Skip to content

Coro protection

Coro protection

Coro provides unified multi-layer security for business workspaces, safeguarding against malware, ransomware, phishing attacks, and human error. It achieves this by actively monitoring access, activity, and protection across:

  • Cloud applications
  • Email accounts
  • Users
  • Devices
  • Sensitive data

Coro runs on an intelligent model that leverages heuristic analysis techniques to identify risk and threats to an organization's data infrastructure by following:

  • Best practices: based on industry recommendations and the requirements of most regulations.
  • Data-driven algorithms: supporting continuous processing and analysis of multiple data sources simultaneously.
  • Adaptive AI techniques: leveraged to identify anomalies based specifically on how each unique business operates.

Using these techniques, Coro can accurately distinguish between normal and unusual user behaviors.

Coro automatically remediates 95% of all observed threats, with less than 5% for manual review by administrators. All actions are backed up with a detailed activity and event log.

To learn more about the protection Coro provides in each specific area, see the following sections:

Cloud apps and user activity

Cloud apps

Coro connects to an organization's cloud applications and monitors access to user accounts defined within those apps.

Through its heuristic analysis capabilities, Coro can:

  • Observe and identify unexpected and suspicious activity performed by logged-in users.
  • Enforce explicit access permissions.
  • Alert administrators about abnormal access and activity patterns.


Malware protection

Malware is malicious software that can cause harm, damage, or unauthorized access to an organization's assets when executed on a target device. Many forms of malware can self-replicate to other endpoint devices if programmed to do so. For example, malicious software can infect other devices connected to the network.

Malware can take many forms, such as viruses, worms, Trojans, ransomware, spyware, adware, or bots. Ransomware is an increasingly prevalent malware attack that aims to extort money from owners of infected data. It commonly renders target device data inaccessible through encryption or deletion and returns the affected data only after the fee has been paid.

Protecting against such threats is a top priority for organizations, and Coro can help.

Coro safeguards against malware by:

  • Monitoring endpoint devices, internal servers, cloud drives, and email attachments to identify infected files.
  • Detecting and preventing ransomware from deleting shadow file backups managed by Coro.
  • Deleting or quarantining suspected files before they can cause harm while providing notifications to affected users and administrators.

Advanced threat protection (ATP)

Advanced threat protection (ATP) safeguards sensitive data from sophisticated cyberattacks, such as malware and phishing campaigns. ATP integrates cloud security, email security, and endpoint security to actively enhance an organization's defense against evolving threats.

Coro uses ATP to not only identify the fingerprint of potential malware and ransomware in files, but to also monitor the behavior of processes created by files containing malware. ATP acts to stop malicious processes from continuing to run.

Compatibility with existing malware solutions

Coro is a complete solution for malware protection and not recommended to be used in parallel with other anti-virus software. Doing so can result in degraded performance for Coro and your other anti-virus products. For more information, contact our Support team.


Windows Defender is fully compatible with Coro.

Email phishing

Email phishing

Phishing emails are fraudulent emails intended to deceive the recipient into revealing sensitive information or executing malware on their device. Often, a phishing email can be the entry point to gain access to an organization's data. Both spam and phishing emails are undesirable, and Coro can help identify and provide comprehensive protection against such attempts.

When examining email messages, Coro considers:

  • The content of the message and whether it is making a call for a response.
  • The links that are embedded in the email messages.
  • Any attachments that might contain malware (see also Malware).
  • Attempts at impersonation, in which the attacker pretends to be a legitimate user known to the recipient.

Coro blocks suspicious emails that fall into either phishing or spam categories. Those that are known to be phishing are immediately deleted from a recipient's inbox. Emails that are only suspected to be phishing are removed from the recipient's inbox and placed in a Suspected folder for further analysis.

Data governance

Data governance

Organizations are obligated by regulation to enforce data protection for sensitive data held and transmitted for stakeholders.

Most industries have one or more regulations designed to protect the types of data commonly used and held. For example, the Health Insurance Portability and Accountability Act (HIPAA) is a series of regulatory standards in the United States that outline the lawful use and disclosure of protected health information. Organizations are typically subject to these regulations where their business activities require the acquisition, storage, or processing of such sensitive or private data.

Coro helps organizations in ensuring the security and privacy of sensitive information, and organizations must be able to demonstrate they have robust data protection measures in place. This includes:

  • Managing access to sensitive information
  • Monitoring data sharing and transmission
  • Securely storing data

Coro also helps organizations manage their regulatory, legal, and ethical responsibilities through:

  1. Strong data governance monitoring to aid compliance with regulatory standards.
  2. Alerting where exposure of controlled data both within the organization and outside of the organization appears to violate the default regulations.

Being protected by Coro means that your organization is compliant with the following regulatory standards:

  • GLBA
  • GDPR
  • SOC2
  • SOX

To learn more about regulatory compliance with Coro, see Regulations and compliance.

Endpoint device protection

Endpoint device protection

Coro provides anti-virus and advanced threat protection (ATP) for Windows and macOS endpoint devices.

Coro can monitor transfer of sensitive data to and from endpoint devices connected to an organization's infrastructure, enforcing:

  • Device security posture (for example, password, firewall, and access control)
  • Required security software updates
  • Encryption of storage drives when sensitive data is identified

Next steps

To read more about how Coro provides detection and protection services for an organization's cloud applications and users, see Coro high-level architecture.