Current security threats have forced information security vendors to change their methods of protecting customer data. TrendLabs, a research institute, says: Now, online criminals are creating 3.5 new security threats per second. Traditional methods of information security do not catch up with such speed. Here's a typical portrayal of the traditional approach:
customers send suspicious documents to their information security vendors for analysis;
Information Security vendors after the analysis of files identified as malicious files;
The manufacturer retrieves the characteristics of the file, makes the virus code to detect the file, and the vendor publishes the new virus code to the server;
Then, the customer updates the new virus code to every computer on its internal network (this kind of update is usually once a day).
Such processes are not only slow, inefficient, but also difficult for customer IT system administrators to manage efficiently. In addition, because of the alarming number of threats, such updates are simply not up to the speed at which new threats occur. The solution is that information security vendors must develop a mechanism to automatically sample, analyze, and automatically release the latest threat protection to protect customers without requiring any action from customers. This is where cloud computing and later cloud security can make a difference.
Cloud Security can not only manage this information security process more effectively through cloud computing, but will also grow in size as threats rise. Let's take a look at each of the steps in this new process.
1. Gather the latest threats
One of the key elements of a protective net to be effective is the ability to automatically collect the latest threat samples. Threat intelligence may come from a variety of different pipelines, but all require the same qualities. It is through the automated collection process without human intervention. Among these sampling sources, some information security vendors set up their own mechanism. such as: Decoy network, carpet search, and so on, but more common is through the product automatic feedback mechanism collected from its clients back samples. The automation URL, IP, domain name, and file query performed by the client product. Makes it easy for vendors to quickly get information about potential threats. Manufacturers are thus able to quickly and automatically collect the latest threats. Instead of requiring customers to provide samples. However, sampling is just the beginning.
2. Analyze and explore the latest threats
now the threat is not as simple as before, is multifaceted. Almost all kinds of threats are one of the more aggressive plans of cyber-criminals, which use a variety of methods to infect, disseminate and steal information. As a result, information security vendors must now monitor and analyze the potential threats in e-mail, web pages and files at all times because they are interrelated. The way to do that is in the cloud infrastructure. Using behavioral analysis methods to identify the associations between these threats, this infrastructure can automatically obtain threat information through the above methods. It then discovers the behavior pattern between the different components of the same attack through analysis, and then discovers the malicious activity. For example, we can analyze the correspondence between LP addresses and networks. Normally, a normal network does not frequently change IP addresses. But cyber criminals must often change IP addresses or create new networks to evade the detection of information security vendors. Another example is the analysis of e-mail messages that carry URLs to discover new spam sources and malicious websites. The cloud behavior Monitoring mechanism (that is, cloud behavior analysis) keeps searching for malicious behavior between all the different threat pipelines. Addition。 An added bonus to performing this type of behavioral analysis in the cloud is that vendors can exploit miscalculations and minimise miscalculation. Next, when you discover the latest threats, the next step is to provide the latest protection to your customers.
3. Cloud Type credit rating database
As we have seen before, the traditional method of information security protection has been made after the latest protection. All endpoint devices must be reached through layers of downloads. As a result, the timeliness of protection against the latest threats will be greatly compromised. Especially in the face of a large number of threats, the renovation speed is even more stretched. The Cloud safety net combines the so-called Prestige database, therefore, the company's information security products can be directly to the cloud database query, without the need to download the virus code to the device. This makes it easier for vendors to manage updates, and all customers get protection at the same time. Now, when employees travel outside the Web or download files from the Internet, their computers will never use the old virus code again. Will never be able to cope with the latest threats. An employee's device requires a simple procedure. Query the Cloud reputation database. You will know if there is a problem with an e-mail message, Web page, or file. And. This also reduces the use of computer resources and network bandwidth. For example, once a malicious file URL has been blocked, the user will not waste network bandwidth because of downloading a malicious file. In addition, there is no need to waste the CPU and memory of the device to scan the file, because the file has been blocked at the source.
in short, as long as the information security vendors built a strong cloud security network. Its customers have a greater advantage over the users of traditional information security methods. All the details described in this article. Generally speaking, customers are invisible. This is a good thing because customers want nothing more than to ensure that information is safe. However, unless the vendor has the ability to automatically sample, analyze, and automatically provide the latest protection (and fast and effective), it will not be able to secure the customer. In this regard. Cloud safety net is not a wave of fame
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
