Core CSP

Advanced protection for communication service providers and their subscribers


Core CSP (formerly Damballa CSP) is a purpose-built security system that is designed to monitor Internet Service Provider (ISP) and telecommunications subscribers for cyberthreats. This lightweight and scalable service provider solution passively monitors extremely large networks and identifies malicious activity on a subscriber network originating from PC, tablet, and mobile devices.

The Challenge of Protecting Large Networks

ISPs and telecommunications companies must increasingly fend off cyber threats that hijack bandwidth capabilities. These attacks put subscribers at risk of having credentials stolen, falling victim to fraudulent transactions, or having devices commandeered and used for cryptomining, botnets, or other persistent attacks. DDoS attacks, often committed by botnets, are particularly problematic because they consume bandwidth with floods of requests, disrupting normal traffic or crashing the infrastructure entirely. Threat actors use networks to access any number of unsuspecting targets. With more smart devices than ever, subscribers often rely on their service providers to keep them safe from cybercrime.


The challenges of large networks

What Does Core CSP Do? 



Passive Monitoring


Passive Monitoring for
Actionable Information 


Core CSP passively monitors sizeable, service provider scale networks, identifying infections with certainty and providing service providers with insight into the malicious activity originating in their network. Core CSP sits out-of-band inside the service provider’s network, leveraging more than 12 years of historical passive DNS based threat intelligence to monitor DNS requests from subscribers’ IP addresses for the presence of advanced malware.

Get maximum visibility into threat activity, with information like threat names and intents, infected subscribers, malicious DNS queries, and more. Users can also track trends like malicious activity by country, infections over time, or unique threats discovered. With this evidence, service providers can move quickly, notifying subscribers, enabling faster remediation and reducing dwell time.



Maximize Protection


Maximize Subscriber
Protection and Service


By working out-of-band inside the service provider's network, Core CSP won't clog bandwidth or impede network performance, ensuring subscribers still get the fastest service possible. Working out-of-band makes Core CSP undetectable by criminal entities trying to evade detection, allowing you to gain the upper hand by gathering information on their techniques, so you can take both short-term measures to stop them from doing damage and long-term measures to ensure these techniques don't work in the future.

Subscriber experience is also prioritized, with a number of options for how to best notify subscribers of an infection, including email or in-browser. Additionally, Core CSP identifies threats without compromising users’ Personally Identifiable Information (PII). Subscribers can have complete peace of mind with confidence in their security, without feeling like their privacy is being invaded.

Our Threat Intelligence Database

Left Column

190 billion unique
DNS queries daily

20,000 malware
samples daily

Middle Column

88 billion
PDNS domains

14 years data science/
applied machine learning

Right Column

520,000 C&C

1000s of machine learning
behavioral models

Key Features

Identify Compromised Subscribers

Card image cap

Sensors are placed in key locations within your subscriber access network. They listen to passive DNS traffic to pinpoint compromised subscriber IP addresses.

Enrich Core CSP with Integrations


Enrich Core CSP with Integrations


Core CSP allows service providers to streamline their security by integrating with other solutions, like SIEMS, other logging systems, or remediation tools. Organizations have an increasing number of solutions, so enabling centralization through integration allows security analysts to act even faster.

Enterprise Benefits of Core CSP


Enterprise Benefits of Core CSP


With Core CSP identifying infections with certainty, service providers can immediately notify subscribers, reducing exposure to risk, increasing customer goodwill, and providing opportunities for rectification.

Service providers cannot sit back and wait for malware infections to do severe damage. They need a cost effective tool to find the infections.
US FCC Communications Security, Reliability and Interoperability Council (CSRIC)

Find Out More

CTA Text
Get a walkthrough from one of our experts to find out how Core CSP can benefit your organization.