ComodoBreach and Threat Detection Process
Simply by gathering logs from Advanced Endpoint Protection provides enterprises with extensive visibility over endpoints, files executed or in transit, the files' verdicts and relevant interactions.
Endpoint Data is Analyzed Against Indicators of Compromise
- Unusual Inbound/Outbound Network Traffic
- User Account Activity Anomalies
- Geographical Anomalies
- Authentication Anomalies
- Anomalies Specific to Backend Applications
- Web Traffic Anomalies
- Detection of Autonomous System Behavior
- Malware File Checking
- Port-Application Traffic Anomalies
- Suspicious Registry Or System File Changes
- DNS Request Anomalies
- Mobile User Profile Anomalies
- Signs Of DDoS Activity
- Long-Term Trending
Continuous Monitoring of Internal and Cloud Network Security
The Comodo Security Operation Center (CSOC) provides breach prevention and threat detection delivered as a managed service (SaaS). As part of the managed service delivery, the CSOC is responsible for the monitoring and assessment of any advanced threats that target enterprise network assets and cloud-deployed applications along with accompanying underlying cloud infrastructure.
With the extensive threat intelligence about emerging malware and threats from the Comodo Global Threat Cloud, the CSOC provides an early warning and assessment of any malicious activity that target either of these environments. All of the services are managed by CSOC Centers in the US and EMEA.
Network Platform Components:
- Endpoint Agent distributed via active directory (AD)
- AD Monitoring Agent
- Network Sensor
- Cloud Application and Big Data Platform
- Comodo Threat Cloud: Domains, Valkyrie, and Phishing
Real-Time Threat Intelligence Monitors:
- Malware (File)
- Insider threat (Users)
- Outside attacker (IP)
- Phishing domains (domain and email)
- Bot clients
Complete Network Visibility
functions into one platform including network monitoring, application detection, full packet capture, intrusion detection, packet processing and protocol inspection. Real-time threat intelligence monitoring provides critical data on applications and infrastructure without affecting network performance.
cWatch Network Sensor generates logs and information that are then normalized, classified and correlated by Comodo SOC experts. Timely and meaningful alerts and reports are generated automatically without the arduous process of defining custom rules and queries resulting in:
- Protection from the OWASP Top Ten list of vulnerabilities
- Immediate compliance to PCI DSS 6.6 without an application source code review or vulnerability assessment
- Visibility into the web server or application but also to any middleware applications, database access, configuration changes, server authentication, security logs, anomaly detection, incident response and alerting, as well as immediate protection from emerging threats by developing handcrafted security policies and signatures for your web site and applications.
- Prevention of infection and the damage from unknown (zero-day) threats