Core CSP

Advanced protection for communication service providers and their subscribers


Core CSP (formerly Damballa CSP) is a purpose-built security system that is designed to monitor Internet Service Provider (ISP) and telecommunications subscribers for cyberthreats. This lightweight and scalable service provider solution passively monitors extremely large networks and identifies malicious activity on a subscriber network originating from PC, tablet, and mobile devices.

The Challenge of Protecting Large Networks

ISPs and telecommunications companies must increasingly fend off cyber threats that hijack bandwidth capabilities. These attacks put subscribers at risk of having credentials stolen, falling victim to fraudulent transactions, or having devices commandeered and used for cryptomining, botnets, or other persistent attacks. DDoS attacks, often committed by botnets, are particularly problematic because they consume bandwidth with floods of requests, disrupting normal traffic or crashing the infrastructure entirely. Threat actors use networks to access any number of unsuspecting targets. With more smart devices than ever, subscribers often rely on their service providers to keep them safe from cybercrime.


The challenges of large networks

What Does Core CSP Do? 



Passive Monitoring


Passive Monitoring for Actionable Information 


Core CSP passively monitors sizeable, service provider scale networks, identifying infections with certainty and providing service providers with insight into the malicious activity originating in their network. Core CSP sits out-of-band inside the service provider’s network, leveraging more than 12 years of historical passive DNS based threat intelligence to monitor DNS requests from subscribers’ IP addresses for the presence of advanced malware.

Get maximum visibility into threat activity, with information like threat names and intents, infected subscribers, malicious DNS queries, and more. Users can also track trends like malicious activity by country, infections over time, or unique threats discovered. With this evidence, service providers can move quickly, notifying subscribers, enabling faster remediation and reducing dwell time.



Maximize Protection


Maximize Subscriber Protection and Service


By working out-of-band inside the service provider's network, Core CSP won't clog bandwidth or impede network performance, ensuring subscribers still get the fastest service possible. Working out-of-band makes Core CSP undetectable by criminal entities trying to evade detection, allowing you to gain the upper hand by gathering information on their techniques, so you can take both short-term measures to stop them from doing damage and long-term measures to ensure these techniques don't work in the future.

Subscriber experience is also prioritized, with a number of options for how to best notify subscribers of an infection, including email or in-browser. Additionally, Core CSP identifies threats without compromising users’ Personally Identifiable Information (PII). Subscribers can have complete peace of mind with confidence in their security, without feeling like their privacy is being invaded.

Key Features

Identify Compromised Subscribers

Card image cap

Sensors are placed in key locations within your subscriber access network. They listen to passive DNS traffic to pinpoint compromised subscriber IP addresses.

Enrich Core CSP with Integrations


Enrich Core CSP with Integrations


Core CSP allows service providers to streamline their security by integrating with other solutions, like SIEMS, other logging systems, or remediation tools. Organizations have an increasing number of solutions, so enabling centralization through integration allows security analysts to act even faster.

Enterprise Benefits of Core CSP


Enterprise Benefits of Core CSP


Core CSP does more than protect your bandwidth and reduce the risk of damage to your subscribers’ devices and sensitive information. It reduces the risk of poor customer relationships, a damaged reputation, and the loss of subscribers. It also prevents the need for a drastic increase in cost of both time and money that arises when having to investigate the numerous inquiries launched into allegations of fraudulent data and SMS usage charges due to excessive traffic from malicious infections. With Core CSP identifying infections with certainty, service providers can immediately notify subscribers, reducing exposure to risk, increasing customer goodwill, and providing opportunities for rectification.

Find Out More

CTA Text
Get a walkthrough from one of our experts to find out how Core CSP can benefit your organization.