The Unique Solution
Introducing Valkyrie, Comodo's cloud-based, crowd-sourced threat intelligence and verdict-driven analysis platform that fully implements a Default Deny architecture and security posture.
For the first time, organizations can totally eliminate the window of threat exposure and achieve a “Zero Patient Zero” condition.
AEP Takes File Analysis to the Cloud
Valkyrie, Comodo’s cloud-based file analysis tool, correlates the local view of the file’s activity with a global view. This avoids false positives and false negatives while providing an accelerated verdict to identify malware at the endpoint. The result is that unknown files stay in containment for the shortest time of any containment solution on the market and are usable while in containment. Valkyrie combines static, dynamic and human expert analysis with machine learning techniques to deliver a verdict on more than 95% of the unknown files it sees in less than 45 seconds. Files needing more in-depth analysis will undergo human analysis by security experts within Comodo’s Threat Research Labs (CTRL)
Participation Increases Coverage and Visibility
With over 73 billion file queries and 300 million unique unknown files submitted annually, Valkyrie provides a verdict for over 200 million known and 1 million unique, unknown files each day, generating a huge knowledge base to allow for extensive file verdiction, which speeds up decision time and reduces compute resources.
Now, the malware problem can be declared “solved,” and there is no longer a “patient zero.” Comodo’s Default Deny platform incorporating Valkyrie ensures that there are no unknown files able to inflict damage on unsuspecting users while allowing maximum usability. The result is guaranteed protection without loss of time, money or user productivity.
Fast verdicts require a combination of advanced analysis methods
Valkyrie performs comprehensive static analysis (discreet binary analysis) on every submitted Portable Executable (PE) file. This analysis includes a rigorous interrogation of over 1,000 static analysis detectors comprised of more than 26 static detector groups. These detectors include binary level analysis, DLL libraries, code embedded system calls, extractable links, support for more than 240 unpackers, string analysis and many others.
Additionally, the Valkyrie platform integrates dynamic virtual execution, or sandboxing, which leverages behavioral and environmental analysis within a finely instrumented operating system. Valkyrie Dynamic Analysis can detect registry and file system modifications, file executions and network communication attempts as wells as evasion techniques such as anti-VM evasion, VM escape attempts, mass sleep commands and file system pollution, API system calls and responses, as well as many other behavioral patterns to quick and accurately deliver verdicts.
Valkyrie integrates the latest advances in Machine Learning techniques throughout the automated analysis process. Machine Learning models ensure a high degree of accuracy without the overhead and management typically associated with exploit validation and response. Some of the Machine Learning techniques Valkyrie employs include Support Vector Machines, Naive Bayes, Decision Trees and Random Forest Classifiers. Additionally, Valkyrie will employ Linear Discriminant Analysis, Stochastic Gradient Descents, Hidden Markov models and Neural Networks, just to name a few. These advanced techniques all help Valkyrie provide an automated accelerated verdict that on average only takes 45 seconds, 5x’s faster than industry norms.
Valkyrie takes the concept of reputation in a different direction. When analyzed malicious files receive a verdict, embedded URLs are extracted and matched against known bad URLs (web blacklist), as well as correlated against all known bad malware URLs to draw associations between polymorphic code, campaigns and threat actors. Helping to speed up Valkyrie’s already industry-leading response time and providing additional data points when providing an accurate verdict for any given file.
Manual Expert Human Analysis
For the 5% of incoming files where automated analysis could not determine an accelerated verdict, an expert human malware researcher is required to accurately analyze the file. Valkyrie provides the industry’s only SLA-backed advanced malware analysis platform with human analysis to ensure that 100% of unknown files receive a verdict.
Crowd Sourcing Global Intelligence
Comodo’s position as the world’s largest certificate authority provides Valkyrie with unique insight into known good applications, publishers and even OS level processes. Unlike simple whitelisting, Comodo is directly involved in digitally signing and validating the “known good” and shares that intelligence with Comodo Advanced Endpoint Protection as well as with the Valkyrie File Analysis Platform. Inversely, Comodo Threat Research Labs (CTRL) leverages over 85 million endpoint installations across consumer and enterprise networks, providing excellent visibility into the “known bad.” This combination allows for a low compute way to quickly detect and defend against known threats, freeing up compute for advanced detection methods. When an unknown file or process is submitted to Valkyrie through the Valkyrie Portal or Comodo AEP, the resulting analysis - and Accelerated Verdict - provide global coverage and the elimination of patient-zero