Comodo Focuses on Prevention
Information security professionals, IT administrators and engineers alike are looking for a more effective way to prevent data breaches without having to manually approve applications. It is possible to do so by switching to a default deny posture that focuses on prevention.
While Comodo detects known good applications and known bad files very well (see “What we do for detection”); our focus is on preventing unknown malware (zero day) from executing on your endpoints. With a default deny posture featuring Comodo’s Secure Auto Containment you can prevents infection. No data breach, no damage.
Unlike conventional default allow approaches such as blacklisting or next generation automated AI and machine learning techniques—that all rely on some form of detection—Comodo Advanced Endpoint Protection (AEP) provides a balanced default deny approach to endpoint protection with application whitelisting and high-performance Secure Auto Containment™ for any unknown application until a verdict from the cloud identifies it as safe.
Secure Auto Containment via OS Virtualization
Only Comodo offers on-device, real time Secure Auto Containment of unknown files and accelerated trust verdicts from cloud-based analysis without negatively impacting system performance or end user productivity.
Comodo Secure Auto Containment™ provides full endpoint protection by creating a secure container (sandbox) in a virtualization environment where all unknown files or applications can be executed and used safely. During the short time that the unknown file is in CPU-enforced OS virtualization, users can run the file or application safely until Valkyrie, Comodo’s cloud-based file analysis system returns a trust verdict of good or bad. Good files are allowed to run on the endpoint and bad files are eliminated.
Threat intelligence (first signature) is shared immediately across the enterprise to prevent infection at other threat vectors and signature lists—application whitelisting and malware blacklisting—are dynamically updated as trust verdicts convert unknown files to known.
Advanced HIPS Monitoring Settings
No Impact on CPU Performance
Comodo OS virtualization technology is extremely lightweight, has no CPU dependencies and is completely application agnostic. Malware or any other unknown process entering this virtualized environment cannot modify the hard disk, registry, or COM interface; therefore, containing any unknown risk.
- Extremely lightweight with no performance hits requiring less than 1% CPU, and only 20 MG resource usage
- Prevents infection across the network from Web, email, documents, USBs and any executable files
- Defeats known and unknown malware ranging from viruses to trojans, from zero-day malware to advanced persistent threats on patched or unpatched machines
- 100% compatible with old or new CPUs, whether the user is on or off the corporate network
- Transparent to end users so usability is not affected, it is business as usual
Powerful Application Whitelisting Accelerates Trust Verdicts
Almost everything that runs on an endpoint uses an application to do so. With Comodo’s powerful application whitelisting capability, applications are automatically vetted against rigorous processes to ensure they are legitimate and safe before being allowed to run in your environment.
Comodo’s extensive application whitelisting processes quickly identify good applications so they can run on the host machine. Other vendors don’t do whitelisting at the same level. We are continuously tracking all the new applications from legitimate vendors. We know when there is a software update or a new application before our customers do.
Comodo applies more than a dozen different processes for application whitelisting that are completely independent of each other. Two of these processes are related to our standing as the leading global certificate authority. We collect information from many different sources and use various methods to ensure we know every application running on your endpoints and that we have given them trust verdicts of good.We follow legitimate software publishers to keep track of their applications. Because we trust these applications—they are known files and not malware—they don’t need to run in Secure Auto Containment. The result is there are no limits on usability. With this powerful whitelisting capability Comodo is able to focus only on unknown or suspicious files and applications to prevent infection from malware including zero day attacks.
Comodo’s default deny platform—the foundation of Comodo Advanced Endpoint Protection—combined with our powerful application whitelisting saves security professionals’ from having to manually vet every application while preventing the damage from data breaches and other threats.