Loading...
Coro logo

Coro

coro.net ↗ SMB / Mid-Market 2 sectors

About Coro

Coro brings together all core security protections in one platform. Easy to use. Ready to scale. One interface for all modules, eliminating the need for integration and improving security posture. The company offers a range of cybersecurity solutions, including email protection, data protection, and endpoint security. It has earned recognition from SE Labs for its advanced security protection. Coro's platform is designed for lean IT teams and is scalable to meet the needs of growing businesses.

Why Notable

KuppingerCole Challenger 2025

Sector Coverage

Feature Coverage

Administration & Console

Control Panel full Central place to configure subscribed modules and add-ons.
Cloud application administration full Control Panel manages cloud applications.
Protected users administration full Control Panel manages protected users.
Device administration full Control Panel manages protected-user devices.
Synchronize users from cloud apps button full Lets admins synchronize protected users and groups in seconds.
Data governance actions from data tickets full Actions menu can apply data-governance permissions directly from tickets.
Control Panel restructuring in v2.0 full Coro 2.0 restructured the control panel.
Exclude outgoing email scans by subject keyword full Release note added subject-keyword exclusion for outgoing scans.
Cloud apps section in control panel full Control Panel includes Cloud apps section.
Devices section in control panel full Control Panel includes Devices section.
Users section in control panel full Control Panel includes Users section.
Email section in control panel full Control Panel includes Email section.
Data section in control panel full Control Panel includes Data section.
Protectable user discovery full Connecting cloud applications causes Coro to discover protectable users from directories.

Cloud Security

Connected cloud application monitoring full Cloud Security connects cloud apps and monitors access to user accounts.
Regulatory-compliance support full Cloud Security supports regulatory compliance for connected apps.
Heuristic activity analysis full Uses heuristics to observe suspicious activity by logged-in users.
Location-based access controls full Can enforce access permissions by geographic location.
IP-based access controls full Can enforce access permissions by IP address.
Abnormal access alerts full Alerts administrators about abnormal access and activity patterns.
Large data-download alerts full Detects unusually large download events.
Large data-deletion alerts full Detects unusually large deletion events.
Cloud-file malware scanning full Scans for malware in uploaded or shared cloud-storage files.
Cloud Security policies tab full Policies UI for access permissions and threat types.
Access-permission policies full Admins can configure access permissions for connected cloud apps.
Access-permission violation tickets full Raised when users log in from disallowed locations or IPs.
Permitted locations dropdown full Displays currently configured access permissions.
Allowed countries and US states full Location-based access permissions can use countries or U.S. states.
Allowed IP ranges full Access policies can allow specific IP addresses.
Automatic remediation on access-policy violations full Policies define remediation for access violations.
Threat detection policy defaults full Threat detection policies are created by default for all protected users.
Threat type: Impossible Traveler full Detects impossible-travel access anomalies.
Threat type: Abnormal Admin Activity full Detects abnormal admin actions.
Threat type: Mass Data Deletion full Detects mass deletion activity.
Threat type: Mass Data Download full Detects mass download activity.
Threat type: Suspected Bot Attacks full Detects suspicious bot-like behavior.
Threat type: Suspected Identity Compromise full Detects likely identity compromise.
Automatic remediation for cloud-security threats full Threat-type policies support automatic remediation when violated.
Missing-permission detection status full Coro flags when detections are disabled because required permissions or audit logs are missing.
Audit-log dependency full Cloud policies become active only after required permissions are granted and audit logging is enabled and syncing.
Third-party application management full Supports third-party application management for Microsoft 365 and Google Workspace.
Unauthorized third-party app blocking full Admins can block unauthorized third-party apps from being installed.
Third-party application blocklist full Blocked apps appear in a dedicated blocklist.
Suspend user from one cloud app full Cloud Security tickets can suspend users from a named cloud app.
Suspend user from all connected cloud apps full Cloud Security tickets can suspend users across all connected apps.
Unsuspend from original ticket full Admins can restore access from the original ticket once the issue is resolved.

Coro Cybersecurity

Coro platform full Cloud-based cybersecurity platform for email, data, cloud apps, devices, and users.

Coro Platform

One Interface full All modules feed into one dashboard for visibility and response.
One Endpoint Agent full Single endpoint agent spans device posture, NGAV, EDR, ZTNA, VPN, firewall, and data governance.
One Data Engine full Shared data engine lets modules inform each other and improves security posture without heavy integration overhead.

Data Governance

Data loss and misuse protection full Provides multiple controls to protect sensitive information from unauthorized access and misuse.
Device monitoring for sensitive data full Can remotely scan endpoint drives for sensitive data.
Remote sensitive-data scan full Admins can launch remote scans from the Devices page.
Scheduled sensitive-data scans full Admins can schedule recurring scans for groups of devices.
Permission management full Supports definition of access rights for individuals and groups.
Ticket management full Actionboard summarizes data-protection and monitoring activity.
User Data Governance full Monitors and protects against data loss, misuse, and accidental exposure by users.
Monitor email data exposure full UDG monitors sensitive-data exposure via email.
Monitor shared-cloud-drive exposure full UDG monitors exposure in shared cloud drives.
Protected users model full Users can be explicitly protected in Coro.
Protectable users model full Users discovered in connected directories can be protectable but not yet protected.
Monitored sensitive data: Credit card data full Recognizes and monitors credit card data.
Monitored sensitive data: Health data full Recognizes and monitors health data.
Monitored sensitive data: Non-public data full Recognizes and monitors non-public data.
Monitored sensitive data: Personal data full Recognizes and monitors personal data.
Business-sensitive data: Certificates full Can monitor certificates as business-sensitive data.
Business-sensitive data: Keyword objects full Can monitor specific keyword-based objects.
Business-sensitive data: Passwords full Can monitor password disclosures.
Business-sensitive data: Source code full Can monitor source-code exposure.
Business-sensitive data: Specific file types full Can monitor selected risky file types.
Industry-based data privacy configuration full Automatically recommends sensitive data types based on the organization's industry.
Automated sensitive-data recommendations full Reduces ticket fatigue by selecting relevant sensitive-data types.
Configuration customization full Admins can modify selected industries and data types.
Sensitive data setup parameters full Monitoring page offers setup-parameters workflow.
Endpoint Data Governance full Scans endpoint drives for sensitive-data violations.
Endpoint scans are admin-initiated full Endpoint Data Governance does not continuously scan endpoint drives by default.
Endpoint ticket aggregation full EDG tickets include all detected occurrences for a single event.
EDG remote scan for sensitive data full Device action launches remote scan for sensitive data.
EDG regulations support: GDPR full Helps enforce GDPR-related controls.
EDG regulations support: GLB full Helps enforce GLB-related controls.
EDG regulations support: HIPAA full Helps enforce HIPAA-related controls.
EDG regulations support: SOC2 full Helps enforce SOC 2-related controls.
EDG regulations support: SOX full Helps enforce SOX-related controls.
Endpoint scan data type: Credit card data full Endpoint scans can identify credit card data.
Endpoint scan data type: Health data full Endpoint scans can identify health data.
Endpoint scan data type: Non-public data full Endpoint scans can identify non-public data.
Endpoint scan data type: Personal data full Endpoint scans can identify personal data.
Image sensitive-data scanning full Can detect sensitive data in bmp, jfif, jpeg, jpg, png, tiff, webp, x-portable-anymap, x-portable-bitmap, x-portable-graymap, and x-portable-pixmap images.
No scanned-PDF OCR for EDG full Cannot identify sensitive data in scanned PDFs or images embedded in documents such as Word files.
Expanded non-public data detection full Added new non-public data patterns such as APR, income, housing, and lender info.
Expanded Italian data detection full Added Italian license, fiscal code, passport, and VAT detection.
Expanded Spanish data detection full Added Spanish DNI, NIE, and passport detection.
Renamed data governance tickets full Ticket types were updated to support broader data-classification standards.

Email Security

API-based email security full Works with Gmail and Microsoft 365 via API connection, without user-by-user config.
Pre- to post-delivery email protection full Covers email security from pre- to post-delivery, including encryption services.
Identity spoofing protection full Detects identity spoofing threats.
Malware injection protection full Detects malicious software in email flows.
Ransomware injection protection full Detects ransomware delivery attempts in email.
Malicious embedded link detection full Identifies embedded malicious links.
Generic phishing detection full Detects broad phishing attacks.
Spear-phishing detection full Detects targeted spear phishing.
Email account takeover detection full Detects account takeover activity in email.
Spam content identification full Classifies spam in bodies, headers, and attachments.
Real-time email threat detection full Performs real-time detection against connected cloud email services.
Email Security tickets full Raises Email Security tickets describing the threat and remediation status.
Gmail support full API-based email security is available for Gmail.
Microsoft 365 support full API-based email security is available for Microsoft 365.
Runs after Gmail/M365 native controls full With API-based mode, provider rules run first and provider quarantine takes priority.
Inbound Gateway add-on full Optional email proxy can provide pre-provider detection and remediation.
Protect licensed users only full API-based mode protects licensed accounts in M365 or Google Workspace.
Need Inbound Gateway for unlicensed/shared users full Coro recommends Inbound Gateway for unlicensed users, groups, or shared inboxes.
Email settings tab full Control Panel tab for configuring threat detection and remediation.
Threat scan configuration full Admins can configure which email threats Coro detects and remediates.
Bypass criteria full Admins can configure bypass criteria for email scanning.
Quarantine settings full Admins can define quarantine settings for email.
Detection sensitivity full Admins can set email detection sensitivity levels.
Attachment quarantine full Admins can configure attachment-quarantine behavior.
Threat-scan exclusions full Admins can exclude emails from threat scanning.
Quarantine location full Admins can choose quarantine location.
Delete auto-forwarding rules full Settings support deleting malicious or risky auto-forwarding rules.
Point of contact full Settings support defining point-of-contact information.
Quarantined-email user reports full Can send reports for quarantined emails to users.
Allowlist bypass full Messages from allowlisted senders, domains, or IPs bypass detections.
Blocklist delete action full Emails from blocked senders can be blocked and deleted.
Blocklisted sender tickets full Raises Blocklisted sender or Crowd Blocked Sender tickets.
Warning-Only mode full Inbound Gateway flags suspicious emails without blocking them.
Block mode full Inbound Gateway blocks suspicious emails and quarantines them for admin review.
SUSPECTED tag full Marks suspicious emails with a caution tag in Warning-Only mode.
Secure Messages tab full Email Security area includes Secure Messages encrypted messaging service.
Add-Ins tab full Email Security area includes downloadable add-ins for user feedback and encrypted messaging.
Allow/Block tab full Email Security area includes sender allow/block controls.

Endpoint / Network / MDM

Endpoint Security AV full Protects Windows and macOS endpoints with antivirus.
Endpoint Security NGAV full Includes next-generation antivirus protection.
Advanced threat protection on endpoints full Uses ATP to defend endpoint devices against malware and phishing campaigns.
EDR behavioral analysis full EDR detects suspicious activity that bypasses traditional AV.
Real-time endpoint scanning full Endpoint scanning happens whenever a user or process accesses files.
Quarantine malicious files on endpoint full Malicious files are quarantined in real time.
Terminate malicious processes full Potentially malicious processes can be terminated.
ZTNA full Zero Trust Network Access is part of the Network module.
VPN full VPN is part of the Network module.
ZTNA device support: Android full ZTNA supported on Android devices.
ZTNA device support: iOS full ZTNA supported on iOS devices.
ZTNA device support: macOS full ZTNA supported on macOS devices.
ZTNA device support: Windows full ZTNA supported on Windows devices.
Mutually exclusive ZTNA or VPN selection full Network module requires selecting either ZTNA or VPN, not both.
ZTNA default deny full ZTNA blocks all connections by default until resource policies are configured.
Resource-policy instance limit full Each network policy can include up to five resource instances.
MDM policy type: Allowed and compliant application lists full MDM supports allowed/compliant application lists.
MDM policy type: Passcode restrictions full MDM supports passcode restrictions.
MDM policy type: Security policy full MDM supports security policies.
MDM policy type: Network policy full MDM supports network policies.
MDM policy type: App Restrictions full MDM supports app restrictions.
Connected services for MDM full MDM requires connected services and certificates for remote management.

Inbound Gateway

Inbound Gateway email proxy full Adds protection for third-party email providers and can add pre-provider protection for all email services.
SMTP relay configuration full Requires domain and SMTP relay details to forward checked messages.
MX record redirection full Uses top-level MX change to route inbound email through Coro.
Configuration test mechanisms full Provides testing mechanisms before DNS cutover.
Gmail inbound-gateway support full Supports Gmail as an original provider behind the Inbound Gateway.
Microsoft 365 inbound-gateway support full Supports Microsoft 365 as an original provider behind the Inbound Gateway.
Third-party MTA support full Supports other third-party mail transport agents behind the Inbound Gateway.

Operations

MSP global view full Unified MSP dashboard to monitor channel and descendant workspaces.
Release notes full Product documentation includes release notes and end-of-life notices.

Platform Capability

Public API full Coro documentation includes public API and developer content.

Platform Evolution

Email Security module in Coro 3.0 full Version 3.0 highlights Email Security as a module for phishing/malware detection and remediation.
Secure Messages add-on in Coro 3.0 full Version 3.0 introduces Secure Messages add-on for outbound encryption.
Coro 3.0 module expansion full Release blog says Coro 3.0 increased power with cloud security, email security, user data governance, endpoint security, EDR, endpoint data governance, network security, and MDM.
Robust add-ons full Coro 3.0 release blog notes some modules come with add-ons that scale with customer needs.
Gradual rollout process full Coro describes gradual rollouts for product and endpoint-agent features.

Security Awareness Training

Security Awareness Training module full Trains employees to recognize business threats and cyberattacks.
Phishing simulations full SAT includes phishing simulation capability.
Security training full SAT includes awareness training content.
Microsoft 365 SAT enrollment full Can enroll users from Microsoft 365.
Google Workspace SAT enrollment full Can enroll users from Google Workspace.
Third-party-email SAT enrollment full Can enroll users from other third-party email services.
SAT workspace trial full Offers a fully featured two-week trial run of SAT.
Trial phishing simulation plan full Admins can activate a trial simulation and training plan.
Best-practice cyber awareness content full Content is based on best-practice awareness guidance.
Regularly updated SAT content full Training is updated as the threat landscape evolves.
Timed training engagement tracking full Tracks assignment, completion, and overdue status against schedule.
Onboarding training for new employees full Additional option to introduce new employees to cyber awareness challenges.
Compliance training for employees full Additional option for sensitive-data regulation training.
SAT Actionboard panel full Actionboard includes a SAT dashboard panel for subscribers.
SAT statistics panel full Panel shows phishing simulation engagement and training completion statistics.
SAT activation banner full Coro shows an activation banner when SAT is not yet enabled.
SAT allowlisting requirement full SAT senders must be allowlisted in the organization’s email domain.
SAT supported on Microsoft 365 full Allowlisting guide lists Microsoft 365 support.
SAT supported on Google Workspace full Allowlisting guide lists Google Workspace support.
SAT supported on third-party email providers full Allowlisting guide lists other email-provider support.
SAT service management full SAT settings let admins activate SAT and manage related services.
SAT simulation configuration full SAT settings support configuring simulations.
SAT training configuration full SAT settings support configuring training.

Security Module

Endpoint Protection full Logs endpoint activity, analyzes anomalies, and automates resolution of security events.
Email Protection full Scans emails for threats and remediates them automatically.
Network Protection full Protects networks and data with ZTNA, VPN, and enterprise-grade encryption.
Cloud App Security full Protects cloud apps and drives with threat detection and remediation.
Data Protection full Protects user and endpoint data from leaks, misuse, and unauthorized access.
Security Awareness Training full Trains users against phishing and social engineering with simulations.
WiFi Phishing full Prevents end users from connecting to suspicious Wi-Fi endpoints.
Secure Web Gateway full Module family listed in Coro platform navigation.
User Data Governance full Enforces secure handling of PII and critical data.
Endpoint Data Governance full Enforces data-security policies on endpoints.
EDR full Supports reboot, shutdown, and isolation for compromised devices and processes.
Endpoint Security full Endpoint antivirus and next-generation antivirus protection.
Cloud Security full Cloud application access, activity, and file threat monitoring.
MDM full Mobile-device management capability with connected services and policy types.

Related Endpoint Security Vendors

Vendor Directory
Lookup Tools
Analysis
Bulk & Enterprise
Resources
Close