Comodo recognizing the importance of enterprise endpoint security has developed a number of products to stop attacks propagating through a network. Comodo Advanced Endpoint Security or protection (AEP) is a mashup of multiple security technologies wrapped into one unified package. AEP unifies Comodo Client with Comodo IT and Security Manager (ITSM) and Comodo Valkyrie to create a security platform applicable to enterprises of any size.
Advanced EndPoint Security ITSM
Comodo ITSM is the central point for Comodo’s various security products. It is a browser-based portal which is also a subset of the Comodo One portal. The Comodo One Dashboard is customizable, allowing administrators to bring most critical elements to the primary view. The primary dashboard supports a variety of widgets, which relate to the functions that an administrator can perform.
Comodo One also bundles in other capabilities, such as the help request (help tickets) management, SLA tracking, and so forth. Deploying protection to endpoints is straightforward. Administrators can use the “add new device” wizard as a quick way to get started. Alternatively, administrators can download an install package and then deploy that using policies or scripts. Either way, enrolling an endpoint proves to be quick and easy, and that is worth noting because many malware infestations occur simply because an endpoint is not properly protected.
Advanced EndPoint Security Client
The Comodo Client is an endpoint-installed client application which provides protection for the endpoint, while also providing the hooks for the management of the endpoint via ITSM. In addition, it communicates with Comodo’s cloud-based analysis platform, Valkyrie.
Some Features of Comodo Client
- Antivirus: Integrated antivirus engine designed to automatically detect and eliminate viruses, worms, and other malware
- Firewall: Fully configurable packet filtering firewall that is designed to constantly defend endpoints from inbound and outbound Internet attacks
- Advanced Protection: An integrated assemblage of prevention-based security technologies designed to preserve the integrity, security, and privacy of the endpoint and user data
The client can be pushed down to endpoints by registering endpoints in ITSM and following the instructions provided.
Advanced EndPoint Security Valkyrie
A significant part of the AEP solution, Comodo Valkyrie is a cloud-based component that brings an instantiations file check into the mix. This goes well beyond what the typical signature-based checking for malware accomplishes.
Valkyrie works using an online file verdict system, which tests unknown files with a range of static and behavioral checks in order to identify those that are malicious. Because Valkyrie analyzes the entire run-time behavior of a file, it is more effective at detecting zero-day threats missed by the signature-based detection systems of classic antivirus products.
Some of the technologies which Valkyrie incorporates are:
- Static Analysis: Extraction and analysis of various binary features and static behavioral inferences of an executable are performed on API headers, referred DLLs, PE sections and other resources. Deviations from expected results are recorded in the static analysis results, and the solution generates a verdict on the file.
- Dynamic Analysis: Works by studying the run-time behavior of a file to identify malware patterns that cannot be identified through static analysis
- Valkyrie Plugins and Embedded Detectors: Valkyrie incorporates different malware analysis techniques developed by various communities and educational institutions and makes them available via RESTful Web Services. Results are incorporated into a final overall verdict.
- Embedded Detectors: Valkyrie uses new methods of malware detection developed by Comodo AV laboratory to compute an overall final verdict on a file.
