Cloud Security 2.0 three major technologies into China

At present, cloud security has become a hot topic in the information security world. With the development of the security situation, the connotation of cloud security has been evolving, and new technologies and schemes have been integrated clouds the concept of security. For enterprise users, with the entire new generation of cloud Security 2.0 of the technology system gradually surfaced, the user's own security defense deployment also followed by a new change: the use of cloud technology to promote terminal security defense has become a brand-new experience.

When it comes to cloud Security 2.0, insiders understand that any new technology is not an overnight occurrence. For security deployments, the current Cloud Security 2.0 system is upgraded from the traditional cloud security solution, through the addition of cloud client file reputation technology, threat discovery management technology, terminal security management technology, the new Cloud Security 2.0 technology system to the enterprise user's terminal security and response more in place.

One aspect: Cloud Client file Reputation technology

Previous trend technology China general manager Oscar in an exclusive interview with this newspaper that the cloud client file reputation represents the popular anti-malware processing technology in the past 25 years a fundamental change. In the final analysis, the root cause of this technology is to deal with the new and malicious threats, which are massive threats.

Ping, general manager of Barracuda China, said a massive threat is a new type of threat characterized by exponential growth in numbers, which needs to be identified and handled by Anti-malware Protection solutions to ensure that users are protected without affecting normal business activities.

According to IDC, up to the beginning of 2009, around 850 new malware will be added to the world approximately every hour. This number is expected to continue to rise by 2015, with 26,000 new malware per hour.

"In view of this, enterprise users desperately need a new anti-malware protection infrastructure that can successfully deal with new and massive threats, avoid damage to itself, and minimize the impact of this malware on business operations." In other words, the cloud client file reputation technology has emerged. Oscar said.

The reporter's view is that the current cloud client file reputation also belongs to a type of file reputation, or called blacklist interception mechanism. This technology uses traditional Anti-malware protection and defines anti-malware in the cloud to reduce the impact of overlapping and increased transmission patterns on customer networks.

In fact, cloud client file reputation technology separates files from client scans, ensuring that scanning services can be looked up through the network so that local cloud scanning services, or scanning services across the Internet, can work as much as possible. This also solves the problem of extending the number of information updates to a large number of terminal systems in the network. Once the new content is updated on the scan server, all enterprise users can be protected immediately through the scan server.

Overall, the mainstream security vendors will have a variety of types of file reputation technology, the technology of file reputation between different products is not the same, but the technology fully utilizes the threat protection storage information based on cloud security and efficient client intelligent filtering, so all file reputation technology belongs to Cloud Security 2.0.

The second aspect: Threat Discovery Management technology

At present, due to the increasingly complex threat of network security, the problem of data leakage in the workplace is endless. Some traditional security technologies, such as firewalls, ips\ids, and VPNs, are focused on preventing external threats from entering corporate networks, and are not effective in defending internal threats from corporate networks being invaded by employees browsing infected Web pages, accessing Web mail, or using IM software.

According to the survey published by Trend technology, end users around the world are more likely to participate in high-risk online activities at work than at home, as of the two quarter of this year, such as opening an unknown email attachment or clicking on a malicious link. Obviously, employees do not have a correct understanding of network security at work.

In addition, security solutions such as network access control emphasize evaluating and authenticating the initial state of a company's employees ' endpoints, according to the US receptacle World Report. Once the user has been approved for the first time, it will no longer be monitored, and users can also make malicious acts against the network. If a company employee is unaware of the dangerous consequences of these malicious acts, it may violate the security rules and result in data loss. In addition, today's "No boundaries" enterprises can freely share the information of employees and partners around the world, which undoubtedly further increases the security risk.

Wedge NX, the global CEO of Zhang Hongwen, said to reporters that the current conditions for security reform has matured. He stressed that if the visibility of the cause of the invasion and its precise location were insufficient, the information technology sector of the enterprise could not identify the most appropriate remedy. To effectively increase coverage, security technicians need to get more information.

In fact, if you understand that most threats are generated through gateways through it technology, the enterprise should install the appropriate gateway protection program. It is easy to see that businesses need a "security alert system" to accurately identify new known malware and measure the extent of damage that has occurred. In addition, businesses need a system that can fix and manage network threats to ensure proper, prompt repair and timely delivery of reports, identifying ways to prevent threats. Clearly, these requirements have been embraced by the Cloud Security 2.0 technology system.

The Oscar view is that only the introduction of threat discovery management technology can meet the needs of enterprises to detect, reduce and manage threats within the network. And through the cloud computing platform, enterprises can quickly and effectively deal with malicious software, greatly reduce network damage control costs and improve the overall security level.

According to the introduction, the current Cloud Security 2.0 system integrated threat Discovery management technology is divided into three major stages: first, detect the network internal security threats; second, the management phase, using cloud security technology architecture for correlation analysis, wide spectrum identification of malicious behavior, identify the root causes of threats, tracking and provide threat analysis; Third, the feedback phase , make full use of cloud security technology to identify and feedback the latest security threats, and get detailed and timely defense support through the Security Center in the cloud.

The reporter found that in the current architecture, threat detection and threat discovery management often work together to monitor suspicious behavior in the network, thus detecting malicious software that is not found by traditional pattern matching. New technologies can mark malicious software that spreads or infects other users, including hidden malware that causes internal data to leak or receive instructions from a malicious source, such as a zombie network.

In addition, the network content detection technology covered in Cloud Security 2.0 system can detect network traffic based on the network protocols and applications provided by the threat detectors. As a result, the new cloud security system can detect a large number of potentially disruptive applications through the network protocol layer while ensuring that network services are not interfered with.

The third aspect: Terminal Safety management technology

In a security report released this June, IDC noted that malware has become a complex, well-organized industry that is profitable. Within the enterprise, end users are most aware of this. A large number of hackers realize that traditional end-security methods are beginning to fail to counter the number of such high threats: companies are struggling to cope with larger, more frequent signature updates, while users are frustrated by the reduction in the resources available to the enterprise in handling the threat. These issues together constitute a major storm, providing an ideal environment for targeted attacks and data theft.

Based on this, in the past few years, the enterprise terminal Security market as a whole in the rapid development process. However, Oscar stressed that the end product now embodies a large number of complexity characteristics, enterprise IT managers will find that they are being affected by the complexity of security solutions.

In the interview, the reporter found that for enterprise terminal security, IT departments in the deployment and management of a large number of terminal signature file updates, the challenge is often not overlooked. In particular, a number of mobile strong, network infrastructure complex, and the need for frequent maintenance of the terminal management work, all make the effect of security technology greatly compromised.

In this respect, the new Generation Cloud Security 2.0 system to the cloud and terminal protection and maintenance further enhance the efficiency. The Cloud Security 2.0 system eliminates the need to coexist with scan engines and signatures, introducing a new protocol to transfer the burden of checking file information in a signature database to a central server that can be hosted by a corporate network (a local scan server) or by IDC.

The reporter's view is that the improvement of this technology is very meaningful, to a large extent, the attack on the server will be resolved in the cloud, or even a large number of signatures need not be transmitted to the customer network in every terminal, thus saving a lot of time and effort.

In this regard, Oscar and Zhang Hongwen view the same, they believe that a complete cloud Security 2.0 system needs to start from three aspects, improve the protection and management of terminal security. First, improve the client. It is a centralized scanning component in the Cloud Security 2.0 system, which is equivalent to a signature matching engine for traditional content scanning. The client cooperates with the scan server, querying the file information to determine whether the given file or file fragment of the signature and scanned file is infected; second, cloud Security query filter. As the primary support technology for the Cloud Security 2.0 system, it is not necessary to scan the server for every file it scans. The cloud security server can accurately locate the actual signatures found in the scanned files. At present, the cloud security server does not produce false reports, and the false alarm rate is also very low; third, the local scan server. The server is installed in the customer network, the equivalent of a database server for the Cloud Security 2.0 system to provide query services. The scan server searches the signature for file information to determine whether the scanned file content matches the given malware signature. If necessary, the scan server also generates update information for the client's cloud security server. This update is more efficient than deploying signatures on stand-alone terminals.