From the current security vendors for viruses, Trojans and other security risks monitoring and killing methods, "cloud security" and the general idea of the traditional security logic is not very different, but the service model is very different. At the other end of the cloud, you have the world's most professional team to help users deal with and analyze security threats, as well as the world's most advanced data centers to help you save your virus library. Moreover, cloud security on the user side of the device requirements are reduced, the use of the most convenient.
Manual update of virus code will become history
Did you update the virus code today? According to Av-test.org's latest statistics, the global malicious program has more than 11 million, and every 4 seconds to produce a new virus. In the wake of the Internet threat surge today, update the virus code to become business and netizens daily necessary work, from once a week to once a day, until the time to update, and the traditional code than the technology of the process of the problem is causing the effectiveness of the killing virus, the anti-virus industry must seek new technological breakthroughs.
This July, trend technology pioneered a cloud security solution based on cloud computing platforms in the industry to respond to fast-growing and highly dynamic network threats. According to Xu Xuerong Introduction: This technology beyond the traditional virus analysis processing mechanism, through the construction of a large cloud server group on the Internet, the massive information source analysis and collation, the high risk information source to the cloud database, when users access to Internet information, By querying the security level of the information source in time, the high risk information can be blocked in time, before the network threat reaches the end user or the company network, so that the user frequently updates the virus code work becomes history.
Web communication is the main channel variant.
There has been a qualitative change in the channels, forms and lifecycles of viral development. At present the growth of the virus mostly comes from the network, spreads through the network, automatically downloads the new virus or automatically renews the variant, grows unceasingly.
Phishing, Trojans, spyware, botnet zombie network, often lurking in seemingly normal pages, they are like a network of invisible mines, once Click may detonate. When you browse the Web page or press the spam, MSN links with the URL, in fact, and disaster only a "key" separated!
Since 2007, the use of Web page attacks Shijian, by March 2008 found more than 400 kinds of tool kits to generate phishing. In the past 20 years, the network malicious attack has been explosive growth trend. In 1988, a total of 1738 virus samples were collected globally, compared to 640,000 in the 2008 single month (about 20,000 a day, one virus every 4 seconds). As of May 2008, the total number of malware was over 11 million cases. According to statistics, the web threat grew by 1731% from 2005 to 2008 March.
Traditional virus signature ratio pairs are now exhausted
The virus signature looks like a prisoner's fingerprint, when an antivirus company collects a new virus sample, they will intercept a small piece of the virus program that is unique enough to represent the virus's binary code (Binary code), to identify the virus as an anti-drug program, This unique binary program code is known as a virus signature. Because the type and type of virus has been changing, the new virus is constantly written every day, if not frequently updated virus signatures, and then strong anti-virus software will fail. Today, with the massive emergence of new malware and the automatic updating of variants online, this makes it difficult to use traditional virus-signature protection.
Constantly updated virus profile, not only the file is becoming larger, and can not catch up with the speed of new virus generation. 2001, the weekly update of virus signatures has become a consensus in the industry. At that time, the virus's life cycle is longer, the weekly update enough to ensure that the computer security. As the life cycle of the virus is shortened, the virus signatures are updated from once a week to once a day, then once per hour, or even in minutes. But even so, traditional virus signature protection values are still shrinking, which has not been much of a deterrent to the mainstream web threat.
Traditional anti-virus to deal with these Trojans, the need to obtain virus samples from the client, and then to develop a solution to the sample, and then through successful testing, the end users need to download the update virus code to achieve real virus protection work. As mentioned above, now every 4 seconds a new virus is born, and in 4 seconds, we can make virus signatures and distribution to each terminal? This is obviously unrealistic.
Only for the link that makes the virus signature, 20,000 viruses a day will require at least 1000 senior virus analysis engineers a moment to continue to analyze to complete, as the virus continues to accelerate the production, which for any security vendor, if there is no technical innovation, will eventually go to a human bottleneck. At present, the attack cycle of individual virus is shortened and the effectiveness of virus signature protection is getting lower, and the traditional code is becoming more and more economical than technology.
Keep your virus code updated in the cloud
Cognition: A new approach must be found to confront viruses that roam the Internet. Must be in the same way, the network of viruses, you have to solve in the cloud. Xu Xuerong stressed: "Anti-virus response time must match the time of virus generation, cloud security technology in the cloud to build a huge virus threat library, for a 7x24 hours of real-time computing, cloud security technology will be hand-made signatures to the cloud server group Dynamic Computing Way, the same analytical work, Traditional artificial analysis takes 2 hours, and cloud security technology takes only a few seconds to match the speed with which the virus is produced. Users in the actual use, through the security subsystem of the automatic query, you can get timely protection, such an alarming gap, it is inevitable that the previous frequent update virus code to work to become a history. ”
At present, for viruses from the network, the Internet-based virus characteristics are placed into the cloud, endpoint users can significantly reduce the work of updating virus code.
Web Reputation Services
With a fully reputable database, cloud security can be used to track the credibility of web pages by assigning credit scores based on factors such as site pages, historical location changes, and suspicious activity indicators found in malware behavior analysis. The technology will then continue to scan the site and prevent users from accessing the infected Web site. To improve accuracy and reduce false positives, security vendors also assign a credit score to a particular page or link in a Web site, rather than categorizing or intercepting the entire site, since only a portion of the legitimate site is attacked, and the reputation can change over time.
By the comparison of the credit score, you can know the potential risk level of a website. When a user accesses a site that is potentially risky, it can be alerted or blocked in a timely manner to help users quickly identify the security of the target site. With Web reputation services, you can guard against the source of malicious programs. Since the 0 attack is based on the credibility of the site rather than the real content, so can effectively prevent the initial download of malware, users access to the network before access to protection capabilities.
e-mail Reputation service
The e-mail reputation service checks the IP address against the reputable database of known spam sources and validates the IP address with dynamic services that can evaluate the reputation of the sender of an e-mail message in real time. The credit score is refined by continuous analysis of the IP address's "behavior", "Scope of activity", and previous history. By the sender's IP address, malicious e-mail is intercepted in the cloud, preventing web threats such as zombies or botnets from reaching the network or user's computer.
File Reputation Service
File reputation Service technology, which checks the credibility of each file located at an endpoint, server, or gateway. The check is based on a list of known benign files and a list of known malicious files, which are now called antivirus signatures. A high-performance content distribution network and a local buffer server will ensure that latency is minimized during the inspection process. Because malicious information is stored in the cloud, it is possible to reach all users on the network immediately. Furthermore, this approach reduces endpoint memory and system consumption compared to traditional antivirus signature file downloads that occupy the endpoint space.
Behavioral Correlation Analysis Technology
The "Relevance Technology" of behavioral analysis can be used to link the threat activities to determine whether they belong to malicious behavior. A single activity on the Web threat does not seem to hurt, but if you do multiple activities at the same time, it can lead to malicious results. It is therefore necessary to determine whether there is a real threat in terms of heuristics, and to examine potential threats to the interrelationships between different components. By associating different parts of the threat and constantly updating its threat database, you can respond in real time, providing timely and automatic protection for e-mail and web threats.
Automatic feedback mechanism
Another important component of cloud security is the automatic feedback mechanism that enables continuous communication between the threat Research center and the technician in a bidirectional update stream. Identify new types of threats by examining the routing reputation of individual customers. For example, the global automatic feedback mechanism of trend science and technology is similar to the "Neighbourhood supervision" approach adopted by many communities now, and the realization of real-time detection and timely "common intelligence" protection will help to establish a comprehensive and up-to-date threat index. Each new threat found by a single customer's regular credit check automatically updates trend technology's global threat database, preventing future customers from encountering a threat that has been identified.
Because the threat data will be collected according to the credibility of the communication source rather than the specific communication content, there is no problem of latency, and the privacy of the customer's personal or business information is protected.
Threat Information Rollup
Security companies use a variety of technologies and data collection methods-including "honeypot", web crawlers, customer and partner content submissions, feedback loops. Threat data is analyzed through a malware database, service, and Support Center in trend cloud security. 7x24 24x7 threat monitoring and attack defenses to detect, prevent, and purge attacks.
White List Technology
As a core technology, whitelist and blacklist (virus signature technology is actually using the blacklist technology ideas) is not much different, the difference is only in scale. Avtest.org's recent malicious samples (bad files, poor file) include about 12 million different samples. Even if the number has recently increased significantly, the number of bad files is still less than good files. The commercial white list has a sample of over 100 million, and some people expect the figure to be as high as 500 million. So it's a huge job to keep track of all the good documents that are present globally, and it may not be done by a single company.
As a core technology, the white list is now mainly used to reduce false positives. For example, there may be an actual, malicious signature in the blacklist. Therefore, the antivirus feature database will be regularly checked against the internal or commercial whitelist, and trend technology and pandas are currently performing this work regularly.
Therefore, as a measure to avoid false positives, the whitelist has actually been included in the smart homeowner receptacle.
Bundle language:
It is believed that in the future, with the in-depth development of network applications, the effectiveness of cloud protection will become more and more prominent. Although cloud security technology is not omnipotent, it is at least a leap in anti-virus technology, but also the only way for content security vendors. It can be expected that, for the entire information security industry, future product clients will no longer be the focus of competition, the core of enterprise differentiated competition will be transferred to the cloud structure of the background computing and Analysis Services capabilities, and for users, security protection is more and more comprehensive, do not have to frequently upgrade the virus signature database, Users will receive the most complete security protection with minimal storage and computing resources.