Cloud Security 2.0: How Ants Conquer elephants

Mark S.kadrich, America's top security expert, clearly points out that terminal security is a source of information security in his "terminal Security" book. And most of the terminals were attacked by ordinary employees, the safety of these employees to prevent knowledge poverty, weak security awareness, with the corresponding "team attackers" is simply an ant and elephants confrontation. In the Ant Corps, any terminal software can be an attack target. So, the end user seems to have become a lost wanderer, who should he turn to? * Terminal security should not be "ants" responsible for the terminal is not only the starting point of information production, but also the end of information destruction, is the business control point, but also support points. But for a network administrator, although the number of terminal assets is the largest, but its importance level and the degree of care is often greatly reduced, usually lower than the network hosting ERP, CRM and other directly related to the business Server. As the most basic component node of the enterprise network, the terminal communicates with these servers directly, thus becoming the target and springboard of hackers and virus-makers. At the same time, because the end user is basically the enterprise operation of the support, many times the terminal because of the stagnation of security issues, will directly affect the normal business operations, loss of huge. In contrast, the vast majority of security managers deploy a large number of network security products at the gateway, even though the defense system is not working because it can withstand 70~80% threat attacks. But because of the increase of wireless office, mobile Office user and storage medium application, the situation of network internal terminal access becomes complicated. The network that provides the access service everywhere still has the 20~30% threat cannot be blocked by the gateway, the attack which is launched by the enterprise still exists massively, and may cause "The butterfly Effect" at any time, cause the widespread virus eruption. Data from the global antivirus research and Support Center for Trend Technologies shows that more than 70% of information leaks and security threats occur at the network terminal. This result shows that a large number of computer security threats originate from the same problem: end users install or run illegal malicious programs without administrator consent and without administrator control. Therefore, terminal safety management should form a unified model, for ant soldiers are equipped with advanced weapons, so that tens of thousands of ants together can overcome the elephant. * Pioneer weapons: Trend Technology threat Discovery system TDS Trend Technology Cloud Security 2.0 launched, not only for the security industry has brought a strong file reputation technology (FRT), Multi-Protocol Association analysis Technology, but also for the end users with a more comprehensive, more efficient multi-level terminal security solutions. The solution consists of a threat discovery device (Threat Discovery appliance) and a network version of the trend technology antivirus wall OfficeScan 10, TDA as the most sharp weapon of the Ant Corps, which allows security managers to find the "help-seekers" in the network at the first time, Locating diseaseThe source of the infection, solve the terminal problem quickly. It can be said that TDA is the key to discovering ants being bullied. Because if an ant is trampled by an elephant, it is not easy to be found by the management, and TDA at the network level to collect what ants are bullied signal, can quickly warning to achieve the goal of strengthening defense. Of course, for "disobedient" ants, TDA can also identify application behavior and service programs that violate security policies, disrupt networks, consume large amounts of bandwidth, and pose potential security threats. These include applications such as instant Messaging (Bittorrent, Kazaa, edonkey, MSN, Yahoo Messenger), peer-to-peer file sharing, streaming media, and unauthorized services such as SMTP relay and DNS spoofing, and so on. So TDA's function can only be enterprise intranet "Magnifier"? This is just the tip of the iceberg. As an important component of TDS (Threat Discovery System), because of the integration of the "Multi-Protocol Association Analysis Technology" in trend technology Cloud Security 2.0, it can fully support the detection of 2-7 layers of malicious threats, can quickly detect web attacks, Cross-site scripting attacks and phishing behavior, identify high-risk nodes and high-risk network communication behavior, This includes Trojans that leak data to the outside world or receive commands from the Zombie Network control center, which is not possible in a traditional, code-based approach to security products. Therefore, TDS is actually the "command center" of intranet, it can not only discover the security threats in network environment in time, but also can transform these threats into detailed treatment measures and implement them. * Essential weapons: Trend technology Antivirus Wall network version OfficeScan in trend technology multi-level terminal security solutions, in addition to TDA, there will be ants "armed to the teeth" of the product OfficeScan. As one of the core products of cloud Security 2.0, the trend technology anti-virus wall network version OfficeScan 10 This classic product is also endowed with a new connotation. It integrates the original "cloud client file Reputation (cloud-client file REPUTATION,CCFR)" Technology in trend technology Cloud Security 2.0, delivering a large number of virus signatures to cloud services for management, and when a user accesses a file, The file's latest security level will be queried directly to the cloud, and FRT will prevent users from accessing low security levels of files, ensuring that the terminal is protected, whether or not it is connected to the corporate network. Add cloud Client file Reputation Technology OfficeScan 10, in fact, for every ant warrior to bring a "laser gun" travel. As a result, they can defend themselves and fight back when attacked by elephants. However, ants are still ants, ant weapon is the most critical point is to allow ants to "carry the movement." OfficeScan 10 with CCFR to avoid antivirus software version upgrade, client virus code is increasing, memory footprint growth of embarrassment askedProblem。 Previously, in a virus-free system without cloud security technology, the client takes on too many functions so that the more the system is running, the more the CPU and memory of the antivirus software continues to increase, and many of the signatures of the pure files and the complex scripts based on the signature are sent to the user's terminal system, which not only can not challenge the elephants, The weight of the weapon often kills the ant. In the new CCFR technology, a large number of malicious software samples of the pure file signature will only be sent to the cloud, while the relevant scripts for complex malware are routed to local clients. At the same time, because the OfficeScan 10 uses the Special intelligent filter, can realize the client off-line protection, this is also after the TDS umbrella can still protect itself the key. Cloud Security 2.0 will be a large number of anti-virus functions from the terminal migration to the cloud, and through the gateway and the end product intelligence linkage, the formation of "terminal → Gateway", "terminal → Cloud", "Gateway → Cloud" multi-layer defense system. Today, those separated terminals are being gradually unified into the "cloud", while greatly compressing the protection of the window period, simplifying the terminal security management difficulty. The ants are happy! "Editorial Recommendation" U.S. network security is not enough bureaucratic authority of the United States National network security and communications complex to complete the accident frequently to improve China's network security situation Grim "responsible editor: May TEL: (010) 68476606" Original: Cloud Security 2.0: How ants beat elephants back to network security home