Damballa's Failsafe 3.0 appliance, which starts at US$100,000 for 10,000 nodes, is designed to sit behind the corporate firewall to detect botnet infections on desktops and servers within the enterprise by noticing if the botnet code attempts to call out to a command-and-control source for instructions.

Failsafe 3.0 works similarly to the previous version except that Damballa is switching from a service-based model where botnet-detection analysis was done at the security firm in favor of supplying its enterprise customers with a management console that can carry out this analysis on-site.

Damballa's vice president of product management and marketing, Bill Guerry, says this was done to satisfy customers that wanted tighter control over what is seen as sensitive information.

Dambala says it has 10 customers that use Failsafe, including Procter & Gamble, and that 3% to 5% of enterprise desktops and servers, primarily those which are Windows-based, are apt to be infected with botnet code.

"To us, botnets are targeted attacks by remote-access Trojans," Guerry says, adding that botnets are primarily designed to steal data on behalf of organized crime. Failsafe doesn't eradicate botnet malware after detecting signs of it, but will give network managers the forensic evidence to find and eradicate it on an infected machine, Guerry says.