Xcitium (formerly Comodo Security Solutions Inc.) is a cybersecurity company, including
Zero Trust
Zero trust architecture (ZTA) or perimeterless security is a design and implementation strategy of IT systems. The principle is that users and devices should not be trusted by default, even if they are connected to a privileged network such as a ...
cybersecurity
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...
, based in
Bloomfield, New Jersey
Bloomfield is a township in Essex County, in the U.S. state of New Jersey, and an inner-ring suburb of Newark. As of the 2020 United States census, the township's population was 53,105, an increase of 5,790 (+12.2%) from the 2010 census cou ...
,
United States
The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
. In 2022, the company rebranded as Xcitium.
History
The company was founded in 1998 in the
United Kingdom
The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...
by
Melih Abdulhayoğlu
Melih Abdulhayoğlu (born 10 March 1968) is the CEO of MAVeCap, an incubator Venture Capital firm funded by his family office. MAVeCap focusses on building tomorrow's technology platform companies. His first company was Comodo Cybersecurity, Comod ...
. The company relocated to the
United States
The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
in 2004. Its products are focused on computer and internet security. The firm operates a
certificate authority
In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
that issues
SSL certificates. The company also helped set standards by contributing to the
IETF
The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
(Internet Engineering Task Force)
DNS Certification Authority Authorization (CAA) Resource Record.
In October 2017,
Francisco Partners
Francisco Partners Management, L.P., doing business as Francisco Partners, is an American private equity firm focused exclusively on investments in technology and technology-enabled services businesses. It was founded in August 1999 and based in ...
acquired Comodo Certification Authority (Comodo CA) from Comodo Security Solutions, Inc. Francisco Partners rebranded Comodo CA in November 2018 to Sectigo.
On June 28, 2018, the new organization announced that it was expanding from TLS/SSL certificates into IoT security with the announcement of its IoT device security platform. The company announced its new headquarters in
Roseland, New Jersey
Roseland is a Borough (New Jersey), borough in western Essex County, New Jersey, Essex County, in the U.S. state of New Jersey. As of the 2020 United States census, the borough's population was 6,299, an increase of 480 (+8.2%) from the 2010 Uni ...
on July 3, 2018 and its acquisition of CodeGuard, a website maintenance and disaster recovery company, on August 16, 2018.
Industry affiliations
Comodo is a member of the following industry organizations:
*
Certificate Authority Security Council (CASC): In February 2013, Comodo became a founding member of this industry advocacy organization dedicated to addressing industry issues and educating the public on internet security.
*
Common Computing Security Standards Forum
Common Computing Security Standards Forum (CCSS Forum) is a voluntary organization of vendors and providers of security software, operating systems, and web browsers.
Goals
The CCSS Forum was formed with the following goals:
* Mitigating the risk ...
(CCSF): In 2009 Comodo was a founding member of the CCSF, an industry organization that promotes industry standards that protect end users. Comodo CEO Melih Abdulhayoğlu is considered the founder of the CCSF.
*
CA/Browser Forum: In 2005, Comodo was a founding member of a new consortium of certificate authorities and web browser vendors dedicated to promoting industry standards and baseline requirements for internet security. Melih Abdulhayoğlu invited top browser providers and certification authorities to a round table to discuss the creation of a central authority responsible for delivering digital certificate issuance best practice guidelines.
Products
*
Comodo Dragon (web browser)
Comodo Dragon is a freeware web browser. It is based on Chromium and is produced by Comodo Group. Sporting a similar interface to Google Chrome, Dragon does not implement Chrome's user tracking and some other potentially privacy-compromising f ...
*
Comodo Ice Dragon (web browser)
*
Comodo Internet Security
Comodo Internet Security (CIS) is developed and distributed by Comodo Group, a freemium Internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and website filter ...
*
Comodo System Utilities Comodo System Utilities, also marketed as Comodo PC TuneUp, is a software suite by the Comodo Group, a software company known for Internet and network security software.
Overview
Comodo System Utilities combines three cleaning utilities: Registry ...
*
Comodo Mobile Security
Comodo Mobile Security (CMS) is a mobile application provided free by the Comodo Group that protects Android devices against viruses, worms and scripts. It also features SMS and call blocking, a software and process manager, data and apps backup ...
Controversies
Certificate hacking
On 23 March 2011, Comodo posted a report that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine
certificate signing request
In public key infrastructure (PKI) systems, a certificate signing request (CSR or certification request) is a message sent from an applicant to a certificate authority of the public key infrastructure (PKI) in order to apply for a digital identity ...
s.
Nine certificates for seven domains were issued.
The attack was traced to IP address 212.95.136.18, which originates in
Tehran
Tehran (; , ''Tehrân'') is the capital and largest city of Iran. It is the capital of Tehran province, and the administrative center for Tehran County and its Central District (Tehran County), Central District. With a population of around 9. ...
, Iran.
Moxie Marlinspike
Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal (messaging app), Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal M ...
analyzed the
IP address
An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...
on his website the next day and found it to have
English localization and Windows operating system.
Though the firm initially reported that the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail.".
Comodo revoked all of the bogus certificates shortly after the breach was discovered. Comodo also stated that it was actively looking into ways to improve the security of its affiliates.
In an update on 31 March 2011, Comodo stated that it detected and thwarted an intrusion into a reseller user account on 26 March 2011. The new controls implemented by Comodo following the incident on 15 March 2011, removed any risk of the fraudulent issue of certificates. Comodo believed the attack was from the same perpetrator as the incident on 15 March 2011.
In regards to this second incident, Comodo stated, "Our CA infrastructure was not compromised. Our keys in our HSMs were not compromised. No certificates have been fraudulently issued. The attempt to fraudulently access the certificate ordering platform to issue a certificate failed."
On 26 March 2011, a person under the username "ComodoHacker" verified that they were the attacker by posting the private keys online and posted a series of messages detailing how poor Comodo's security is and bragging about their abilities.
As of 2016, all of the certificates remain revoked.
Microsoft issued a security advisory and update to address the issue at the time of the event.
Certificates issued to known malware distributors
In 2009 Microsoft MVP Michael Burgess accused Comodo of issuing digital certificates to known malware distributors. Comodo responded when notified and revoked the certificates in question, which were used to sign the known malware.
Let's Encrypt trademark registration application
In October 2015, Comodo applied for "Let's Encrypt", "Comodo Let's Encrypt", and "Let's Encrypt with Comodo" trademarks. These trademark applications were filed almost a year after the Internet Security Research Group, parent organization of
Let's Encrypt
Let's Encrypt is a Non-profit organisation, non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 public key certificate, certificates for Transport Layer Security (TLS) encryption at no charge. It is ...
, started using the name Let's Encrypt publicly in November 2014, and despite the fact Comodo's "intent to use" trademark filings acknowledge that it has never used "Let's Encrypt" as a brand.
On 24 June 2016, Comodo publicly posted in its forum that it had filed for "express abandonment" of their trademark applications.
Comodo's Chief Technical Officer Robin Alden said, "Comodo has filed for express abandonment of the trademark applications at this time instead of waiting and allowing them to lapse. Following collaboration between Let's Encrypt and Comodo, the trademark issue is now resolved and behind us, and we'd like to thank the Let's Encrypt team for helping to bring it to a resolution."
See also
*
Internet security
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
*
Comparison of antivirus software Legend
The term "on-demand scan" refers to the possibility of performing a manual scan (by the user) on the entire computer/device, while "on-access scan" refers to the ability of a product to automatically scan every file at its creation or sub ...
*
Comparison of computer viruses
Creating a unified list of computer viruses is challenging due to inconsistent naming conventions. To combat computer viruses and other malicious software, many security advisory organizations and anti-virus software developers compile and publis ...
References
External links
*
{{Authority control
Software companies established in 1998
Certificate authorities
Computer security software companies
International information technology consulting firms
Software companies based in New Jersey
Software companies of the United Kingdom
1998 establishments in the United Kingdom
Companies based in Essex County, New Jersey
Bloomfield, New Jersey
Software companies of the United States