Three major systems of "cloud security" of Jinshan poison PA

Three levels of the safety of Jinshan poison bully cloud

Jinshan Poison pa "cloud security" is to solve the Trojan horse after the commercialization of the Internet severe security situation emerged as a whole network of defense security architecture. It includes three levels of intelligent client, clustered server and open platform. "Cloud security" is the reinforcement and complement of existing anti-virus technology, and the ultimate goal is to enable users in the Internet age to get faster and more comprehensive security.

First of all, stable and efficient intelligent client, it can be a stand-alone security products, can also be integrated with other products security components, such as Jinshan Poison PA 2009 and Baidu Security Center, which provides the entire cloud security system sample collection and threat processing basic functions;

Second, the support of the service side, it is including the distributed mass data Storage Center, professional security Analysis Services and the security trend of intelligent analysis and mining technology, at the same time it and client collaboration, to provide users with cloud security services;

Finally, cloud security is based on an open security Service platform that provides platform support for Third-party security partners against viruses. Jinshan Poison Bully Cloud Security provides security services for third party security partner users, and relies on the cooperation with Third-party Security partners to establish a network-wide defense system. So that every user is involved in the whole network defense system, the virus will not be alone.

Jinshan Poison pa "Cloud Security" architecture (1)

* A mercury platform that can support massive sample storage and computation

* Internet Trusted Authentication Service

* Reptile System

Introduction of three core systems of "cloud security" of Jinshan poison PA

1. Mercury Platform

Based on the distributed storage and computing platform, combined with industry-leading behavior analysis technology, we analyze and process the millions of unknown file samples automatically every day. and real-time processing results to be updated to the trusted certification services for the client to provide timely and accurate service.

A. Behavioral analysis System (with emphasis on unknown viruses)

Through the monitoring of file monitoring, network monitoring, mail monitoring and process injection, registry sensitive item modification, driving open and other risk behaviors, collecting and recording the suspicious behavior reported, and according to the correlation of events, analyze these behaviors synthetically, identify unknown virus behavior.

Faced with a large amount of virus samples, only a strong virus analysis system is far from enough, how to properly store virus samples, and to deal with it is necessary to solve the problem, a powerful distributed storage and computing platform to provide protection.

B. Distributed storage platforms

Distributed storage platform for application platform to provide a unified access mode, the proper storage of large quantities of virus samples and whitelist samples. With automatic backup capabilities, Jinshan Mercury platform has been stored hundreds of TB files.

C. Distributed computing Platform

The mercury platform, through the distributed automatic analysis and processing platform, combined with behavioral analysis technology, can process more than 1 million unknown file samples a day, automatically scan and analyze the samples, and automatically extract the corresponding kill virus script. At the same time, simply need to expand the number of machines, can improve the processing capacity, theoretical processing capacity is not capped.

Jinshan Poison pa "Cloud Security" architecture (2)

2. Internet Trusted authentication Service

Diagram：

"Internet Trusted authentication Service" is to collect the executable files generated every second on the Internet, and through automatic and manual analysis, the server-side "Internet Trusted Authentication Center" is synchronized with the second unit. Trusted authentication services can withstand hundreds of millions of of high load queries per day.

3. Crawler system

How the Crawler works:

Crawler System Architecture: