Bad in Good

Network administrators face the unenviable task of making sure employee computers are kept secure against a rising tide of malware, hacking attacks, data corruption, social engineering and data leakage. Finding the right security software is essential. It needs to provide thorough protection against known and unknown threats and be as low maintenance as possible so as to not require frequent administrator attention.

Comodo's threat containment solutions allow business of all sizes to deploy powerful, award winning protection against outside internal and external threats

We live in a world of constant threat.

Every hour of every day in every country around the globe hackers are working feverishly, attacking both large and mid-sized companies across every industry and region, writing malicious code to exploit your website and computer network.

Every computer, laptop, tablet and mobile phone connected to your network represents a vulnerable endpoint for viruses, worms, spyware, rootkits, trojan horses and other malicious software – all of it designed to either disrupt your operations or gain access to proprietary data and information.

Yet despite the constant threat, a 2013 survey by The Small Business Authority with a portfolio of over 100,000 members reveals that the majority of business owners are unaware of their website's security with sixty percent not concerned about vulnerabilities. According to Barry Sloane the organization's President and CEO, "Despite the rise of cyber-attacks, there is an air of complacency with independent owners thinking it will not happen to them – even though organizations experiencing such an attack run the risk of decimation."

And it's not just small businesses that are under threat. In 2012, the social networking site LinkedIn was breached with more than six million customer passwords stolen then posted to an online hacker's forum for all to see. Similar incidents have occurred at the CBS music site Last.fm as well as the online dating site eHarmony. Global Payments, a leading payments processing firm, revealed that expenses associated with the theft of an estimated 1.4 million of its payment cards was $84.4 million.

Traditional security software such as antivirus use a file called a "blacklist" to prevent such attacks by determining which programs are safe to run. The problem is that a blacklist requires that a threat has already been identified, diagnosed and the antivirus system's blacklist file updated. Given the unidentified nature of a zero-day attack, it's impossible for a blacklist to be up-to-date 100% of the time for 100% of the threats.

What this means is that no protection can be complete unless it addresses the gray area where a program is not on a blacklist as a known threat but also not on a whitelist as confirmed safe.

The Case for Threat Containment

Containment, or sandboxing, means any untrusted files entering your network are restricted to running in a virtual environment. By sandboxing a program, you prevent it from making any permanent changes to your files or system. If the program turns out to be malicious, no harm is done.

Sandboxing is a vehicle for coping with zero day attacks that take advantage of unknown security holes in web software such as Adobe Flash, Internet Explorer and Java. Security relying on blacklists cannot protect you against these threats because the threats have not yet been identified and diagnosed. A sandbox can.

Containment based solutions provide protection that a blacklist based antivirus solutions cannot. If an exploit downloads malicious software while in a sandbox it will be isolated and unable to spread.