is the provider of the StealthWatch(R) System, the most
widely used network behavior analysis (NBA) solution combines flow-based
anomaly detection and network performance monitoring. Delivering unified
visibility across physical and virtual networks, StealthWatch eliminates
network blind spots and reduces total network and security management costs.
StealthWatch streamlines security, network and virtual monitoring into one
process, reduces time and resources, and eliminates the costs and complexity
associated with non-integrated point products. Both OPSEC and Common
Criteria-certified, StealthWatch received the 2008 and 2007 Global Excellence
Award in NBA. Defending the networks of Global 2000 organizations, academic
institutions and government entities, StealthWatch protects hundreds of
enterprise customers worldwide, more than all direct competitors combined.
Lancope also partners with fellow best-of-breed solution providers through its
Technology Alliance Program, which includes Cisco Systems, Brocade, Blue Coat,
VMware, IBM Tivoli, Check Point, TippingPoint, ArcSight and A10 Networks. 
Lancope is a privately held, venture-backed company headquartered in Atlanta,
Georgia. For more information, visit www.lancope.com. 

(C)2009 Lancope, Inc. All rights reserved. Lancope, StealthWatch, and other
trademarks are registered or unregistered trademarks of Lancope, Inc. All
other trademarks are properties of their respective owners. StealthWatch is
covered by U.S. Patent Nos. 7,290,283; 7,185,368; 7,475,426 and other U.S. and
foreign patents pending.


SOURCE  Lancope, Inc.

Alicia Beuke of Lancope Inc., +1-770-225-3128, abeuke@lancope.com; Ashley
Vandiver of Damballa, Inc., Office: +1-404-961-7404, Mobile: +1-404-432-8657,
ashleyv@damballa.com