Advanced Persistent Threats and zero-day attacks can go unnoticed for days and weeks, even on the networks of companies that have heavily invested in security software, posing a catastrophic threat to sensitive employee data and business-critical information systems.
cWatch is an advanced, cloud-based threat discovery and notification solution that provides enterprises with unrivalled awareness of zero-day threats and malware outbreaks wherever they occur on the network.
Once installed and configured, all http, https and mail traffic will pass through multiple layers of inspection, including local and cloud antivirus scans; real-time behavior analysis; multiple blacklist checks and file reputation look-ups. Administrators receive immediate notification if cWatch detects a threat and get access to detailed, actionable reports which explain how, where and when the threat happened, and how to mitigate it.
- cWatch gives your security team the edge over zero-day threats by discovering and warning you about malicious files before major antivirus vendors have even labelled them a threat.
- Secure downloads. cWatch's innovative file wrapping technology means your employees can never download and run harmful executables from the internet.
- Superior threat awareness. cWatch uses a proven combination local and cloud based technologies to deliver comprehensive detection of known malware and lightning fast identification of zero-day threats
- Easy set up. Simply download and install the iso on a local server, point your web and mail traffic to it, fine tune content analysis rules and notifications to your liking and cWatch will immediately begin analyzing your traffic
- You're in control - Instant notifications and detailed reports keep you informed at all times, allowing you to reduce incident response times and contain malware outbreaks faster and more clinically than competing solutions.
- Low maintenance, low resource overhead. cWatch is a set-and-forget solution that uses a proprietary system of parallel traffic analysis which provides dependable protection without slowdown or constant supervision.
- Real-time updates. The coordinated network of malware analysis engines which underpin cWatch are updated with every passing second and with every file analyzed, so your company will always enjoy the latest and most effective protection.
Comodo have used their years of experience in the threat prevention space to produce an innovative, fully-optimized solution which delivers near-instant analysis of traffic with no loss of network speed to end users. cWatch analyses a mirror of network traffic and leverages constantly updated cloud-based monitoring technologies which use a fraction of the resources and bandwidth of traditional, host-based scanners.
- Employee connects to a webpage and attempts to download an executable
- cWatch downloads the executable to the cWatch server and runs real-time a real time check on our File Lookup Server (FLS) to ascertain the file's trustworthiness.
- If the file in on the whitelist (known good), the download is allowed to continue
- If the file is on the blacklist (known bad), the user is shown a warning and the download is blocked
- If the file is unknown then cWatch wraps the executable with our containment technology and delivers that modified version to the end-user. From this point:
- The executable will run on the endpoint inside its own container/sandbox. It will run in an isolated environment from which it cannot modify other processes running on the endpoint nor access user data. This ensures the download is secure because it is not possible for the file to infect the endpoint, even if it transpires to be malicious.
- Simultaneously, the file will be uploaded to Comodo labs where it will undergo and series of automated and manual tests. These include virus scans, behavioural analysis, heuristic analysis and manual inspection.
cWatch's coordinated network of malware analysis engines are updated with every passing second and with every file analyzed, so enterprises always enjoy the latest and most effective protection.
cWatch is suitable for enterprises and SMBs requiring a lightweight solution which offers robust protection against the latest advanced persistent threats but does not require powerful hardware nor negatively impact user experience. It's fast, cloud-based analysis means it is equally at home as a complement to existing endpoint-based security technologies such as CES or as standalone solution which provides lightning fast threat prevention and malware forensics.