Price | Free |
Publisher | Comodo - https://www.comodo.com |
Publisher's Description |
Valkyrie is a online file verdict system that tests unknown files with a range of static and behavioral checks in order to identify those that are malicious. Because Valkyrie analyzes the entire run-time behavior of a file, it is more effective at detecting zero-day threats missed by the signature-based detection systems of classic antivirus products.
The Valkyrie console allows users to upload new files for analysis and to view scan results in a range of dashboards and reports. Users also have the option to forward files Comodo Labs for in-depth, manual checks. The Comodo APT Risk Assessment tool allows users to locally scan entire networks for unknown files then upload them to Valkyrie for analysis.
Features
Overview of the Technologies
Valkyrie analysis systems consist of multiple techniques to ensure each and every file submitted is analyzed thoroughly before providing the verdict. In order to do that Valkyrie deploys two types of technologies – Automatic analysis and Manual analysis. The techniques used for automatic analysis include Static Analysis, Dynamic Analysis, Valkyrie Plugins and Embedded Detectors, Signature Based Detection, Trusted Vendor and Certificate Validation, Reputation System and Big Data Viruscope Analysis System.
Static Analysis
This technique involves extraction and analysis of various binary features and static behavioral inferences of an executable such as API headers, referred DLLs, PE sections and more such resources. Any deviation from the expected results are listed in the static analysis results and the verdict given accordingly.
Dynamic Analysis
The dynamic analysis technique include studying the run time behavior of a file to identify malware patterns that cannot be be identified through static analysis.
Valkyrie Plugins and Embedded Detectors
Valkyrie plugins utilizes the different malware analysis techniques developed by various communities and educational institutions and deployed by them on their systems as RESTful Web Services. Valkyrie includes these results also to compute a final overall verdict.
Embedded detectors in Valkyrie uses new methods of malware detection developed by Comodo AV laboratory to compute an overall final verdict of a file.
Signature Based Detection
Valkyrie uses different signature based detection sources in order to detect a given sample in the first place. Signature based detection simply checks SHA1 hash of files from signature sources to determine if there is any match in database.
Trusted Vendor and Certificate Validation
Valkyrie checks vendor details of a file with Trusted Vendor database that are continuously updated. If the vendor is whitelisted, then certificate validation is done to ensure that certificate chain is valid and not revoked or expired.
Reputation System
Reputation data of files that are collected from millions of endpoints through Comodo network and products are evaluated on a big data platform and converted to intelligence form to be used by Valkyrie.
Big Data Viruscope Analysis System
Viruscope, a part of Comodo Security products, is a dynamic application analyzer system that detects malicious behavior of a file, blocks and reverses those actions when necessary. The detected malware are reported to Comodo servers and this data is also used by Valkyrie.