Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

New Comodo SecureBox Protects Endpoint Applications

Security services provider and certificate authority Comodo announced on Wednesday the launch of Comodo SecureBox, a solution designed to help organizations protect the important applications running on their endpoints.

Security services provider and certificate authority Comodo announced on Wednesday the launch of Comodo SecureBox, a solution designed to help organizations protect the important applications running on their endpoints.

According to the company, the new desktop application provides a layer of protection to ensure that users can safely interact with mission-critical programs installed on computers, point-of-sale (PoS) systems, ATMs and other devices. SecureBox addresses threats such as keylogging, data exfiltration, man-in-the-middle (MitM) and man-in-the-browser (MitB) attacks.

The application is not designed to protect the entire device, like other endpoint security solutions. Instead, it assumes that the device is compromised and secures only trusted applications by creating a threat-resistant tunnel between clients and webservers, Comodo said. Unlike classic containment solutions, which sandbox untrusted applications, SecureBox runs only trusted pieces of software. Furthermore, before a trusted application is opened, a quick cloud-based scan is performed to detect and neutralize any pieces of malware that might be on the device.

In order to protect users against keyloggers, SecureBox bypasses the Windows input system and uses keyboard virtualization technology to intercept keystrokes and encrypt the information before sending it to the application. Attackers that attempt to remotely access the desktop are prevented from doing so by the company’s application-agnostic screen capture detection technology which displays an isolated desktop screen with warning messages when an attack is detected, Comodo explained.

Memory scraping is prevented by prohibiting external programs from accessing the memory of trusted applications, Comodo said. Malicious SSL connections and SSL sniffing attempts are detected by comparing certificates against the company’s trusted root certificate list.

“SecureBox is particularly well-suited for businesses who need to ensure the security of third-party endpoints that are beyond the control of their IT organization,” said Kevin Gilchrist, vice president of product management at Comodo. “Financial services companies, healthcare or health insurance companies, or any company that has a large supply chain where the supplier represents a possible vector for malware would benefit from SecureBox.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...