Comodo: Cloud Native Cyber Security Platform

WHY CHOOSE COMODO OVER CROWDSTRIKE

Comodo’s Advanced Endpoint Protection (AEP) is a game-changing, validated approach that offers the world’s only active
breach protection that renders ransomware, malware and cyber-attacks useless.

Compare

Comodo Dragon Enterprise Versus Crowdstrike

  Comodo
Dragon Enterprise
Crowdstrike
EPP Capabilities
Signature-based anti-malware protection
Machine learning/algorithmic file analysis on the endpoint
Machine learning for process activity analysis
Process isolation
Memory protection and exploit prevention
Protection Against Undetected Malware
Application whitelisting
Local endpoint sandboxing/endpoint emulation
Script, PE, or fileless malware protection
Integration with on-premises network/cloud sandbox
Real-time IoC search capabilities
Retention period for full access to data No Limit 1 month
Endpoint Firewall
FW Learning Mode
Automatically creates network traffic rules
URL Filtering
Host Based IPS
USB device Control
Full Device Control (Device Control based on Device Class product ID, Vendor ID and Device Name)
Agent self-protection/remediation or alerting when there is an attempt to disable, bypass, or uninstall it
Ransomware protection
Protect/block ransomware when "Offline" or "Disconnected" from the internet?
VDI support
Manage, and maintain, an application control database of known "trusted" applications?
Multi-tenant cloud based service
EPP management console available as an on-premises virtual or physical server/application
Consolidated EPP management console to report on, manage, and alert for Windows macOS clients and mobile
Data loss prevention Requires Additional Product(s)
Mobile Device Management Requires Additional Product(s)
Mobile threat Defense Requires Additional Product(s)
Vulnerability and patch management Requires Additional Product(s)
Network/Cloud sandboxing Cloud Sandbox
Security Orchestration, Analysis and Response (SOAR) Integration
Network discovery tool
Remote Access Requires Additional Product(s)
Remote scripting capabilities Requires Additional Product(s)
Default Deny & Containment
Default Deny Security with Default Allow Usability
Run unknown files with Auto Containment Protection
Create Virtual environment for any unknowns
Virtualize file system, registry, COM on real endpoints
EDR
Telemetry (observables)
Interprocess Memory Access
Windows/WinEvent Hook
Device Driver Installations
File Access/Modification/Deletion
Registry Access/Modification/Deletion
Network Connection
URL Monitoring
DNS Monitoring
Process Creation
thread Creation
Inter-Process Communication (Named Pipes, etc) up to this
Telemetry data itself can be extended in real time
Event chaining and enrichment on the endpoints
Detection/Hunting/Reporting    
Adaptive Event Modelling

Behavioral analysis (e.g. analysis over active memory, OS activity, user behavior, process/application behavior, etc.)

Static analysis of files using capabilities such as machine learning (not including signature based malware detection)

Time-series analysis
Integration with automated malware analysis solutions (sandboxing)
threat Hunting interface or API for searching with YARA/REGEX/ElasticSearch/IOC Yes without Yara IOC and Regex only
Support for matching against private IOC
threat Intelligence integration (TIP, upload, webservice connector, etc) to enrich and contextualize alerts
Linking telemetry (observable data) to recreate a sequence of events to aid investigation
Process/attack visualization
Incident Response Platform (IRP) or orchestration integration?
Vulnerability reporting (ex. reporting on unpatched CVEs)
Alert prioritization based on confidence, able to define thresholds for alerting.
Alert prioritization factors system criticality
Able to monitor risk exposure across environment organized by logical asset groups
Reporting interface identifies frequent alerts that may be appropriate for automating response
Response    
Remote scripting capabilities
Quarantine and removal of files
Kill processes remotely
File retrieval
Network isolation
Filesystem snapshotting
Memory snapshotting
MDR
Managed endpoints    
Manage customer endpoints and policies
Incident Investigation & Response
Preemptive containment
Application profiling (AI support)
Customizable policy creation
Central monitoring of all endpoints
Live remote inspection
Tuning of monitoring rules for reduction of false positives
Forensic analysis
Managed network    
Cloud-based SIEM and Big Data Analytics
Log data collection/correlation
Threat intelligence integration
Network profiling (AI support)
Available as virtual or physical
Integrated file analysis (cloud sandbox)
Full packet capture
Protocol analyzers for 40+ different protocols such as TCP, UDP, DNS, DHCP, HTTP, HTTPS, NTLM, etc. w/full decoding capability
Managed cloud    
Includes ready-to-use cloud application connectors for:    
Azure
Google Cloud Platform
Office 365
AWS
Threat detection for cloud applications
Log collection from cloud environments
Generating actionable incident response from cloud application
Threat intelligence and Verdict    
InHolistic security approach Combined network, endpoint, cloud
Internal security sensor logs (IOCs)
Expert Human Analysis
ML & Behavioral Analysis and Verdict
Open source threat intelligence feeds
Information sharing with industry
Clean web (phishing sites, keyloggers, spam)
Deep web (C&C servers, TOR browsers, database platform archives—pastebins)
Cyber Adversary Characterization
Security operations center (SOC)    
Global, real-time support (24 / 7 /365)
Dedicated cybersecurity expert
Breach (case) management
Security monitoring
Incident analysis
Incident response (handling)
Extensive threat hunting (scenario-based)
See Less

OUR PATENTED TECHNOLOGY

AUTO CONTAINMENT
WHAT DOES IT DO?

It prevents active breach, stops day zero malware from causing damage. This allows protection of the systems without having to rely on detection of any sorts, whetherAI, heuristic or signature based.

WHY IS IT IMPORTANT?

No detection-based system can be 100% which means every detection-based system no matter what kind of (AI based, heuristic, next gen) will allow brand new malware/threats they don’t recognize to inflict damage. Detection based systems can only act if they can detect.

 
WHAT IS THE DIFFERENCE?

CrowdStrike will allow any brand new malware it does not recognize to cause breach first

OUR TECHNOLOGY

OUR NATIVE SIEM AND DATA ANALYTICS PLATFORM
WHAT DOES IT DO?

It prevents active breach, stops day zero malware from causing damage. This allows protection of the systems without having to rely on detection of any sorts, whetherAI, heuristic or signature based.

WHY IS IT IMPORTANT?

No detection-based system can be 100% which means every detection-based system no matter what kind of (AI based, heuristic, next gen) will allow brand new malware/threats they don’t recognize to inflict damage. Detection based systems can only act if they can detect.

 
WHAT IS THE DIFFERENCE?

CrowdStrike will allow any brand new malware it does not recognize to cause breach first

OUR TECHNOLOGY

ADAPTIVE EVENT MODELING
WHAT DOES IT DO?

Adaptive event modeling:

where not only correlations but the sensor data itself can be extended in real time, enabling the system to collect more information from the endpoints, do event chaining and enrichment on the endpoints and send all to the cloud if needed.

Time Series Dimension:

provides semantics to the events detected by using first order logic, such as an adaptive discrete event modeling adding time-series as a dimension and build a baseline model to detect anomalies.

WHY IS IT IMPORTANT?

It enables analysts to query all historical data, define new data types and push those to the endpoints in real time to reduce dwelling time over attacks.

This cross-correlates with time as a dimension, detects hidden attacks that has only divergent over normal behaviors.

WHAT IS THE DIFFERENCE?

CrowdStrike event modeling is static and can only be managed by CrowdStrike. Any new request on event modeling will take CrowdStrike days as well as a whole CrowdStrike desktop agent Update; versus Comodo where analyst can model their events on the fly and in real time.

While Comodo can detect hidden attacks thanks to its time series analysis capabilities, CrowdStrike lacks this Capability and therefore does not detect hidden attacks.

OUR TECHNOLOGY

CLOUD-NATIVE NETWORK DETECTION AND RESPONSE
WHAT DOES IT DO?

Dragon Enterprise has its enterprise-class network traffic analysis that detects suspicious behaviors, prioritizes investigations into the highest risk threats, and automates response. It captures all network traffic, generates extensive metadata for all important network protocols, sends this data to the cloud to enrich and correlate it with endpoint sensor data.

WHY IS IT IMPORTANT?

Only sensing through the endpoints (what CrowdStrike does is limiting its sensing only to the endpoints versus full network) will not reveal hybrid attack surface. NDR gives you the perspective you need to understand your hybrid attack surface from the inside out. It enables finding rouge devices and reports back any attack vector based on those.

WHAT IS THE DIFFERENCE?

CrowdStrike does not analyze the full network, it is limited to what it can see on the endpoint with limited protocol decoding and it has no network sensor. VS Comodo combines endpoint events with its network sensor data (collected through its network sensor), analyzing more than 40 different protocols and correlate all this data using its SIEM and data analytics platform to identify hybrid attacks.

OUR TECHNOLOGY

CLOUD WORKLOAD SECURITY
WHAT DOES IT DO?
Dragon Enterprise collects and analyze not on just computing resources of cloud providers but also gather all events from IaaS, PaaS, serverless and SaaS services like 0365, Azure AD, Google Cloud or AWS Cloudtrail, and detects and alerts any threat targeting the cloud workloads.
WHY IS IT IMPORTANT?
Cloud workloads become An important part of the enterprises. Dragon Enterprise allows businesses to discover, monitor, and secure cloud accounts, compute and storage instances, and the control plane. Securing the cloud will require much more than agent running on the endpoints.
WHAT IS THE DIFFERENCE?

Crowdstrike has only an agent running and only on the endpoint, with a simple log collection of the cloud providers. VS Comodo integrates with major and popular raw event sources of cloud infrastructures and workloads. This integration along with its own native SIEM platform combine with the data collected from the endpoint enables 360 coverage over all the customer assets on-prem or in the cloud. Dragon Enterprise is the only platform that is natively architected to protect enterprise both on-prem or in the cloud.

OUR TECHNOLOGY

SECURITY OPERATIONS CENTER AS A SERVICE
WHAT DOES IT DO?
Dragon Enterprise comes with full blown SOC services where threat hunting teams are used over the alerts the system has generated to detect any malicious activity and provide incident response with the customer. Dragon Enterprise incorporates artificial intelligence capabilities with semi-supervised artificial intelligence engine that learns from the activities and operations of Comodo’s cybersecurity experts, accelerating the detection and response to new threats.
WHY IS IT IMPORTANT?

Having a professional security analyst & threat hunter monitoring all your alerts and incidents and guiding you or acting themselves empowers companies with necessary security expertise to fight against advanced attacks.

WHAT IS THE DIFFERENCE?

CrowdStrike only has incident monitoring and alerting service, versus Dragon Enterprise that comes with full operational 24×7 SOC service that not only monitors and alerts like CrowdStrike does, but also comes with a fully managed SOC services including

  • Incident management and response
  • Compliance reporting
  • Customizable reports
  • Security risk reviews
  • And much more
Scroll to Top