Introduction to the seven key technologies in cloud security

From the current security vendors for viruses, Trojans and other security risks monitoring and killing methods, "cloud security" and the general idea of the traditional security logic is not very different, but the service model is very different. At the other end of the cloud, you have the world's most professional team to help users deal with and analyze security threats, as well as the world's most advanced data centers to help you save your virus library. Moreover, cloud security on the user side of the device requirements are reduced, the use of the most convenient.


　　


Cloud Security provides us with a broad view of the seemingly simple content that covers seven core elements:


　　


Web Reputation Service


　　


with a fully reputable database, cloud security can be used to track the credibility of web pages by assigning credit scores based on factors such as site pages, historical location changes, and suspicious activity signs found in malware behavior analysis. The technology will then continue to scan the site and prevent users from accessing the infected Web site. To improve accuracy and reduce false positives, security vendors also assign a credit score to a particular page or link in a Web site, rather than categorizing or intercepting the entire site, since only a portion of the legitimate site is attacked, and the reputation can change over time.


　　


through the credit score of the comparison, you can know a site potential risk level. When a user accesses a site that is potentially risky, it can be alerted or blocked in a timely manner to help users quickly identify the security of the target site. With Web reputation services, you can guard against the source of malicious programs. Since the 0 attack is based on the credibility of the site rather than the real content, so can effectively prevent the initial download of malware, users access to the network before access to protection capabilities.


　　


e-mail reputation service


　　


e-mail reputation service checks IP addresses against the reputable database of known spam sources, while validating IP addresses with dynamic services that can evaluate the reputation of e-mail senders in real time. The credit score is refined by continuous analysis of the IP address's "behavior", "Scope of activity", and previous history. By the sender's IP address, malicious e-mail is intercepted in the cloud, preventing web threats such as zombies or botnets from reaching the network or user's computer.


　　


File Reputation Service





File Reputation Service technology, which checks the credibility of every file located at an endpoint, server, or gateway. The check is based on a list of known benign files and a list of known malicious files, which are now called antivirus signatures. A high-performance content distribution network and a local buffer server will ensure that latency is minimized during the inspection process. Because malicious information is stored in the cloud, it is possible to reach all users on the network immediately. Furthermore, this approach reduces endpoint memory and system consumption compared to traditional antivirus signature file downloads that occupy the endpoint space.


　　


Behavioral Correlation Analysis Technology


　　


through behavioral analysis of the "relevance technology" can be a combination of threat activities to determine whether it is malicious behavior. A single activity on the Web threat does not seem to hurt, but if you do multiple activities at the same time, it can lead to malicious results. It is therefore necessary to determine whether there is a real threat in terms of heuristics, and to examine potential threats to the interrelationships between different components. By associating different parts of the threat and constantly updating its threat database, you can respond in real time, providing timely and automatic protection for e-mail and web threats.


　　


Automatic feedback mechanism


　　

Another important component of
cloud security is the automatic feedback mechanism, which enables continuous communication between the threat Research center and the technician in a bidirectional update stream. Identify new types of threats by examining the routing reputation of individual customers. For example, the global automatic feedback mechanism of trend science and technology is similar to the "Neighbourhood supervision" approach adopted by many communities now, and the realization of real-time detection and timely "common intelligence" protection will help to establish a comprehensive and up-to-date threat index. Each new threat found by a single customer's regular credit check automatically updates trend technology's global threat database, preventing future customers from encountering a threat that has been identified.


　　


because the threat data will be collected according to the credibility of the communication source rather than the specific communication content, there is no problem of latency, and the privacy of the customer's personal or business information is protected.


　　


Threat Information Rollup


　　


Security companies use a variety of technologies and data collection methods-including "honeypot", web crawlers, customer and partner content submissions, feedback loops. Threat data is analyzed through a malware database, service, and Support Center in trend cloud security. 7x24 24x7 threat monitoring and attack defenses to detect, prevent, and purge attacks.


　　


White List Technology


　　


as a core technology, whitelist and blacklist (virus signature technology is actually using blacklist technology ideas) is not much different, the difference is only in scale. Avtest.org's recent malicious samples (Badfiles, bad files) include about 12 million different samples. Even if the number has recently increased significantly, the number of bad documents is still less than the good paper (goodfiles). The commercial white list has a sample of over 100 million, and some people expect the figure to be as high as 500 million. So it's a huge job to keep track of all the good documents that are present globally, and it may not be done by a single company.


　　


as a core technology, the white list is now mainly used to reduce false positives. For example, there may be an actual, malicious signature in the blacklist. Therefore, the antivirus feature database will be regularly checked against the internal or commercial whitelist, and trend technology and pandas are currently performing this work regularly.


　　


Therefore, as a measure to avoid false positives, the whitelist has actually been included in the smartprotectionnetwork.