Damballa Taps Channel For Advanced Threat Appliances With New Partner Program

The Atlanta-based company takes a different approach to its competitors FireEye, Palo Alto Networks and other firms that claim to detect advanced threats using virtual sandboxing technology to monitor the behavior of suspicious files. Damballa doesn't focus on malware analysis. Instead it attempts to detect and block the line of communications between an infected device and a remote command-and-control server. The firm also adds threat intelligence feeds directly from network sensors deployed at major Internet service providers globally.

Solution providers say Damballa has a lot of potential as businesses take an interest in technologies that detect advanced threats, custom malware designed to evade traditional security technologies. The Damballa Failsafe appliances give businesses actionable intelligence, said Simon Lewis, founder, CEO and principal engineer at San Francisco-based solution provider Dataway.

[Related: Damballa Rolls Out New Partner Program (Video) ]

"If you can catch the reconnaissance activity early on and short circuit it, you can get ahead of the malware problem. So for us, helping our clients detect threats at the earliest stage is essential," Lewis told CRN.

The Damballa Drive Partner Program consists of Elite, Premier and Associate partner levels structured to meet and maintain annual revenue goals, sales and technical certifications. In turn, Damballa will also provide partners with a variety of benefits, incentives and resources to help partners expand market opportunities, accelerate time to market and drive consulting engagements, said Paul Rolfe, vice president of field alliances and channels at Damballa.

Rolfe said the company is appealing to managed service providers, resellers and consultancies to fuel growth. The company can integrate with Splunk and other security information event management systems. It also provides data that can be fed into existing systems for threat prevention.

"We're multiprotocol and can capture all of the traffic coming in and out of the network," Rolfe said. "The partners can build additional services around this technology and not just deploying and forgetting it. There's a lot of opportunity here."

The Damballa partner program includes competitive discounts and incentives and comprehensive sales and technical training, Rolfe said. The rebate program ranges from 1 percent to 2 percent on an annual target. Rolfe said Damballa is also adding margin opportunities for each step of the sales process after registering a deal. The goal is to get partners to participate in the process beyond registering potential deals to engage clients in sales discussion and deployment of the appliances, Rolfe said. Additional discounts reward partners for being fully involved in the sales process, he said.

The company also launched Damballa University, a new online resource that provides curriculum for self-paced training to deploy and maintain the company's appliances. A new partner portal is also being launched to access the company's technical information, threat research and core research team.

Sales engineers that get technical certification under Damballa's program can get a microsensor to conduct a proof-of-concept demonstration with potential customers, Rolfe said. Instead of having to set up a rack-mounted, central management console and rack-mounted sensors at every egress point on a corporate network, the microsensor enables sales engineers to deploy a temporary set-top box to read traffic up to about 100 Mbit/s per second to demonstrate the technology.

Rather than competing against FireEye and other advanced threat detection vendors, some firms are choosing Damballa as a complimentary technology as part of a layer of threat detection capabilities, said Andy Welsh, director of partner alliances at Accuvant. Some evasion techniques can defeat malware behavioral analysis engines. Damballa falls in line with Arbor Networks, Fidelis, Lancope and Sourcefire, now part of Cisco Systems, which inspect network traffic for indication of botnet activity, according to Gartner. The key to successfully deploying the technologies is having skilled pros do the necessary fine-tuning to avoid false positives and the incident response team necessary to identify and contain infected systems, Welsh said.

"Damballa was slower to get adopted than many of the other vendors, but from a technology perspective, they have a good product, and in a lot of ways, it certainly is complimentary to FireEye," Welsh told CRN. "FireEye may have had a wonderful IPO, but Damballa has a credible story to tell."

PUBLISHED NOV. 11, 2013