Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Comodo Valkyrie is a cloud based verdict system analyzes over 200 million file queri
#1
https://comodemia.comodo.com/valkyrie.php     

Comodo employs a wide variety of techniques to detect and identify unknown files, ranging from a simple signature based system to emulators and unpackers. This holistic approach provides both detection and protection from malware.

Comodo Valkyrie is a cloud based verdict driven platform that provides static, dynamic and as needed, expert human analysis for submitted files of unknown and zero day files. The Valkyrie verdict system analyzes over 200 million file queries per day and more than 300 million unknown files each year through tightly integrated Comodo solutions and our active global community of threat researchers.

Different from traditional signature based malware detection techniques Valkyrie conducts several analysis using run-time behavior and hundreds of features from a file and based on analysis results can warn users against malwares undetected by classic Anti-Virus products.

Valkyrie platform provides detector API for users to design and implement their own detection methods in the form of a Valkyrie detector. Users then can deploy their detectors on Valkyrie Platform for testing. In this way, they can also compare the results of their detection methods with each other and Valkyrie detection methods

Static Analysis

Automatic static analysis allows detection of malicious files that might not be recognized by legacy techniques such as antivirus engines and blacklists. For example, malware writers frequently ‘pack’ or compress their malware to obfuscate it and escape analysis. Valkyrie static analysis supports over 450 unpackers ensuring these evasive tactics fail.

Comodo Valkyrie extracts and analyzes static detector data on submitted PE files and determines a verdict. Static analysis detectors include: binary level analysis, included libraries, system calls embedded in the code, extractable links, unpackers, string analysis and many more detectors that determine a trust verdict.

Automatic static analysis is done by using only binary features of the file such as format of the file, format anomalies, and sections in the file, contents of sections, location of sections and section anomalies. Static analysis can be applied to any type of file, such as 32/64 bit executable Windows files, pdf files, Office documents, html files, and stand-alone script files, e.g. bat, py, js.

Static analysis is a fast method and able to process large numbers of files in a shorter time than the behavioral approach of dynamic analysis, but dynamic analysis plays a critical role in catching what static analysis misses.   
Dynamic Analysis:
Behavioral Monitoring

Dynamic analysis detects malicious files that might be unrecognized by legacy techniques. Dynamic analysis runs and monitors the behaviors of a file to catch malicious files that cannot be detected by static analysis methods. Dynamic analysis takes longer than static analysis but it is a critical part of detection.

Automatic dynamic an analysis is done by inspecting the run-time behavior of a file such as if it is attempting to create, delete or modify files, registry values, processes, memory locations or other specific operating system entities and network connections. Dynamic analysis can be applied to different file types such 32/64 bit executable Windows files, pdf files, Office documents and html files that include executable scripts and stand-alone script files, e.g. bat, py, js.

Comodo Valkyrie sandbox based dynamic analysis is performed on the submitted PE file. Automatic dynamic analysis includes both behavioral and environmental analysis of unknown files exhibiting any of the following: ‘anti-VM’ evasion, VM escape attempts, sleep commands intended to wait out analysis, system modifications to the registry, file system pollution, system API calls and returns, and many more techniques that contribute to determine a trust verdict (good or bad).
Dynamic Machine Learning:
AI Engineered Detection

Machine learning training techniques combine algorithms and hundreds of static features extracted from files. Huge sets of malicious and clean files are used in machine learning models and refreshed with new files regularly. Machine learning based models, ensure a high degree of accuracy and reduce the management overhead typically associated with exploit validation and response.

Static machine learning models know what a clean file should look like. They can detect potential new malware for analysis such as zero-day malicious files that have features that are not explicitly known and are not likely to be detected by legacy methods. In addition, machine learning models trained on specific malware types help improve the accuracy of automatic techniques.

Broader machine learning models—as practiced by Comodo—focus on statistical correlations and trends to identify exploit campaigns and more. Comodo’s dynamic machine learning technique uses hundreds of features extracted from the run-time behavior of a file with the combination of algorithms yielding the best results.

Comodo Valkyrie integrates machine learning throughout its automated verdict system. Research and analysis drives the development of ‘big data’ algorithms and methodologies that increase verdict coverage and accuracy. Hundreds of thousands of malicious and clean files are used in training dynamic machine learning models and they are improved with new files regularly. Like the static machine learning technique, the advantage of dynamic machine learning comes from its high probability to spot zero-day malicious files.

Comodo focuses on machine learning based models designed to accurately identify the rise and fall of exploit campaigns. We also study trending analyses of exploit submissions by Comodo’s global installed base and community of independent researchers. This helps us identify campaign attack surface, breadth, geography, industry and other useful metadata to profile and respond to advanced threats.
How we detect at the endpoint

Comodo takes a holistic approach to endpoint security that spans simple signature-based detection of known malware to application whitelisting to advanced detection and response tools at the local level and in the cloud. Comodo’s endpoint security continuum also includes application and network access controls, a host intrusion prevention firewall (HIPS) and patent-pending Secure Auto Containment for usability while preventing infection from unknown malware.

For more information please visit project’s website from here The manuals and sample sets are at the Here is What You Get section.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Kaspersky Free uses top-rated security technologies and auto-analyzes real-time data mrtrout 0 389 09-26-2023 , 03:07 AM
Last Post: mrtrout
  Comodo CLOUD-BASED Features & Protection (Free) mrtrout 0 629 05-05-2023 , 11:25 PM
Last Post: mrtrout
  RdpGuard Version 8.5.7 RdpGuard is a host-based intrusion prevention system ( mrtrout 0 533 04-11-2023 , 05:05 AM
Last Post: mrtrout
  Comodo Antivirus Review 2020 - Comodo Antivirus - Comodo free antivirus download now tbccomodo 0 1,825 01-04-2020 , 08:24 AM
Last Post: tbccomodo
  Comodo Cloud AV received AVLab Best +++ Award ! ! mrtrout 2 2,399 11-27-2018 , 10:49 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)