Damballa CSP sits out-of-band inside the service provider's network and monitors DNS requests (non-PII traffic) from the subscriber's IP address.
By monitoring DNS query behavior, Damballa CSP can identify which subscriber's are infected with advanced malware. The relatively light traffic that results from DNS protocol enables Damballa CSP to passively monitor extremely large networks with minimal hardware requirements, making deployment simple. Further, by working out-of-line inside the service provider's network, Damballa CSP won't impede network performance and remains undetectable by the criminal entities trying to evade detection.