Development and Future: cloud security technology Decomposition

For computer users, the threat of viruses is becoming more and more serious, especially when the Internet is becoming increasingly popular. More seriously, the growth of viruses and malware on the internet is astonishing, according to the latest statistics of AV-Test.org, the world has more than 11 million malicious programs, it is also increasing at a rate of 20 thousand per day.
In view of this, Trend Micro and rising have successively proposed the concept of "cloud security", trying to set off a new revolution in the anti-virus field.
Advanced cloud security
Computer viruses are basically transmitted over the Internet. They are automatically downloaded when users access the webpage through the "Trojan" method on the high-traffic webpage, without knowing it, your computer may have been infected with various types of viruses with potential threats. In response to the spread of viruses, anti-virus giant Trend Micro recently proposed a "cloud security" anti-virus technology, making every Internet user a part of the "Cloud" to participate in anti-virus.

Figure 1
In the "cloud security" technology, when a netizen suffers a virus attack, 34000 Server clusters around the world will be instantly collected and updated. No matter how many Internet users under the "Cloud", no second people in the Internet world will be attacked by this virus, so that they can truly confront the Internet virus in real time. For Internet users, when a cloud security user accesses a webpage, the access request is sent to the "Cloud" database to query the risk level of the webpage, this process takes dozens of milliseconds, so that end users are not aware of it, but will receive a prompt when accessing a webpage containing threats.
Zhang weiqin said that in the past, the antivirus mode was that, after the virus was discovered, the antivirus company engineers resolved the virus sample and then uploaded the virus code for the sample to the virus database, you can regularly or manually update the virus database to obtain the upgrade protection of anti-virus software. The cloud security architecture enables the anti-virus industry to truly change from anti-virus to anti-virus. If a user installs a anti-virus software connected to the cloud, the servers of antivirus software vendors determine which web pages are malicious or even trojan programs based on a large number of pre-stored virus databases and automatically clear them. "In this way, the user terminal can become very easy, without upgrading every day or occupying memory and bandwidth because of anti-virus software ."
Compared with the traditional anti-virus model, another major advantage of the cloud security architecture lies in the efficiency of its virus samples. According to Mao Yiding, vice president of rising star, Rising's first Rising Star Card 6.0, which adopts the "cloud security" architecture, launched in July 16, intercepted about 0.12 million new Trojan viruses every day. "six months later, rising is the most comprehensive company that collects virus samples ". Rapid collection of virus samples is one of the keys to effective anti-virus.

 

Behind cloud security
Internet cloud databases are becoming increasingly important. To this end, Trend Micro cloud Security has established five big data centers and tens of thousands of online servers around the world. It is reported that cloud Security supports an average of 5.5 billion million click queries per day. 0.25 billion samples are collected and analyzed every day, and the first hit rate of the database can reach 99%. With cloud security, Trend Micro now blocks up to 10 million virus infections per day.

Figure 2
However, complicated network pages and annoying Page code-mounting are hard to imagine for cloud security data centers. Looking at this group of statistics, a medium-sized website has millions of web pages, and the data center of Google, the originator of global Internet search, has hundreds of thousands of servers. Currently, only 100,000 of web pages can be found. This means that for cloud security to effectively implement web page Security Interception, web page sampling must be deeper and faster. Zhang weiqin said that there is a big difference between search and security: cloud security web page sampling is indeed deeper, but it does not need more complex content like search, however, you only need to determine whether the website is secure. Secondly, the search theory needs to address all websites. The cloud security sampling website is targeted based on user needs and the characteristics of Web threats.
In addition, the bandwidth between the client and apsaradb is also a user's question. Zhang weiqin believes that the bandwidth of cloud security applications is less than that of the traditional feature comparison method, because in the traditional method, many of the signatures that users need to update and download multiple times may never be used. On the other hand, the high threshold of cloud security is also challenging the capabilities of security enterprises. With apsaradb and cloud computing, security program programming methods are significantly different, and the establishment of cloud databases also requires security enterprises to possess a certain scale and financial strength. In the future, cloud security may bring about another shuffling of Security Enterprises.

Cloud security development and future
The old anti-virus model may have come to an end. The so-called "cloud security" mentioned by everyone is actually to transfer the analytical computing capability originally placed on the client to the server end, so that the client is lighter.
At the same time, this poses a higher challenge to anti-virus software vendors. They must analyze whether the user's computer has been infected with viruses in the fastest time. However, relying solely on Virus Characteristics, passive defense is hard to defend against-you must know that more than 20 thousand new viruses are generated every hour.

Figure 3
As a result, some new defense technologies have emerged, such as the "Web reputation service" proposed by the latest trend. Its concept is to evaluate the credibility score of the Web pages that users log on, this score consists of multiple factors, including website pages, historical address changes, and other factors that may reveal suspicious behavior. When you find that the credibility of a webpage is faulty, it will be blocked.
This may be hard to understand. For example, some malware lurks in the Red Cross's website some time ago during the Wenchuan earthquake. When you click to donate money, the trojan virus may already exist, after being secretly connected to a Russian website, your customer data may be lost. Traditional anti-virus software may not be able to prevent this situation, but through credit service, you will find that you did not donate money on the Red Cross, why did you go to Russia again, it is possible to cut off the promotion channels of Trojans in the first place.
This is just an example of "Cloud" entering the security field. Will anti-virus software be completely free in the future and adopt a new business model? It is not easy to say yet, but at least security 360 and rising Kaka are already trying. Some time ago, a friend told me that he was very touched by me. "Never overestimate the changes in three years, or underestimate the changes in ten years ."