Coro provides unified modular security for business workspaces, safeguarding against malware, ransomware, phishing attacks, and human error. Coro achieves this by actively monitoring access, activity, and protection across:
- Cloud applications
- Email accounts
- Users
- Devices
- Sensitive data
Coro runs on an intelligent model that leverages heuristic analysis techniques to identify risk and threats to an organization's data infrastructure by following:
- Best practices: based on industry recommendations and the requirements of most regulations.
- Data-driven algorithms: supporting continuous processing and analysis of multiple data sources simultaneously.
- Adaptive AI techniques: leveraged to identify anomalies based specifically on how each unique business operates.
Using these techniques, Coro can accurately distinguish between normal and unusual user behaviors.
Coro automatically remediates 95% of all observed threats, with less than 5% for manual review by admin users. All actions are backed up with a detailed activity and event log.
Coro provides cybersecurity protection through a modular approach. Each module is its own standalone cybersecurity function (for example, security for email), and can be activated separately from all other modules in the Coro platform.
Customers manage all of their subscribed modules in the Coro platform through a centralized web-based admin console, offering complete configuration, control, and monitoring for an organization's cyber security through a single dashboard.
To simplify deployment while providing flexibility of choice, Coro offers ready-made Bundles that bring together commonly-selected and related modules. This ensures that organizations get the protection they want without having to enroll in unneeded modules.
Contact your Coro sales representative to discuss the options available.
Read on to learn how Coro protects:
Coro protects your cloud applications and user accounts through the following modules:
Coro's Cloud Security module connects an organization's cloud applications and monitors access to user accounts defined within those apps. Coro provides advanced protection and support of regulatory compliance for supported cloud apps, without impacting cloud app functionality or performance.
Through its heuristic analysis capabilities, Coro can:
- Observe and identify unexpected and suspicious activity performed by logged-in users.
- Enforce explicit access permissions based on geographic location or IP address.
- Alert admin users about abnormal access and activity patterns, including unusually large data download or deletion events.
- Scan for malware in files uploaded to cloud storage or shared with other users.
Coro protects your email services through the following modules:
Coro's Email Security module monitors users' email accounts for malware and phishing attacks. Coro intervenes to protect an organization's users, automatically quarantining email messages or attachments that present a threat. Coro also enables admin users to maintain allowlists and blocklists for senders.
Email-borne malware is malicious software sent via attachments or embedded links, created to gain unauthorized access, steal sensitive data, or harm an organization’s systems and assets. When a recipient opens an infected attachment or selects a malicious link, the malware can run on the device and potentially spread to other devices within the network.
Common types of email-delivered malware include viruses, worms, trojans, ransomware, and spyware. Ransomware is particularly harmful, as it encrypts or deletes files and demands payment to restore access.
Coro helps protect against email-borne malware by:
- Scanning email attachments and links for malicious content.
- Blocking or quarantining suspicious files before they reach users.
- Monitoring email activity for malware and phishing indicators.
- Alerting administrators and users when threats are detected.
Phishing emails are fraudulent emails intended to deceive the recipient into revealing sensitive information or executing malware on their device. Often, a phishing email can be the entry point to gain access to an organization's data. Coro can help identify and provide comprehensive protection against phishing attempts.
When examining email messages, Coro considers:
- The content of the message and whether it is making a call for a response.
- The links that are embedded in the email messages.
- Any attachments that might contain malware (see also Malware).
- Attempts at impersonation, in which the attacker pretends to be a legitimate user, organization, or brand.
Coro blocks suspicious emails that are identified as containing potential phishing attempts. Those that are known to be phishing are immediately deleted from a recipient's inbox. Emails that are only suspected to be phishing are removed from the recipient's inbox and placed in a named quarantine folder for further analysis.
Coro protects your endpoint devices through the following modules:
Coro's Endpoint Security module provides antivirus (AV) and next-generation antivirus (NGAV) protection, also known as advanced threat protection (ATP), for Windows and macOS endpoint devices.
Advanced threat protection (ATP) safeguards sensitive data from cyber attacks, such as malware and phishing campaigns. ATP integrates with Coro's Cloud Security and Email Security modules to actively enhance an organization's defense against evolving threats.
Coro uses ATP to not only identify the fingerprint of potential malware and ransomware in files, but to also monitor the behavior of processes created by files containing malware. ATP acts to stop malicious processes from continuing to run.
Organizations connect their endpoint devices to a Coro workspace through the Coro Agent, a light-weight background application that monitors the device and enforces policy such as:
- Device security posture (for example, password, firewall, and access control)
- Required security software updates
- Encryption of storage drives when sensitive data is identified
Coro can also monitor transfer of sensitive data to and from endpoint devices connected to an organization's infrastructure. To learn more, see Endpoint Data Governance.
Coro is optimized to run independently, intercepting system events at the kernel level and sending the data to its antivirus engine for analysis.
Running multiple antivirus programs simultaneously can cause them to conflict, resulting in missed detections of malicious activities or even system crashes.
Outcomes of running other antivirus software alongside Coro may include:
- Both antivirus programs attempting to handle the same threat simultaneously, leading to redundant actions or confusion over the location of a quarantined file.
- One antivirus program triggering false alerts by misinterpreting the other's actions or files as a threat.
- Resource conflicts reducing system performance and potentially causing missed detections of critical threats.
Coro frequently updates its antivirus engine to ensure comprehensive protection against emerging threats, keeping your organization secure.
Windows Agent deployments only:
When the Coro Agent is installed on a Windows device, it registers itself with the Windows Security Center (WSC) as the primary antivirus software for the device. After you register Coro as the primary AV software, Windows automatically disables Windows Defender on the device to prevent conflicts.
The Endpoint Detection and Response (EDR) module extends Coro's Endpoint Security abilities to handle incidents as they occur, remediate quickly to prevent further damage from known and unknown threat sources, as well as to conduct post-breach analysis.
Coro's EDR module receives endpoint device data collected from connected devices. This contextualized analysis provides a holistic view of an organization's threat landscape, identifying and alerting on incidents in real-time. Coro then presents these findings through the Coro console, allowing admin users to filter the data as needed, including remediation guidance and immediate response actions such as isolating a device from the network, shutdown, or blocking certain processes.
Through EDR, Coro provides:
- Better detection of malicious software that otherwise may go unnoticed
- Isolation of purportedly infected devices
- Automatic remediation of vulnerabilities and potentially-breachable processes across an organization's endpoint devices
Coro's Mobile Device Management (MDM) module enables you to manage iOS/iPadOS and Android mobile devices for end users across your organization.
You can use Coro MDM to report on mobile device activity and usage, manage app policies and remote app installation across your company-owned devices, set passcode/password rules, and activate lost mode or remotely wipe sensitive data if devices are compromised.
Coro MDM supports enrollment of iOS/iPadOS devices:
- Manually, as a Company Owned Device (Supervised) or Bring Your Own Device (BYOD).
- Automatically, through Coro being designated as a MDM for your Apple Device Enrollment Program (DEP)-deployed devices.
- Automatically, through identity-led enrollment by a Managed Apple ID (MAID) user.
Coro MDM supports enrollment of Android devices:
- Manually, as a company-owned device.
- Manually, as a Bring Your Own Device (BYOD).
Coro protects your sensitive data through the following modules:
Organizations are obligated by regulation to enforce data protection for sensitive data held and transmitted for stakeholders. Sensitive data types include:
- PII (personally identifiable information)
- PHI (protected health information)
- PCI (payment card information)
- NPI (non-public information)
Most industries have one or more regulations designed to protect the types of data commonly used and held by end users (employees, contractors, third party vendors, and so on). For example, the Health Insurance Portability and Accountability Act (HIPAA) is a series of regulatory standards in the United States that outline the lawful use and disclosure of protected health information. Organizations are typically subject to these regulations where their business activities require the acquisition, storage, or processing of such sensitive or private data.
Coro's User Data Governance module helps organizations in ensuring the security and privacy of sensitive information viewed, shared, or moved by end users. Through this module, Coro helps organizations demonstrate they have robust data protection measures in place. This includes managing access to sensitive information and monitoring data sharing through cloud apps and transmission over email.
Coro also enables admin users to configure monitoring for business-sensitive data including passwords, certificates, source code, file types, and custom keywords.
Coro provides:
- Strong data governance monitoring to aid compliance with regulatory standards.
- Alerting where exposure of controlled data both within the organization and outside of the organization appears to violate the default regulations.
To learn more about regulatory compliance with Coro, see Regulations and compliance.
As with Coro's User Data Governance module. the Endpoint Data Governance module helps admin users establish a strategy for correct and secure handling of sensitive data by authorized users on their endpoint devices.
Compliance with these strategies includes defining and implementing policies, procedures, and controls for the business in order to ensure the availability, integrity, confidentiality, and privacy of sensitive data, based on applicable laws, regulations, and industry standards.
With the Endpoint Data Governance module, admin users can activate remote scans on connected endpoint devices (via the Coro Agent) to analyze device storage for sensitive data assets and raise tickets on positive results. With these logged insights, admin users can identify devices in breach of company data governance policy and perform remote drive encryption to mitigate risk.
Coro’s Security Awareness Training (SAT) module trains employees and contractors to recognize phishing and social engineering attacks, reducing the risk of unauthorized access to company resources and sensitive data and mitigating associated legal and reputational risks.
SAT reduces human error and strengthens your cybersecurity posture through:
Phishing simulations: Coro tests employee awareness by sending simulated email attacks and measuring response rates to deceptive messages.
Security training: Coro provides enrolled employees with targeted training courses, delivered either as part of a scheduled plan or to address specific concerns such as regulatory compliance.
Admin users can track simulation interaction and responses in the console. Top phished users can be enrolled into additional training to address identified issues, and Coro's Adaptive Training feature can automatically respond to detected events in your users' connected cloud and email services. You can also enroll new employees into onboarding training to introduce concepts and best practice from the outset.
Coro protects your networked devices through the following modules:
Coro's Network module empowers organizations to establish a secure virtual office environment, ensuring robust protection against both external and internal threats. This module offers flexible solutions tailored to diverse security and accessibility requirements, facilitating remote access to organizational resources.
The module is available on macOS, Windows, Android, and iOS devices.
The Network module provides two virtual office options:
Virtual private network (VPN): Establishes a secure, encrypted connection over the internet between devices and a remote server, preventing unauthorized parties from intercepting transmitted data. Admin users can select the encryption strength and define VPN policies for each device.
Zero trust network access (ZTNA): Delivers granular, identity-based access control, ensuring that only authorized users or devices can access specific resources. Before activating ZTNA, admin users must define resource access policies, as ZTNA blocks all connections by default, permitting only those explicitly configured.
The Network module integrates Site-to-site tunnels, which extend network access across multiple locations, enabling users to securely access resources across different sites. When combined with VPN, these tunnels create a unified network environment. With ZTNA, identity-based access policies are enforced within the tunnel, ensuring users access only authorized resources.
By leveraging Coro's Network module, organizations can create a secure, flexible, and centrally-managed virtual office environment, effectively safeguarding their resources and data.
Secure Web Gateway (SWG) enforces internet security policies through DNS filtering. Admin users can create allowlists and blocklists to control access to specific domains or categories, such as suspected malware sites or social networks. SWG integrates with both VPN and ZTNA, providing an additional layer of protection for users accessing internal and external resources.
Admin users can also create custom domain records, allowing access to specific devices, like printers or local servers, by a recognizable domain name instead of an IP address.
To read more about how Coro provides detection and protection services for an organization's apps, users, devices, and data, see Coro high-level architecture.