Cloud Security provides us with a broad view of these seemingly simple content, which covers the core technologies:
Web Reputation Services
With a fully reputable database, cloud security can be used to track the credibility of web pages by assigning credit scores based on factors such as site pages, historical location changes, and suspicious activity indicators found in malware behavior analysis. The technology will then continue to scan the site and prevent users from accessing the infected Web site. To improve accuracy and reduce false positives, security vendors also assign a credit score to a particular page or link in a Web site, rather than categorizing or intercepting the entire site, since only a portion of the legitimate site is attacked, and the reputation can change over time.
By the comparison of the credit score, you can know the potential risk level of a website. When a user accesses a site that is potentially risky, it can be alerted or blocked in a timely manner to help users quickly identify the security of the target site. With Web reputation services, you can guard against the source of malicious programs. Since the 0 attack is based on the credibility of the site rather than the real content, so can effectively prevent the initial download of malware, users access to the network before access to protection capabilities.
Ii. e-mail reputation service
The e-mail reputation service checks the IP address against the reputable database of known spam sources and validates the IP address with dynamic services that can evaluate the reputation of the sender of an e-mail message in real time. The credit score is refined by continuous analysis of the IP address's "behavior", "Scope of activity", and previous history. By the sender's IP address, malicious e-mail is intercepted in the cloud, preventing web threats such as zombies or botnets from reaching the network or user's computer.
Third, the document reputation service
File reputation Service technology, which checks the credibility of each file located at an endpoint, server, or gateway. The check is based on a list of known benign files and a list of known malicious files, which are now called antivirus signatures. A high-performance content distribution network and a local buffer server will ensure that latency is minimized during the inspection process. Because malicious information is stored in the cloud, it is possible to reach all users on the network immediately. Furthermore, this approach reduces endpoint memory and system consumption compared to traditional antivirus signature file downloads that occupy the endpoint space.
Iv. Behavioral Correlation Analysis techniques
The "Relevance Technology" of behavioral analysis can be used to link the threat activities to determine whether they belong to malicious behavior. A single activity on the Web threat does not seem to hurt, but if you do multiple activities at the same time, it can lead to malicious results. It is therefore necessary to determine whether there is a real threat in terms of heuristics, and to examine potential threats to the interrelationships between different components. By associating different parts of the threat and constantly updating its threat database, you can respond in real time, providing timely and automatic protection for e-mail and web threats.
V. Automatic feedback mechanism
Another important component of cloud security is the automatic feedback mechanism that enables continuous communication between the threat Research center and the technician in a bidirectional update stream. Identify new types of threats by examining the routing reputation of individual customers. For example, the global automatic feedback mechanism of trend science and technology is similar to the "Neighbourhood supervision" approach adopted by many communities now, and the realization of real-time detection and timely "common intelligence" protection will help to establish a comprehensive and up-to-date threat index. Each new threat found by a single customer's regular credit check automatically updates trend technology's global threat database, preventing future customers from encountering a threat that has been identified.
Because the threat data will be collected according to the credibility of the communication source rather than the specific communication content, there is no problem of latency, and the privacy of the customer's personal or business information is protected.
Vi. Summary of threat information
Security companies use a variety of technologies and data collection methods-including "honeypot", web crawlers, customer and partner content submissions, feedback loops. Threat data is analyzed through a malware database, service, and Support Center in trend cloud security. 7x24 24x7 threat monitoring and attack defenses to detect, prevent, and purge attacks.
Vii. White List Technology
As a core technology, whitelist and blacklist (virus signature technology is actually using the blacklist technology ideas) is not much different, the difference is only in scale. Avtest.org's recent malicious samples (Badfiles, bad files) include about 12 million different samples. Even though the number has increased significantly in recent times, the number of bad files is still less than good documents (goodfiles). The commercial white list has a sample of over 100 million, and some people expect the figure to be as high as 500 million. So it's a huge job to keep track of all the good documents that are present globally, and it may not be done by a single company.
As a core technology, the white list is now used primarily to reduce false positives. For example, there may be an actual, malicious signature in the blacklist. Therefore, the antivirus feature database will be regularly checked against the internal or commercial whitelist, and trend technology and pandas are currently performing this work regularly. Therefore, as a measure to avoid false positives, the whitelist has actually been included in the smartprotectionnetwork.