Analyze cloud security Hype or utility (1)

The concept of "cloud security" is controversial from the time it was proposed. Today I'm going to dissect cloud security in detail. To this end we need to understand how the traditional killing soft works. The traditional characteristic code kills the soft process generally as follows: The collection stage: A few users specifically reported, the manufacturer's reptile program, Miguan program--> analysis stage: Virus analyst, machine analysis--> feedback stage: The definition update of the hour once. From this we can see that the whole process is entirely the responsibility of the manufacturer. At the same time can also see such a process has a great flaw: 1, the cycle is too long. The general definition of anti-virus software needs to be updated for hours to dozens of hours, with a longer period of reaction vacuum 2, narrow range of collection. It is not possible to collect samples extensively with the help of the vendor's collection process and a small number of user reports. 3, the White list collection is not enough. Similar to the 2nd is due to the narrow scope of the collection. The traditional active defense process is generally as follows: The preparation stage: collect enough samples, detailed analysis, summed up the behavior feature library--> release phase: Release the main defense products--> Feedback phase: Collect the bypassed samples, improve the main defense. The process is longer than the signature code, often requiring weeks and months of cycles. Visible, the traditional kill soft all have a common flaw, that is the reaction speed is too slow. Do not kill friends know that a trojan in the oven before is to test, with almost all of the killing soft all swept again, and sometimes run to try, most of the factory can not be reported. A Trojan as long as the heart to do not have not lost the killing soft. The same is also the case, sometimes even easier than the signature code, why? Because as long as someone discovers a loophole, then can produce a large series of bypass samples, if the secrecy is good for a long time will be effective. In order to solve this problem to some extent, the concept of "cloud security" is introduced. Let's look at how cloud security solves the problem of the traditional killing soft. I first take the domestic cloud as an example, the domestic cloud will be the client as a collector, usually not in the cloud Library of the program, will be uploaded to the server for analysis and identification, and in a relatively short period of time all users can get feedback. We see the domestic cloud has the following advantages: 1, short cycle, fast feedback. Machine analysis can be done in just 5-30 minutes, and it can be protected because the virus library is in the cloud and therefore does not need to be upgraded. 2. Wide range of collection. In addition to the user specifically reported, the manufacturer's reptile program, honeypot program, each client has become a collector, the collection capacity will be multiplied. 3, not only collects the virus also can collect the white file. Can be used to reduce false positives. But many friends think in case of "broken net" how to do? There will be the "first victims" problem. First about "Breaking the net". So let's think of a situation where, for example, a sample has been removed from the vast majority of the kill, and the cloud is not collected. At this time the traditional killing soft is not killed, so detection does not come out, run after poisoning, ifNot targeted broken nets but because the virus database update cycle Losson AH in a long period of time to find out, if the network is broken so can not upgrade also find out. Then look at the cloud kill soft, cloud kill soft detect not come out, run off network poisoning, unable to connect cloud. Therefore, "broken nets" samples, whether traditional or cloud are not to be solved, there is no so-called traditional kill soft on the broken network samples more powerful said. The second is about the first victims. Cloud security is used to shorten the cycle and to reduce the number of poisoned people. It can be said that the traditional killing soft not only has "the first victims", there are "two victims" until the "N batch of victims" until the virus is reported, the virus database updated. Maybe someone looked at it and wondered, what's the difference between the cloud and the previous online virus escalation? The difference is to participate in the number of users different! Online virus escalation, and how many users can have multiple engine sites to actively use?? Take a step back, even if we all go to use, but online to report the site's server is too unbearable. Online virus scanning, whether it's object-oriented (only a handful of people will use this), or a lag of the response (even if the report came to the conclusion also need to wait for the next virus library upgrade to be effective) can not be compared with the current cloud security. Cloud innovation does not lie in how technologically advanced, but in a mode of change, or the transformation of the way of thinking: the former is entirely the manufacturer in charge of things, part of the customer to complete. 1 2 Next >> view full text navigation 1th page: Traditional kill soft 2nd page: Cloud Security Technology Original: Analysis Cloud security Hype or utility (1) Return to network security home