The increasing security risk not only drags down the firewall, it also drags down the antivirus system. "Traditional malware detection methods based on signatures are not enough," said Charles Kolodgy, director of research at IDC's Security product Services Division. The user's behavior is changing, the threat is evolving, but the malware detection technology has not kept pace. ”
New ideas for safety
Security vendors are in dire need of a new approach to the problem, and this is where the security of the cloud is seen as the future direction of cybersecurity, and the Web security gateway that can contend with it. The commonality is to be able to withstand the risks from the Internet, the difference is that the security of the cloud Security service location in the "cloud" side and with a security gateway echoed each other, the Security service location of the Web security gateway in the enterprise network boundaries. The integration trend towards "end" points has become clearer.
In the last two months, the trend technology, Panda, McAfee and other security companies have announced "cloud security" technology and products, promoting the gradual transition of network security to the "cloud" era. In the "cloud" era, trend technology and the panda's approach is to put the virus database on the "cloud" side, and the client through the network, when the "cloud" in the network to find unsafe links, can directly form a judgment, to prevent its access to the user machine, fundamentally protect the safety of the machine.
While these two approaches compensate for the lack of "kind" in the application of security threats, but now the cloud security and web security gateway, should be said to be in a start-up phase, is currently recognized by the industry cloud security companies only trend technology and pandas, they provide a wide range of cloud security services, not limited to virus prevention, Even extend to URL filtering, file filtering and email filtering. and can provide a Web security gateway security vendors are only stable Czech network, Bluecoat, Jie, NSFocus and F5.
Cloud Security Subversion Traditional mode
Trend Technology Senior Product technology advisor Xu Xuerong said that traditional malware detection relies on the threat signature database installed on users ' computers, which means that the threat signature database on each computer can provide up-to-date protection only after updating and including new threat signatures. Therefore, when a new threat first appears, all computers must wait a period of time to protect against this new threat.
It is not difficult to find that the cloud security calculation way to put the virus database on the "cloud" side, and the client-made defense system can directly block the transmission of viruses and Trojans through the network to protect the terminal machine security.
Hope Tatsu Information Security Technology Co., Ltd. general manager Jin Yu said that cloud computing anti-virus technology no longer requires the client to keep the virus library features, all information will be stored in the Internet. When the end users in any corner of the world connect to the Internet, and the cloud server to maintain real-time contact, when the discovery of abnormal behavior or viruses and other risks, automatically submitted to the cloud server group, by the cloud computing technology focused analysis and processing. After that, cloud computing technology generates a deal on risk and distributes it globally to clients. The client can automatically block interception, killing and other operations.
In fact, cloud security is like cloud computing, although "cloud" is easy to understand. But once it is connected to security, its meaning expands and becomes blurred. Some information security insiders interpret cloud security as an antivirus upgrade--basically the many servers available on the Internet--to achieve what is called the "Internet is anti-virus" concept.
It is reported that the trend of technology cloud security can support an average of 5.5 billion clicks a day to query, 250 million samples a day to collect analysis, the database first hit rate can reach 99%. With the help of cloud security, trend technology now blocks up to 10 million infections a day.
Although cloud security is a great hope for users, it is not intended to replace firewalls or antivirus systems for the time being. It is reported that the trend of technology has been the cloud security technology framework into the company's full range of products: Gateway security equipment IWSA, client products OfficeScan, SME products worry Free5.0 and personal consumer Products network security experts (TIS). To this end, the trend of technology cloud security has been established around the world 5 large data centers, tens of thousands of of online servers.
The company called Cloud computing Services "Collective FDI" (synthetic artificial intelligence), collecting and storing the behavior patterns, records, and new malware samples of end users and applications on the Internet through cloud hosting groups. Every day through the monitoring of tens of thousands of sites, analysis and collection of more than 8TB of data content, has been officially used.
Security logic for the application layer
Because the Web security gateway works in the application layer, it has the innate technical superiority to the Web application protection. Web security gateway based on a deep understanding of Web application business and logic, the various requests from the Web application client content detection and verification, to ensure its security and legitimacy, the illegal request for real-time block, so that all kinds of web sites for effective protection. Secure Czech network chief technology officer Zhang Hongwen says web security gateways can be placed on the back of the firewall to effectively intercept HTTP and FTP data, detect, intercept, protect against viruses, spyware, Trojan horses, and worm attacks.
Secure Czech network chief technology officer Zhang Hongwen said that the current international standard Web security gateway in the high transmission performance and low scanning delay conditions, there should be three major characteristics:
1, malicious software filtering: for access to the desktop, Web servers and mobile devices two-way Internet traffic filtering malware (Trojan horses, viruses, spyware, etc.).
2, application Program control: Meticulous, policy-based management of web-based applications, for desktop browsers, Web servers and database users with protection, to ensure that these users from Internet attacks and data leakage intrusion. Use advanced pattern matching and keyword catalogs to meet regulatory requirements.
3, URL Filtering: Use of known classified Web site address database, enhance the acceptability of the URL filtering, reduce security risks.