Skip to content

Coro protection

Coro protection

Coro provides unified modular security for business workspaces, safeguarding against malware, ransomware, phishing attacks, and human error. Coro achieves this by actively monitoring access, activity, and protection across:

  • Cloud applications
  • Email accounts
  • Users
  • Devices
  • Sensitive data

Coro runs on an intelligent model that leverages heuristic analysis techniques to identify risk and threats to an organization's data infrastructure by following:

  • Best practices: based on industry recommendations and the requirements of most regulations.
  • Data-driven algorithms: supporting continuous processing and analysis of multiple data sources simultaneously.
  • Adaptive AI techniques: leveraged to identify anomalies based specifically on how each unique business operates.

Using these techniques, Coro can accurately distinguish between normal and unusual user behaviors.

Coro automatically remediates 95% of all observed threats, with less than 5% for manual review by administrators. All actions are backed up with a detailed activity and event log.

Modular protection

Coro utilizes a modular approach to providing cybersecurity protection for customers. Each module is its own standalone cybersecurity feature (for example, security for email), and can be activated separately, or in addition, to all other modules in the Coro platform.

In addition to modules, Coro offers add-ons. Customers can enable add-ons in a module to activate additional functionality or security for a specific need (for example, adding secure messaging to enable email encryption). Add-ons are not mandatory in order to get full functionality from the module itself, but are dependent on the module for which they are an add-on.

Contact your Coro sales representative to discuss the options available.

To learn more about the protection Coro provides in each module, read the sections that follow.

Cloud security

Cloud security

Coro's Cloud Security module connects an organization's cloud applications and monitors access to user accounts defined within those apps. Coro provides advanced protection and support of regulatory compliance for supported cloud apps, without impacting cloud app functionality or performance.

Through its heuristic analysis capabilities, Coro can:

  • Observe and identify unexpected and suspicious activity performed by logged-in users.
  • Enforce explicit access permissions based on geographic location or IP address.
  • Alert administrators about abnormal access and activity patterns, included unusually large data download or deletion events.
  • Scan for malware in files uploaded to cloud storage or shared with other users.

Email security

Email security

Coro's Email Security module monitors users' email accounts for malware and phishing attacks. Coro can intervene to protect an organization's users, automatically quarantining email messages or attachments that present a threat. Coro also enables Admin users to maintain Allowlists and Blocklists for identified safe and unsafe senders.


Malware is malicious software that can cause harm, damage, or unauthorized access to an organization's assets when executed on a target device. Many forms of malware can self-replicate to other endpoint devices if programmed to do so. For example, malicious software can infect other devices connected to the network.

Malware can take many forms, such as viruses, worms, Trojans, ransomware, spyware, adware, or bots. Ransomware is an increasingly prevalent malware attack that aims to extort money from owners of infected data. It commonly renders target device data inaccessible through encryption or deletion and returns the affected data only after the fee has been paid.

Protecting against such threats is a top priority for organizations, and Coro can help.

Coro safeguards against malware by:

  • Monitoring endpoint devices, internal servers, cloud drives, and email attachments to identify infected files.
  • Detecting and preventing ransomware from deleting shadow file backups managed by Coro.
  • Deleting or quarantining suspected files before they can cause harm while providing notifications to affected users and administrators.

Email phishing

Phishing emails are fraudulent emails intended to deceive the recipient into revealing sensitive information or executing malware on their device. Often, a phishing email can be the entry point to gain access to an organization's data. Coro can help identify and provide comprehensive protection against phishing attempts.

When examining email messages, Coro considers:

  • The content of the message and whether it is making a call for a response.
  • The links that are embedded in the email messages.
  • Any attachments that might contain malware (see also Malware).
  • Attempts at impersonation, in which the attacker pretends to be a legitimate user, organization, or brand.

Coro blocks suspicious emails that fall into either phishing or spam categories. Those that are known to be phishing are immediately deleted from a recipient's inbox. Emails that are only suspected to be phishing are removed from the recipient's inbox and placed in a named quarantine folder for further analysis.

Compatibility with existing malware solutions

Coro is a complete solution for malware protection and not recommended to be used in parallel with other anti-virus software. Doing so can result in degraded performance for Coro and your other anti-virus products. For more information, contact our Support team.


Despite this restriction, Coro is fully compatible with Windows Defender.

Endpoint security

Endpoint security

Coro's Endpoint Security module provides antivirus (AV) and next-generation antivirus (NGAV) protection, also known as advanced threat protection (ATP), for Windows and macOS endpoint devices.

Advanced threat protection (ATP) safeguards sensitive data from sophisticated cyberattacks, such as malware and phishing campaigns. ATP integrates with Coro's Cloud Security and Email Security modules to actively enhance an organization's defense against evolving threats.

Coro uses ATP to not only identify the fingerprint of potential malware and ransomware in files, but to also monitor the behavior of processes created by files containing malware. ATP acts to stop malicious processes from continuing to run.

Organizations connect their endpoint devices to a Coro workspace through the Coro Agent, a light-weight background application that monitors the device and enforces policy such as:

  • Device security posture (for example, password, firewall, and access control)
  • Required security software updates
  • Encryption of storage drives when sensitive data is identified


Coro can also monitor transfer of sensitive data to and from endpoint devices connected to an organization's infrastructure. To learn more, see Endpoint Data Governance.

User data governance

User data governance

Organizations are obligated by regulation to enforce data protection for sensitive data held and transmitted for stakeholders. Sensitive data types include:

  • PII (personally identifiable information)
  • PHI (protected health information)
  • PCI (payment card information)
  • NPI (non-public information)

Most industries have one or more regulations designed to protect the types of data commonly used and held by end users (employees, contractors, third party vendors, and so on). For example, the Health Insurance Portability and Accountability Act (HIPAA) is a series of regulatory standards in the United States that outline the lawful use and disclosure of protected health information. Organizations are typically subject to these regulations where their business activities require the acquisition, storage, or processing of such sensitive or private data.

Coro's User Data Governance module helps organizations in ensuring the security and privacy of sensitive information viewed, shared, or moved by end users. Through this module, Coro helps organizations demonstrate they have robust data protection measures in place. This includes managing access to sensitive information and monitoring data sharing through cloud apps and transmission over email.

In addition, Coro enables Admin users to configure monitoring for business-sensitive data including passwords, certificates, source code, file types, and custom keywords.

Coro provides:

  1. Strong data governance monitoring to aid compliance with regulatory standards.
  2. Alerting where exposure of controlled data both within the organization and outside of the organization appears to violate the default regulations.

To learn more about regulatory compliance with Coro, see Regulations and compliance.

Endpoint data governance

Endpoint data governance

As with Coro's User Data Governance module. the Endpoint Data Governance module helps administrators establish a strategy for correct and secure handling of sensitive data by authorized users on their endpoint devices.

Compliance with these strategies includes defining and implementing policies, procedures, and controls for the business in order to ensure the availability, integrity, confidentiality, and privacy of sensitive data, based on applicable laws, regulations, and industry standards.

With the Endpoint Data Governance module, Admin users can activate remote scans on connected endpoint devices (via the Coro Agent) to analyze device storage for sensitive data assets and raise tickets on positive results. With these logged insights, Admin users have the visibility to identify devices in breach of company data governance policy and to perform remote drive encryption to mitigate risk.

Endpoint Detection and Response


The Endpoint Detection and Response (EDR) module extends Coro's Endpoint Security abilities to handle incidents as they occur, remediate quickly to prevent further damage from known and unknown threat sources, as well as to conduct post-breach analysis.

Coro’s EDR module receives endpoint data collected from connected endpoints (via the Coro Agent). This contextualized analysis provides a holistic view of an organization’s threat landscape, identifying and alerting on incidents in real-time. Coro then presents these findings through the Console, allowing Admin users to filter the data as needed, including remediation guidance and immediate response actions such as isolating a device from the network, shutdown, or blocking certain processes.

Through EDR, Coro provides:

  • better detection of malicious software that otherwise may go unnoticed
  • isolation of purportedly infected devices
  • automatic remediation of vulnerabilities and potentially-breachable processes across an organization's endpoint devices

Next steps

To read more about how Coro provides detection and protection services for an organization's apps, users, devices, and data, see Coro high-level architecture.