Bkjia.com comprehensive report: according to the current security manufacturers' monitoring and detection methods for security risks such as viruses and Trojans, the general idea of "cloud security" is not different from the traditional security logic, however, the two service models are completely different. At the other end of the "Cloud", we have the world's most professional team to help users process and analyze security threats. We also have the world's most advanced data centers to help you save your virus database. In addition, cloud security has lower requirements on the user-side devices, making it easier to use.
Cloud Security provides us with a broad vision. These seemingly simple content covers seven core elements:
Web reputation Service
With the full credibility database, cloud security can specify credit scores based on factors such as website pages, historical location changes, and suspicious activity signs discovered by malware behavior analysis, so as to track the credibility of webpages. This technology will then be used to continue scanning websites and prevent users from accessing infected websites. To improve accuracy and reduce false positives, security vendors also specify credit scores for specific websites or links, rather than classifying or blocking the entire website, because only a portion of legitimate websites are under attack, credibility can change over time.
By comparing credit scores, you can know the potential risk level of a website. When a user accesses a website with potential risks, the user can receive a system reminder or block it in time to help the user quickly confirm the security of the target website. The Web reputation service can prevent malicious program sources. The zero-day attack prevention is based on the credibility of the website, rather than the actual content. Therefore, it can effectively prevent initial downloads of malware and users can obtain protection capabilities before they enter the network.
Email credit service
The email reputation Service Checks IP addresses based on the reputation database of known spam sources, and verifies IP addresses using dynamic services that can evaluate the reputation of email senders in real time. The credit rating is refined by constantly analyzing the IP address's "behavior", "activity scope", and previous history. Malicious email is intercepted in the cloud according to the sender's IP address, so as to prevent Web threats such as botnets from reaching the network or users' computers.
File reputation Service
File reputation service technology, which can check the credibility of each file at the endpoint, server, or gateway. The basis for the check includes a list of known benign files and a list of known malignant files, which are now known as anti-virus signatures. High-performance content delivery networks and local buffer servers will ensure that latency is minimized during the check process. Because malicious information is stored in the cloud, it can immediately reach all users on the network. In addition, this method reduces the consumption of the endpoint memory and system compared with the download of the traditional anti-virus pattern file that occupies the endpoint space.
Behavior Association Analysis Technology
Through the "correlation technology" of behavior analysis, threat activities can be integrated to determine whether they are malicious. A single Web threat activity does not seem to have any harm, but if multiple activities are carried out at the same time, it may cause malicious results. Therefore, it is necessary to determine whether there are actual threats from a heuristic perspective, and check the relationship between different components with potential threats. By associating different threats and constantly updating their threat databases, the system can respond in real time and provide timely and automatic protection against email and Web threats.
Automatic Feedback Mechanism
Another important component of cloud security is the automatic feedback mechanism, which enables uninterrupted communication between threat research centers and technical personnel in the form of two-way update streams. Identify various new threats by checking the routing credibility of a single customer. For example, Trend Micro's global automatic feedback mechanism features similar to the "neighborhood supervision" method adopted by many communities to achieve real-time detection and timely "common intelligence" protection, it will help to establish a comprehensive and up-to-date threat index. Each new threat detected by a customer's regular reputation check automatically updates all threat databases of Trend Micro around the world to prevent future customers from encountering discovered threats.
Because the threat information will be collected based on the credibility of the Communication source rather than the specific communication content, there is no delay problem, and the privacy of the customer's personal or commercial information is also protected.
Threat information Summary
Security Companies comprehensively apply various technologies and methods, including "honeypot", network crawlers, customer and partner content submission, and feedback loops. Threat data is analyzed through the malware database, service, and support center in trend cloud security. 24x7 threat monitoring and attack defense to detect, prevent and clear attacks.
Whitelist technology
As a core technology, the White List technology and the Black List virus pattern technology actually use the black list technology idea.) The difference is that the scale is different. AVTest.org's recent malicious samples, Bad Files, include about 12 million different samples. Even if the number increases significantly recently, the number of bad Files is still less than that of Good Files ). The commercial whitelist contains more than 0.1 billion samples, which some expect to be as high as 0.5 billion. Therefore, it is undoubtedly a huge task to track all the good files that exist all over the world one by one. A company may not be able to do this independently.
As a core technology, the whitelist is mainly used to reduce the false positive rate. For example, there may be no malicious signatures in the blacklist. Therefore, the anti-virus feature database will perform regular checks based on the internal or commercial whitelist. Trend Micro and pandatv are also conducting regular checks.
Therefore, as a measure to avoid false positives, The whitelist is actually included in the Smart Protection Network.
Related Articles]
- Cloud security technology topics: cloud security
- Cloud computing penetration into the security field
- The cloud is unknown, and the "Cloud" era is only in this mountain