Valkyrie Verdict - Cloud based Threat Lab as a Service

Security Products & Services Comodo Valkyrie - FLS
1

Hello everyone,

Today we are glad and excited to announce the launch of our global Threat Labs as a Service (TLaaS) Valkyrie Verdict (https://verdict.valkyrie.comodo.com/) offering, a cloud-based verdicting service. Valkyrie Verdict provides a simple interface via its API and Web UI to our threat lab’s file analysis, malware kill-chain analysis, domain, URL and IP intelligence capabilities.

The major difference of Valkyrie Verdict with similar products is the ability to provide 100% trusted and verified verdict, as either Safe or Malware for any file within an SLA of 4 hours. Valkyrie Verdict provides %100 visibility of customer’s network in terms of known good or known bad classification.

Following features of this offering are provided via both Verdict Developer’s API and its Web UI:

  • Cloud based file analysis and Kill-Chain service via Valkyrie
  • Human-expert malware analysis
  • Domain, URL and IP intelligence via Reputation System
  • Domain and URL scanning via Deceptive Domain Engine

We have also developed following plugins to integrate Valkyrie Verdict in to your defense in depth:

Please note that Valkyrie Verdict is still in Beta version, and it would be great if you test it and provide your valuable feedback to us!

Valkyrie Verdict Team.

2

Congrats Berker, good job.

3

A few issues I noticed, first you get different results when you search by sha1 hash when same hash is in upper case and lower case form e.g.

  1. different results between consumer and verdict e.g.
    Valkyrie Verdict
    https://consumer.valkyrie.comodo.com/get_info?sha1=db6828333b74aa3e1caaa2e36423fe5159d43c2e

  2. some URLs are reported as Phishing but Comodo Online Security browser extensions do not block the URL. e.g. Valkyrie Verdict

  3. last analysis date for URLs are not presented even if reputation history have history listed for the URL.

4

This time consumer and verdict valkyrie have equal unknown rating:

https://consumer.valkyrie.comodo.com/get_info?sha1=0fa31bf9e99a0d98c9df06b4c92bf736780c86a3

but is rated malware by regular valkyrie:

5

Any point in not making use of Valkyrie logins in production env?

6

Hello futuretech,

  1. Team is working on upper case - lower case bug. In 2 days, SHA1 search will be totally case in-sensitive.

  2. Verdict reflections from original Valkyrie to Valkyrie Verdict and Valkyrie Consumer might take some time which could also be different. Verdict is getting human expert analysis results directly from Valkyrie, but consumer is getting these verdict after they are reflected to FLS.

  3. COS might have a whitelist to not accidentally block safe sites. I am going to contact with COS team and resolve the issue whether we have problem in integration or not.

  4. Team is working on this, in a week we will also release this.

7

Hello futuretech,

Team will check new analysis result integrations of both Verdict and Consumer. This specific file appears malware in all 3 platforms now.

Thanks for reporting and giving feedback for Valkyrie.

8

Hello qmarius,

Do you mean using original Valkyrie logins in Valkyrie Verdict ? If that’s the case, it is planned to keep user, subscription and integrations of Valkyrie Verdict as different services from original Valkyrie. Currently we have integration only on file analysis.

9

Hello everyone,

A new version for Valkyrie Verdict has been released.

Following bugs have been fixed:

  • Different analysis results for Lowercase - Uppercase hash
  • Correction of FP cases for Deceptive Domain Engine
  • Incorrect verdict field of phishing URL(s) for any Domain

Valkyrie Verdict Team.

10

I’m a little late , but that looks very interesting . I will deal with it extensively !

Thank all for the development work done. :-TU

11

:-TU

12

Hello!

I have 2 internet providers, one with 30MB speed and another with 1MB speed. I’ve never had any problems with valkyrie.comodo.com related to 30MB speed. But related to 1MB speed, yes I have some problems.

When I upload to the valkyrie.comodo.com through the internet of 1MB if the file is above 1 mega always the error, I can only send very small files. This occurs for months.

Now I’m using this verdict.valkyrie.comodo.com that works perfectly with both speeds, I had no problem uploading since I started a few days ago.

13

Hello pio,

Looking forward to hearing your feedback :-TU

All comments, findings and requests for Valkyrie Verdict are so valuable for us especially in this Beta phase!

Best regards,
Berker

14

Hello Felipe,

Thanks a lot for reporting this problem. Valkyrie team will check this ASAP.

Best regards,
Berker

15

Love it! Thank you guys :-TU

I want to inform you about another website’s mistake.
Please go there: Comodo Antivirus Database | Submit Files for Malware Analysis

I want to submit a host but website gives me warning “Please enter valid url”
See the attached screenshot. Can you please solve it? Thanks

16

yigido, that’s weird. I’ll inform the team to fix it.

Thanks for notification

17

Yigido, this case is fixed. You may submit this kind of url as well as an ip.

18

Thank you Fatih (abi) :-TU

19

want to ask something. If we are talking about “verdict” (Valkyrie Verdict)
Why threats are uncategorized? UnclassifiedMalware etc.

How naming should be?

https://vgy.me/wOeg1Y.png

Kaspersky, Microsoft doing well on this imho.

20

Hello yigido,

Currently, type classification is being performed in an automated manner and sometimes by malware experts. But we are also working on automatic fast type classification of known malware samples, and once that process starts you will get malware types for more sample.