Key Selling Points

• Comodo Group Inc. is the World’s largest certificate authority currently securing over 38 million fully qualified domains.
• Global innovator of cybersecurity solutions, protecting critical information across the digital landscape
• The world’s largest certificate authority

Services Offered

• Every single digital transaction is authenticated, validated and secured through a layer of trust and security. Comodo provides SSL certificates, antivirus, and endpoint security leadership and true containment technology.
• The company provides complete end-to-end security solutions across the boundary, internal network, and endpoint with innovative technologies solving the most advanced malware threats, both known and unknown.
• Digital Certificate Management (CCM) Platform
  Allows customers (enterprises) to self-administer, instantly provision, auto-discovery, and manage their entire digital certificate ecosystem from any certificate authority (CA). It organizes them into one central inventory to simplify SSL/private key information (PKI) tracking and management and alerts them when certificates are about to expire.
• Zero-day malware: New malware never seen before and continue to plague businesses of all sizes. They are not detected by existing security systems and hide on endpoints and networks.
  Hackers use them as useful tools. Millions of hidden files are created and modified each year.
• Valkyrie: A cloud-based significant component of the AEP solution. It goes beyond typical signature-based checking for malware accomplishes and brings an instantiations file check using an online file verdict system, which tests the entire run-time behavior of a file with a range of static and behavioral checks to identify those that are malicious.
  It is efficient at detecting zero-day threats missed by the signature-based detection systems of standard antivirus products.
  The Valkyrie, Comodo’s cloud-based file analysis tool, automatically prevents hidden files from executing, and renders a file verdict as ‘Good’ or ‘Bad.’. The unknown files get isolated in automatic containment in a virtual environment on the endpoint.
  The detailed information helps IT security professionals with exact information to protect the environment from advanced persistent threats (APTs) and other cyber-attacks.
• cWatch EDR: Endpoint Detection And Response Solution is the part company’s security solutions advanced endpoint protection to detect, prevent and respond to malware infection. It blocks and isolates unknown, zero-day attacks of malware, Trojans, and other harmful executables – and renders those attacks useless against endpoints and networks.
  • Features of cWatch EDR include:
    i) Continuous monitoring of endpoints
    ii) Advanced search capabilities for file hashes and anomaly detection
    iii) Real-time visibility into what’s happening in your environment
    iv) 100 percent trusted verdicts for all files, ensuring detection of any malware, even new attacks
    v) Unrivaled process timeline visualization
    vi) Retrospective analysis of what has happened
    vii) Centralized cloud-hosted architecture
    viii) Works in concert with Comodo’s global threat intelligence
    ix) Human analysis of unknown file and event types
    x) Compatible with other endpoint security tools

Headquartered: Clifton, New Jersey

Other Offices: branch office in Silicon Valley and international offices and R&D centers across Europe and Asia (China, India).

Target Customer: mid-sized companies, to the world’s largest enterprises

No. of Customers: 50 percent of SSL certificate market share worldwide and securing more than 38 million fully qualified domains

Executive

Latest News

• (November 01, 2017) Comodo CA acquired by Francisco Partners The company also owns SonicWall, which produces SSL proxy boxes, and NSO Group, which provides government spyware, among other cyber-surveillance upstarts.
• (Jul 13, 2017) The company announced upgrade Program exclusively for owners of Symantec, Thawte, and GeoTrust digital certificates by offering one year free with Comodo replacement extended validation (EV) certificates. Recent news reports, Symantec-issued certificates will have a shorter life and not have the green trust padlock indicator.
• (June 27, 2017) Announced Free fully-featured, enterprise-class cWatch EDR Endpoint Detection And Response Solution. It enables any size organization to detect malware on endpoints better and investigate and respond to security incidents.
• (Jan. 18, 2017, PRNewswire) Distinguished Leader in Digital Certificates Neal Creighton Joins Comodo as Advisor to Drive SSL Business. As the former co-founder, president and CEO at GeoTrust, another leading certificate authority, he led a $24 million financing round and sold GeoTrust to Verisign for $125 million. Currently based in Boston, is a graduate of the USMA at West Point and holds a JD and an MBA from Northwestern University.
• Creighton has also spearheaded ventures, including GeoTrust spin-off chosen security, acquired by PGP, Corp. (now Symantec), and AffirmTrust LLC, acquired by Trend Micro. He is currently president and CEO of CounterTack, where he has raised more than $72 million to support the company’s rapidly growing endpoint security and threat platform.
• (Oct. 26, 2016 PRNewswire) To aid in the fight against cyber attacks, Comodo Offers Free Forensic Analysis to Uncover Zero-day Malware Lurking on Enterprise Endpoints and Networks. Underpinned by Comodo’s industry-leading Default Deny Platform, this analysis will help enterprises to discover 100 percent of all previously unknown and undetected malware in environments that could ultimately cause serious cyber-security issues, including a data breach.

Technology industry highlights the very high threat landscape in the digital world which leads to an increase in security. Businesses communications targeted with email-related attacks. Hiring or outsourcing IT services is becoming critical. It’s essential to deploy an automated system to deal with safety issues. The proactive approach required having robust security protocol.
Data are the pillars of any business, so its protection is the top priority for owners. Companies are concerned to keep sensitive information safe and imply data security and backup solutions.

Secure web hosting

The highest level of protection with multiple layers of security to deter, detect, and prevent threats includes:

• Up-to-date to the latest version: Keep software, scripts, plugins, and platform up-to-date to the latest version to plug loopholes.
• Back Up & Restore: Regular automated remote backups cloud is an essential practice. Use of RAID technology.
• Firewalls: Protects from malicious intrusions specifically intended to breach your system. It monitors all traffic coming in and out of network and prevents malware like viruses or Trojan horses from accessing and corrupting your data. It protects businesses from DDoS attacks. Locks out IP addresses that hunt for known vulnerabilities.
• SFTP: It provides a more significant layer of security when you transfer files to the dedicated server.
• Cryptography: Use Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption, data-at-rest encryption or an iterative cryptographic hash. Encrypting sensitive transmissions is necessary to protect from the data breach. HTTPS makes the exchange of information through your website secure and impenetrable. Encryption provided with the help of an SSL certificate. An EV SSL certificate is the highest form of SSL encryption available, issued after organization verification.
• Man-in-the-middle attacks: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are vulnerable to man-in-the-middle attacks.The pervasive use of SSL/TSL has created blind spots in the network where malware hide.
• Sneaky SQL injections: Put necessary constraints on all the fields, such as the web form and use parametrized queries. Hackers use them to insert code, which in turn allows them to hack database and steal sensitive information available.
• Use Virtual Private Networks: The safe and encrypted passage to exchange confidential organizational information across the Internet without data leaks, security breaches or interception. It ensures only registered or authorized users to a network, thus ideal for corporates with the closed-door policy for data exchange.
• Mandatory Password Change at regular intervals with minimum password strength parameter. Also, run periodic security audits by discouraging of password sharing culture.

What can malicious, greedy Hackers do?

• Deface the website home page to embarrass company or damage reputation
• Hijack credit-card processing and stole member’s information
• Use your website server to send out a bulk of spam mail
• Distribute illegal files for fishing activities, even for Bitcoin mining
• Can load site with viruses and ransomware to infect office or members’ computers

Cyber Security Studies

• Ponemon Institute study found that in 2016 more than 50% of US companies suffered a security breach.

CentOS 5 reaching EOL (end-of-life) on 31st March 2017, after that software developer will stop supporting it and deprecate its use.
The CentOS released in April 2007 received full updates till 2012 after that only maintenance and security updates were received.
With this, cPanel would also no longer support it. Continuing with non-supportive and un-maintained OS can lead to security vulnerabilities and won’t be fixed.

Key Selling Points

• Award Winning Cloud-based web security service
• Partners with Hosting providers to strengthen and power their security solutions.

Services Offered

• Filter malicious website traffic with Penta Security Systems’ cloud-based WAF (Web Application Firewall) service patented Logic Analysis. WAF comprised of 26 preset rules to intelligently recognize thwart cyber threats.
• Smooth and easy web security, SSL

Executive

Achievements/Awards
SC Magazine Awards honored Cloudbric as the best SME security solution for providing small to mid-size businesses with a reliable website protection service.

Latest News

• (September 22, 2017) Announced partnership with eSecureData to Extend WAF Service to Web Hosting Providers. It would bring its WAF capabilities to Vancouver and surrounding cities.
  eSecureData – Canadian IDC channel and leading web hosting and infrastructure company.

• Enables subscribers to monitor, repair and restore website data.
• Provides continuous Malware and Hack detection scanning services. It monitors alterations to website code and file structure and notifies site webmaster of unauthorized access in real time.
• Cleaning Compromised site: It provides repair and restores functionality to mitigate interruptions or downtime that may result from an infection.
• It monitors and maintains the business’s online reputation so that it can avoid being blacklisted by search engines.
• It provides protection from multiple attack vectors like direct hacks to reputation compromises.
• Defends insecure code from being exploited
• Protect websites from Brute Force attacks, DDoS attacks, SQL injection, malicious web bots, and hackers.

The first concern in development is security. According to the Global Development Survey 2017, released by Evans Data Corporation (EDC), only 31% of companies formalize cybersecurity policy. The 34 percent have an informal policy adopted by various departments, while roughly 25 percent have a piecemeal system defined within departments or none at all.
The data size of the survey was 1500 developers from different regions in different languages. The report reveals that APAC companies are most likely to have overall formal cybersecurity strategy. The businesses in North America and the EMEA region have informal policies, and businesses without policies are most common in EMEA.
The report shows 26%of developers globally developing apps to run on secure and trusted systems, but within the next six months, 19% expect to start doing so.

Internet threats and its solution

Threats

• Growing hackers exploitation with sophisticated tools that hunt for known vulnerabilities of any website.
• Network of infected computer and devices
• Malicious internets traffic attacks such as an HTTPS Flood and DNS Amplification DoS Attack
• According to the survey conducted by Clutch, a leading research and reviews platform for business services, over 50% of websites collect visitors’ email addresses, creating the possibility of privacy breaches. Inconsistent security measures increase the risk of visitor’s privacy and greatest security risk to consumers. Clutch’s 2017 Website Security Survey included 302 site managers who built or maintain a web site for personal, business or other use.
• SSL misconfiguration
• Cross-site scripting attacks
• Malicious domain registrations & Phishing: According to the report of Anti-Phishing Working Group (AWPG), 2016, malicious use of the domain name system reached an all-time high, accounted for half of all domain names used for phishing in 2016. The AWPG report reveals 255,065 unique phishing attacks globally during 2016.
• Phishing: Cybercriminals set up web pages that masquerade as reliable brands, such as banks and e-commerce sites (PayPal, Yahoo, Apple), where they lure victims and by trick get sensitive information such as usernames, passwords, and credit card details.
• Domain shadowing: When an unsuspected company’s DNS settings are manipulated to insert multiple phishing sites onto the firm’s servers.

Solution

• Automation of security products in response to changing environment
• Continuous monitoring and scanning to detect security holes or issues
• Deployment of Firewall to block malicious traffic
• Site owners keep their systems up to date
• Fast removal of malware, hack repair and blacklisting by Google, Norton, and McAfee
• Proper Server Ecosystem: To keep the business running smoothly, hosting provider offers Backup & Restore Solution. Even if worst happens, a perfect backup makes it possible. Even, if you are on cloud computing, it is recommended to have a robust backup solution.
• Businesses take active measures to protect their web hosting and email services.
• Pay attention to the destination URL, while entering credentials.

Organizations

• Malware and Mobile Anti-Abuse Working Group M3AAWG, an organization that aims to fight abuse of internet infrastructure
• eQualit.ie, a Canadian-based nonprofit offers Deflect Service to protect against DDoS
  co-founder: Dmitri Vitaliev

Services Offered

• Security: Protect users, data and application from breaches, credential theft, and account takeover. It ensures only legitimate users and suitable devices have access to sensitive data and applications in a rapidly changing world of cloud applications and mobile devices.
• Easy-to-use two-factor authentication solution: Easily deployable and strengthens access security by requiring two methods to verify identity: something the user knows, plus something the user has. A user gets basic access controls, advanced administrative management, and user provisioning, along with an overview of overall device security hygiene. It gives users a secure single sign-on experience, and quickly conduct phishing vulnerability assessments.
• Checks user devices for out-of-date software and missing security controls. It blocks risky devices from accessing data and apps at login, protecting client organizations against software vulnerabilities.
• Identifies corporate vs. personal devices with easy certificate deployment
• Supports blocking of untrusted endpoints and provides users with secure access to internal applications without using VPNs.

Headquarters: Ann Arbor, Michigan

Premium Customers: Dresser-Rand Group, Etsy, Facebook, K-Swiss, Paramount Pictures, Random House, SuddenLink, Toyota, Twitter, Yelp, Zillow

In 2003, Net neutrality principle described that ISPs (Internet Service Providers) should treat all of the data they are providing to customers equally, and would not use infrastructure to block out competitors by taking advantage of their position. It provides an equal chance to small companies to build a user-base and break into the market and increases innovation and competition.The consumers use the Internet for varying usages like viewing content like TV shows, films, and websites.
As a consumer you pay for Internet usage on mobile, so you shouldn’t be charged for data used for services like WhatsApp or Facebook Messenger. Nor, the Internet provider should prioritize the content and services, and delivered equally and justly.

Who safeguards Net Neutrality?

• Open Internet Order introduced during Barack Obama administration
• The principle is active and came effect in October 2015, in British law courtesy of the European Union’s Regulation on Open Internet Access. The UK broadband market is highly competitive and allows customers to choose and switch to the best provider as per needs.
• In UK regulators like Ofcom enforce net neutrality rules

US Federal Communications Commission’s (FCC) proposal to de-regulate would give big cable companies control over what we see and do online. In the protest, Amazon, Reddit, and Netflix altered the way services displayed. FCC chairman Ajit Pai wish to get rid of the Open Internet Order on competition grounds.

Key Selling Points

• A leading provider of TLS/SSL certificates and certificate management solutions.

Services Offered

• GeoTrust products
• Comodo’s TLS/SSL certificate and cWatch Web

Headquarters: Atlanta

Executive

Suppor: 24.7.365 with white-glove support experience

What for customers?

• Helping clients with right certificate solution

Services Offered

• GamaSure PLUS: Data Breach Limited Warranty: cloud-based website vulnerability identification, remediation-as-service, web attack prevention and a $50,000 Data Breach Limited Warranty.
• GamaShield PLUS: website security service

Establishment: 2006

Headquarters: Israel with offices in New York City

Target Customers: Small and medium-sized businesses of United States, Canada, and Puerto Rico

What for Customers?

• A pioneered approach, as service, includes a combination of both security and financial assurance.
• The company offers affordability and quick action.