Blog

Where Comodo Engineering Talks

SunBurst : APT against Solarwinds , mapped to Kill Chain

Following the attack on FireEye, the details are revealed and the US Department of Homeland Security (DHS) has issued an Emergency Directive (ED) regarding a backdoor being exploited in SolarWinds Orion products. Several victims have been identified that has been infected using the same attack. Fireeye initiated first analysis upon the findings on their network…
Read more

Applying Attack Surface Reduction on top of Attack Surface Reduction : ASR2

First some definitions/terminologies so that we all know what we are talking about Threat Actor: A threat actor or malicious actor is a person, entity or an object responsible for an event or incident that impacts, or has the potential to impact, the safety or security of another entity. In Cybersecurity this can only be…
Read more

Open EDR Components

This post describes the architecture of Open EDR components. The documentation for a component usually includes an information which is enough for understanding how it works and for developing it. However, these documents don’t include the precise API of particular component or details of implementation if it is not necessary for understanding the generic working…
Read more

Comodo XDR: eXtended Detection and Response : Discovering Unknowns, Revealing Hidden Threats

Comodo was one of the pioneers of Extended Detection and Response into network (XDR), web and cloud and I guess I am the one to blame as I charted and executed the strategy for this in 2017. A few months later, starting seeing other vendors announcing their NDR solutions, all of a sudden this concept…
Read more

Comodo MITRE Kill Chain

Cyber Intrusion Kill Chain aka Kill Chain, has been adapted from military concepts. Locked Martin’s engineers was the first to adapt it to cyber security area. The core of framework has been arisen from the structure of attack. It describes an end-to-end process , or the entire chain of events, that is required to perform…
Read more

Comodo’s patented “Kernel API Virtualization” – Under the Hood

When it comes to securing your enterprise endpoints, it’s important to have a foundational understanding that there are three types of files: the good, the bad and the unknown. Approaches such as Antivirus (both vendor-branded “next gen” and legacy detection-based), Blacklisting and Whitelisting handle the known good and the bad files – but what about…
Read more