Valkyrie has massive scale. 73 billion file queries, and 300 million unique unknown files submitted annually. Valkyrie also provides a verdict for 200 million known and 1 million unique, unknown files each day.
Valkyrie is tightly integrated into the Comodo 360 platform, providing file analysis for Comodo Advanced Endpoint, Network and Boundary solutions. This tight integration provides the essential file analysis needed to provide real-time file decisions.
Advanced Endpoint Protection
Within Comodo’s Advanced Endpoint Protection solution is Comodo Client, a next generation endpoint client which provides a multi-layered approach to endpoint security. As part of this multi-layered approach, Comodo Client can be configured to work directly with Valkyrie. This tight communication between Comodo Client and Valkyrie allows Comodo Client to stay constantly updated with the known good and the known bad, leaving only unknown files which Comodo client automatically contains, using Comodo’s lightweight, patent-pending container. While that unknown file is contained, Comodo Client automatically sends that file for analysis. This direct communication of unknown files ensures that unknown files run in containment for the shortest time possible.
Comodo Dome Secure Web Platform
Comodo Dome offers a modular approach to securing the network boundary, with service offerings such as Advanced Threat Protection, Web Security, Bandwidth Management, Portable Containment and many others. Valkyrie integrations provide the foundation of many of these services; in particular, Portable Containment utilizes Valkyrie’s file intelligence to analyze files while they are in transit, allowing the known good, blocking the known bad and employing Comodo’s portable containment technology on the unknown. This portable containment wraps the unknown file in a lightweight container that is transmitted to the receiving endpoint. This “wrapped” file can then be run on the receiving endpoint without the risk of infection, even on completely unprotected endpoints.
cWatch Breach Prevention and Compliance
cWatch offers a modular self-managed or true Security-as-a-Service platform for advanced breach prevention and threat monitoring. cWatch’s modular design allows for flexible deployment of network sensors, allowing for in-depth monitoring for every aspect of your environment. This security information is then analyzed by Comodo’s expert security personnel and combined with the advanced file analysis provided by Valkyrie. This tight integration into Valkyrie provides Comodo’s security experts with the entire wealth of information contained in Valkyrie and provides the big data analytics that are essential for exploit validation and response.
Valkyrie provides a powerful research platform for malware researchers, partners or anyone interested in malware research. Novice users can upload files directly to Valkyrie through its website, while more advanced interactions can be constructed via plug-ins and RestAPI web services.
Comodo’s position as the world’s largest certificate authority provides Valkyrie with a massive amount of data on the known good. This information comes from Comodo’s application and code signing programs that work directly with application developers. Code signing allows Comodo to ensure that applications really come from the advertised publisher, and that the code has not been altered. Think of it as digital shrink wrap for applications. Valkyrie uses this data to create the known good or whitelist of good applications. This list is then used by Comodo Enterprise applications such as Advanced Endpoint Protection to help in the verdicting of files.
Valkyrie takes the concept of reputation in a different direction. Analyzed malicious files receive a verdict, embedded URLs are extracted and matched against known bad URLs (web blacklist), as well as correlated against all known bad malware URLs to draw associations between polymorphic code, campaigns and threat actors. Helping to speed up Valkyrie’s already industry-leading response time and providing additional datapoints when providing an accurate verdict for any given file.
Static, Dynamic and Human Analysis
Valkyrie performs comprehensive static analysis on every file presented to the system. This analysis includes a truly impressive array of tests: more than 26 static detector groups containing over 1000 static analysis detectors. These detectors include binary level analysis, included libraries, system calls embedded into the code, extractable links, unpackers, string analysis and many others, providing Valkyrie with the data needed to make accurate verdicts.
Additionally, Valkyrie performs sandbox-based dynamic analysis, with behavioral and environmental aspects, watching for anti-VM evasion, VM escape attempts, mass sleep commands and registry changes. Additionally, Valkyrie looks for file system pollution, API calls and returns. These are just a few types of behaviors that Valkyrie looks for, all adding to the data needed to make quick and accurate verdicts on 85% of incoming files.
For the 15% of incoming files where automated static and dynamic analysis could not determine an accelerated verdict, an expert human malware researcher is required to accurately analyze the file. Valkyrie provides the industry’s only SLA-backed advanced malware analysis platform with human analysis to ensure that 100% of unknown files receive a verdict.
Valkyrie integrates the latest advances in Machine Learning techniques throughout the automated analysis process. Machine Learning models ensure a high degree of accuracy without the overhead and management typically associated with exploit validation and response. Some of the Machine Learning techniques Valkyrie employs include support vector machines, naive bayes, decision trees and random forest classifiers. Additionally, Valkyrie will employ linear discriminant analysis, stochastic gradient descents, hidden markov models and neural networks, just to name a few. These advanced techniques all help Valkyrie provide an automated accelerated verdict that on average only takes 45 seconds, 5x’s faster than industry norms.
Valkyrie Hunter is a freely available, easy to use, malware discovery tool that provides an easy and direct interface into Valkyrie. This lightweight file scanning application is capable of identifying advanced persistent threats and other zero-day threats in your area network and on Windows-based devices. Once scanning is complete, Valkyrie Hunter will classify files as good, bad or unknown. Unknown files can then be directly uploaded to Valkyrie for analysis, and results can be viewed directly within Valkyrie Hunter. Download Now