Ovum Research: Protecting Endpoints with Containment, Cloud Now “On the Radar”

Reading Time: 2 minutes
Endpoint Protection

A new research note profiling the unique auto-containment + Cloud analysis approach to endpoint protection in Advanced Endpoint Protection was just released by London-based research firm Ovum Ltd.

Part of Informa, Ovum researches the IT security and related TMT (Technology, Telecoms & Media) industries, including emerging technologies and vendors for endpoint security and other breach and infrastructure infection defenses.

Within cybersecurity, the challenge of protecting endpoints from malware infections has been unmet for customers of leading legacy vendors like Trend Micro™, Sophos, Symantec, etc., because the solution in practice prevents 99% of malware. Still better than leading solutions just a few years ago, anything less than a 100% prevention solution means that some new malware is allowed to enter the endpoint and ultimately infect machines and devices in the corporation’s infrastructure. Even when these legacy products have a security posture setting which denies entry to potentially dangerous new files, that 100% prevention setting isn’t used because of how many new “good” files are blocked along with the new, as yet unidentified new malware files.

This leaves most organizations with a 99% solution where the 1% results in breaches, data loss, and damaged corporate and individual reputations. The 1% gap is such that it is a matter of when, not if, a costly breach will occur there.

Ovum’s research examines the innovative Comodo Advanced Endpoint solution, which provides the 100% prevention security posture, but without the business disruption. It gives their assessment of the layered approach of anti-virus and other traditional tools being augmented by machine learning-powered artificial intelligence and the use of auto-containment and Cloud-managed multi-level analysis of new unknown files and executables, including a human expert analysis level when all others fail.

“Comodo AEP is a compelling option for any customer’s endpoint protection platform (EPP) project.” writes Rik Turner, Senior Analyst, Infrastructure Solutions at Ovum. He goes on to say, “Its claim of zero malware infections among customer using AEP is interesting, especially considering its containment technology’s minimal impact on productivity.”

Ovum describes these “On the Radar” publications as a series of research notes about vendors bringing innovative ideas, products, or business models to their markets.

Get your immediate access now to the Ovum report.

Endpoint Protection

Cyberstrategy for 2018: Time to Prepare for the Worst?

Reading Time: 2 minutes
Cyberstrategy 2018

Are you ready for 2018? 

If you were not a headline in the 2017 blizzard of cyber breaches, then you’re better off than your peers at Equifax, Dun & Bradstreet, Gmail, Anthem Blue Cross Blue Shield, Verizon, and Hyatt.

If you’re following these stories at all, then you’re likely aware you and your organization are possibly wearing a bullseye for hackers and their criminal organizations. If you’re honest about it, you probably are also at least a little worried that you may be at risk from the kinds of attacks that beat even leading IT security solutions in 2017.

That makes it time to inform your 2018 enterprise strategy and get some expert viewpoints on the lessons learned from 2017 and the best approaches for 2018. Machine learning-powered A.I. had some wins and a lot of press, but it also was shown to fall short in some big cases during the year.

Renowned cybersecurity expert and former White House CIO Carlos Solari explains that the current risk profile is very different than when most companies chose their cybersecurity strategy, and he also has been busy researching the new approaches to consider to address the changing 2018 IT security landscape. “A new type of layered security approach is needed and, luckily, the components are out there to examine and test right now.” said Mr. Solari, “We can learn much from the breaches and newly discovered threats of 2017 and an appropriate, actionable plan for 2018 is within reach for all sizes and types of organizations.”

PREPARATION SESSION: If you’d like to hear Carlos’ thoughts, and those of long time analyst Marco Coulter, you can join them for a unique, interactive webinar on Wednesday, November 29, 2017 at 1:00pm ET, entitled “Cyberstrategy 2018: Preparing for the Worst

After a short 2017 cyber threat report review and strategy briefing from Carlos, he will sit down with host and long-time industry analyst Marco Coulter to expand on some of his experiences in the White House and discuss a tiered security model, along with the where and what of security architectures. They’ll then take all your questions in an extended Q&A session.

Comodo Q3 2017 Threat Report: Comodo Detects Malware in Every Country on Earth

Reading Time: 3 minutes
threat research labs

In Q3 2017, Comodo Threat Research Labs (CTRL) detected nearly 400 million malware incidents from around the world – and some within every nation-state on the planet. Even the tiny island nation of Kiribati has malware. Malware is a global security challenge that is only growing: in Q3, Comodo detected roughly four times the number of malware incidents as in Q2 (97 M). Cyber spies and criminals are busy, so it is critical that enterprises develop a sound cybersecurity strategy as soon as possible.

Q3 2017: Most Dangerous Malware

The most dangerous malware types were:

  1. Trojan horses (13.7 M) were the most common malware type, and Ukraine was the top victim.
  2. Viruses (5.4 M), with Brazil as the most vulnerable.
  3. Worms (2.8 M), and Russia was the most victimized nation.
  4. Backdoors (553 K), with the U.S. in the lead.
  5. Packers (384 K), with Russia in first place.

Application malware, which includes not only malicious but also potentially unwanted programs and adware, will be covered in a special Comodo threat report separately.

Q3 2017: Global Analysis

  • The top five malware-ridden countries were Russia, U.S., Poland, U.K., and Germany.
  • The top 20 countries accounted for nearly 319 M detections, or over 80% of the global total.
  • Most nations had trojans – the Swiss Army knife of malware – as their No. 1 threat.
  • Lower socioeconomic tier regions, such as South America, Africa, Southeast Europe, and Southeast Asia, were affected by a higher proportion of viruses and worms.
  • Backdoors were the primary malware type seen in North Korea.

For much more detail on malware, countries, and even whole continents, please download the Comodo Threat Research Labs Threat Report Q3 2017.

Phishing Goes Global, Spearheaded by “Zombie Computers”

The Comodo Threat Intelligence Lab (CTIL) was the first cybersecurity analysis firm to discover a number of new, large-scale and global email-based phishing campaigns this quarter. Three were related to the “Locky” Trojan and used social engineering to get users to click on links, which delivered a ransomware payload.

“This attack was unique in its combination of sophistication and size, backed by a botnet spread across more than 11,000 IP addresses in 133 countries in just the first stage of the attack,” said Fatih Orhan, head of CTIL. “Also, the malware was designed to avoid detection by sandboxing and artificial intelligence technologies common in many endpoint protection systems.”

CTIL detected the phishing campaigns from August to September 2017. They were launched primarily from the IP addresses of infected “zombie computers,” owned by telecom companies and ISPs. Of the enterprise customers attacked, only the ones with a “default deny” security posture were truly safe.

Learn more about current threat patterns today.


The strategic analysis included in this Comodo report can help cyber defenders at the tactical level by helping them to see where they fall in the global malware landscape. Remember, cybersecurity is much more about brains than brawn. Businesses must integrate security into their corporate culture, and metrics are key to the decision-making process. Cyber spies and criminals take advantage of the mazelike, international architecture of the internet to achieve a high degree of anonymity. Therefore, it is important that enterprises collaborate with partners, both within their national borders and in other countries, in order to understand who is attacking them, and why.
Get the report.

About the Comodo Threat Research Labs Q3 2017 Report

The Comodo Threat Research Labs Q3 2017 Report is the third quarterly publication of the Comodo Threat Research Labs, a group of more than 120 security professionals, ethical hackers, computer scientists, and engineers, who work for Comodo full-time analyzing malware patterns across the globe. Comodo is a global innovator of cybersecurity solutions.

Related Resources:

Best Antivirus Software

Antivirus Software for PC

Best Malware Removal Tools


WordPress Roulette

Reading Time: 3 minutes
wordpress roulette

WordPress, the world’s most popular CMS, requires web admins to perform a massive amount of time and effort to maintain currency and to be secure – and there are still risks – now there is a free solution to reduce these risks and effort.

A large proportion of all the websites being used today are using the WordPress content management system (cms). WordPress is free and for many users and companies it is quite simply incredible in its ability to provide complex, feature rich websites.

There is a very large marketplace of modules and templates that allow developers to modify their websites to deliver exactly what they need.

Thousands of web design companies vie for business and hundreds of thousands of business have also built their own sites themselves.

But as every web admin of a WordPress site knows, there are updates to each component created every few months. And if you have a website with a few modules you will be required to perform updates almost daily.

The challenge is that with every module update, you may have compatibility issues with other modules you are using. So, web admins find themselves is a difficult situation. Do I update a module and risk breaking something on my website, or do I not update a module and risk being hacked (as many module updates and primarily to patch identified security issues)?

It’s very easy to rack up dozens of modules on a WordPress site, each from different developers; making sure they all work well together is a complex task. But with each and every update, you need to re-test your environment. Some people run a duplicate site just to test all these interactions, while other chose to hold off on updates until they can confirm other user’s experiences, and others just accept every update as they are delivered. All choices require effort and an understanding of the risk you are taking.

The first time you update a module, and then find that part of your website isn’t working (normally because one if you customers calls and tells you) is the first time you fully understand the role of a WordPress website administrator.

This is the daily “pulling of the trigger” on the “WordPress roulette revolver”

Website administration is complex, time consuming and a balancing act of security vs functionality.

So, what if you could lower your security risk? What if you would change the dynamic, such that you are no longer relying on the patches of each module to maintain your security?

What if you had the equivalent of a large enterprise’s security operations center (SOC) overseeing the security of your website, ensuring you are protected from all malware, DDoS attacks, SQL injection attacks, robot attempts to login to your admin account by brute force retries?

Now you have a way of reducing all the modules needed to maintain security, and the pressure is off of you. You have a secure website.

And what if that service was available to initially evaluate your WordPress sites and remove malware and unwind any ongoing hacking attempts?

Quite simply this is available to every WordPress admin today FOR FREE.

Go to https://cwatch.comodo.com and sign-up now, and Comodo (a leading cyber-security company) will put its experts to work making sure your site is secure, for free. We believe that fixing a cyber-security problem should be free, and sites should only pay to prevent future infections. There is no upfront commitment required, you can choose to take the free service and never pay for on-going preventative services (but we believe you will be so pleased with the service and the reduction in work you will have to perform, you will want the preventative services). We’re so confident in our approach that we don’t even ask you for a credit card, this is a commitment free service.

Let Comodo help you today.

Creating Trust Online

Related Resource

Get WordPress Security

What’s Next for Melih?

Reading Time: 3 minutes
website security

Melih took on the giants of the PKI certificate business and bested them, by creating the world’s leading certificate authority.

Now that he has “sent his kid to college,” as he wittily describes the recent sale of a majority stake in Comodo CA Ltd. to tech-focused private equity firm Francisco Partners, many people wrote to us asking, “What will Melih do next?”

No one imagines that Melih will kick back, sit on a beach and enjoy himself. Anyone who knows his history understands he will continue to innovate and disrupt in pursuit of his lifelong ambition to create trust online. The only question is how? So here is a tiny peek into what Melih will be pursuing next.

Melih has been following the rise of website infections and hacks very closely. He sees website security at a stage similar to where computers were in the 1990s. Then, using protection for computers was viewed as not necessarily required, and few people knew how, nor understood the need for it.

But as the digital platform economy has grown, so too have cybersecurity risks. Now, website security has become essential to online trust, and Melih has turned his attention to solving this problem —again!— this time by keeping our websites clean and safe.

The first problem to overcome in his view, surprisingly, comes from a small number of rogue marketing companies who, like circling vultures, build their business models to profit from companies’ problems, instead of protecting them. There is a huge industry that is motivated to see sites get infected, so that they can sell their “cleaning services” for big bucks. Instead of building amazing protection, these companies prey on website owners at their most vulnerable time, when their sites are hacked. There are many examples of these companies scare mongering website owners into buying “cleaning services” even when there is no infection on their site.

In sharp contrast, Melih believes in protecting people before the damage is done. That’s why he led the effort to build cWatch Web — a comprehensive suite of solutions and managed services brings world-class website protection to small, medium and large enterprises.

cWatch is the world’s very first web security platform to combine SIEM, Managed WAF and CSOC on top of CDN. (In this case, a real CDN, unlike other web malware cleaning companies who are providing “non-caching” CDN…the irony!)

  • SIEM is the brains of the operation
  • WAF is the muscle of the operation
  • CSOC are the people who make it all happen
  • CDN is making it all fast and efficient

Thanks to innovation and three years of constant research and development, not only did he and his team create the world’s most amazing web security platform, they found a way to deliver it at an impressively cost effective price point of less than $10 per month.

As Melih puts it, “Sometimes you have to innovate to achieve a price point rather than a feature. We achieved both a higher level of functionality and an affordable lower price with cWatch. Now everyone can have world-class protection for their websites.”

But what about the people who don’t yet have protection and are already suffering with infections and hacks?

Melih is a true believer in reciprocity and helping each other. That is why in his business models he always includes free offerings. He has never refused any charity asking for products for free and he has always made his products available to anyone who couldn’t otherwise afford it. He truly believes that “security is a right and not a luxury.”

As a result, all the website owners who are suffering and about to become shark bait for “website malware cleaning” providers charging hefty sums for services, now have a new champion. Melih has built the cWatch platform to be able to offer website malware cleaning, hack fixing and other services for FREE. 100% free. Because Melih believes that by serving site owners when they need security, he will gain their trust, and they will use his protection platform for the future.

Melih comes from the school of aligning the interests of security vendor with its customers. What that means is security companies should make money only when their customers are protected.

“There should simply be no incentive for a security company to profit from a customer’s security problems. If a customer is suffering, the security company who was supposed to be protecting them should suffer too. Security companies should not profit from their customer’s suffering. Rather, security companies should profit when they are effective at providing safety and protection to their clients,” said Melih.

So now you know the next challenge Melih is taking on, and his latest innovation will continue to protect us. It is a win-win for the digital platform industry, businesses and consumers, and takes Melih further along the road toward his goal of creating trust online.

Marketing can be a very powerful influence on our ability to accept situations that are sub-optimal

Computer Malware
Reading Time: 3 minutes
Computer Malware

Sometimes a marketing analogy misleads us about the complex idea it is trying to simplify. A great example of this is equating PC security to the immune system of the human body. Because we accept being unwell with a cold as a fact of life, we assume computer infections are inevitable too. They are not.

Equating the concept of biological viruses with computer viruses is a decades-old idea created by a clever marketing person to introduce average users to the complex ideas of computers and malware. Viruses sounded dangerous and cool, computer malware sounded complicated. At the time, many of the mechanisms we understood in biology could be likened to similar mechanisms in malware. At first, the analogy helped people grasp the complexity of computer malware.

The terms virus and anti-virus are still used to describe malware and the tools that detect known malware. We have come to accept that some level of infection is inevitable. The outdated analogy now fails us while it leads us to accept less than total protection against malware.

You can stop all forms of malware from infecting a system. Computers are not biological systems.

With each release, computer environments become more secure. Operating systems provide very limited methods of code execution causing every executable file to use controllable interfaces within the operating system.

Would you travel in a car this has a 99% likelihood of not exploding in a year?
Would you fly on a plane that has a 98.7% chance of not crashing?
Would you eat food that is only 1% likely to give you food poisoning?
Would you use a spreadsheet that calculates correctly only 99.5% of the time?
Yet you accept malware protection that is performing at less than 100%?

There are already solutions with a track record of 100% success in stopping every form of previously known and as-yet unidentified malware. Imagine that! There are solutions so good that no malware, even new forms as yet undetected, can infect a system.

Why is everyone not using these systems with this sort of track record? One word, marketing! Hundreds of endpoint security vendors use the virus analogy to talk about providing protection in medical terms with organic levels of performance. The analogy misleads us that when a flu shot does not guarantee protection against the flu, it must be the same for computer malware.

Solutions that isolate a file with an unknown security provenance protect against both known malware and previously unidentified forms of malware. There are several types of isolation solutions on the market. Avoid those that prevent the use of new files while they are evaluated as they negatively impact your business. Avoid those demanding a massive amount of system overhead to work as they negatively impact the endpoint.

here is just one solution that uses a virtualized auto-containment model that is light on system resource utilization and allows the system to use unknown files while they are being evaluated. This solution can be seen here https://enterprise.comodo.com

If you want a practical solution that has a documented track record of preventing ALL malware from infecting your systems and does it without creating a restrictive user environment, check out https://enterprise.comodo.com.

No one can know for sure that tomorrows malware won’t find a new way in, but as of today Comodo AEP is literally batting 1000!

Solving the 3 Most Common Website Security Problems [Webinar]

Reading Time: 1 minute
Website Security

Join NATO Cyber Centre Ambassador Dr. Kenneth Geers and Comodo Cyber Security Services VP Carlos Solari on November 15 for a free webinar to learn how to solve the three most common website security problems.

Register here: https://www.comodo.com/resources/webinars/cwatch-webinar/?afid=9671

With cybercrime cost projected to reach $2 trillion by 2019 according to Juniper Research, and a recent study showing that nearly 90 percent of websites contain at least one serious vulnerability, organizations of all sizes need to make website security a priority.

Join this webinar to learn:

  • The fundamental steps organizations must take to secure their websites
  • The tell-tale signs that your website has been compromised
  • Why one-size-fits-all website security doesn’t work—and what does
  • How Comodo cWatch can help you clean and protect your website
  • The solutions to the three security issues organizations of all sizes struggle with most
  • Threat Management, Incident Management, and Compliance.

Attendees will get a 30% discount on Comodo cWatch—the only fully-managed website security service that combines a Web Application Firewall provisioned over a secure Content Delivery Network with a 24/7 staffed Cyber Security Operation Center (CSOC) and SIEM platform that leverages data from 100M+ endpoints to detect and stop threats.

Register here: https://www.comodo.com/resources/webinars/cwatch-webinar/?afid=9671

Related Resources
  1. Link Scanner