Security mainstream development of the major "cloud security" technology detailed

Now each anti-virus software manufacturers in the speculation "cloud security" concept, which fry the loudest is rising and trend. Find the trend and rising of the relevant information, the general principle for everyone to sum up, on the right to throw a brick bar.

First Camp: Trend Technology

Trend Technology's "cloud security secure Cloud" is mainly used in enterprise-class products, emphasizing the interception of composite attacks and light client policies, the ultimate goal is to allow the threat to reach the user's computer or corporate network before they intercept.

Current viruses often contain multiple components, rather than relying on a single virus body. A single component may not be a threat to the user, seemingly harmless. But the combination of multiple components creates a conforming attack. The trend of cloud security is to solve this problem, in the various components of the inspection, and ultimately judge the threat.

Second, the light client policy. In the official example of the trend, mentions that when a user receives a malicious e-mail message with a network link, it checks its sending source address in the Mail reputation service database and then checks the message for links in the Web Reputation Service database, and then analyzes the component and redirect pages for the Web page. Extract the IP address and add it to the interactive threat database.

As can be seen, the trend of cloud security can be summed up as an internet-based database of light client programs, that is, the framework of a large black and white list server group for client queries. In the trend cloud security concept, the trend of the server constitutes a large "cloud". Therefore, the trend cloud security must be based on a large number of servers.

In fact, technology similar to the trend cloud security has already appeared. Norton Insight, for example, is in security 2009. Norton Insight technology will connect servers in the Internet, automatically identify files on users ' computers, and Mark trusted files. This allows you to speed up the scan without having to scan known files. Norton actually reduced the trend's black-and-white list to a white-list library.

The downside of the trend "cloud security" is the inability to perceive unknown threats that already exist on the local computer. From the concept of "cloud security", we can see that the main idea is to combine, judge and intercept the external threats. But once an unknown virus or threat is compromised through other channels into the user's computer, the trend is unable to effectively perceive the security threats that are already on the machine.

The second camp: rising

Rising "cloud security" the official definition: through the network of a large number of client-side software behavior of the abnormal monitoring, interception of the Internet Trojan, malicious program of the latest information, and then pushed to the server side for automatic analysis and processing, and then the virus and Trojan solution distributed to each client.

The above remark looked more official, but noted the phrase "abnormal monitoring of software behavior in the network through a large number of Web clients". It can be seen that rising "cloud security" and the trend of "cloud security" is not the same concept. Trend "cloud security" in the "cloud" is the trend of the server group, and rising "cloud" is a large number of users. Rising in the cloud security, rising server has become a client side.

Through each client to scan the user's computer, and then extract may be the virus file escalation, after the processing of rising, upgrade anti-virus software or cards and then push to the user.

Rising cloud security is the essence of a sample collection processing mechanism. Rising cloud security needs to have a large number of clients (Kaka 6?), in order to form a real sense of the cloud, in addition to the rapid analysis of the virus to deal with the ability. In the rising cloud security, because the client is the part of the cloud, so do not need to set up so many servers.

Rising cloud security features are able to perceive the user's computer already exists unknown virus, the idea is good, but rising whether the ability to truly achieve the goal of cloud security vision, it will take time to test.

The concept of security similar to the Swiss Nebula more products, such as Eset Threatsense.net, Kaspersky 2009 Kaspersky Network Security System and Symantec Norton Community Watch and so on. However, as a result of this model requires a large number of clients, so compared to the trend, such as rising Kabbah or have a certain advantage.

Rising cloud security also has its own fatal flaw, although it can perceive the unknown virus already exists on the user's computer, but does not have the ability to intercept the unknown virus before it invades the computer, it can be said to be "afterwards Zhuge Liang".

Third Camp: Qihoo 360

Before the national day, Qihoo announced the purchase of 2000 servers and built the largest cloud security computing center in China.

Qihoo Mister Zhou said, a company does not have more than 1000 servers, do not jump to talk about ' cloud security '. There is no real "cloud security" in the country.

From the information of Qihoo, we can see that the cloud security of Qihoo should be derived from "cloud computing". Cloud computing refers to taking some of the user's stuff out of the firewall and putting it in a shared "server". At the moment, cloud computing itself is a controversial topic.

Search the odd tiger a lot of relevant data, did not find the tiger cloud security in the end is what. Just mentioned a large number of servers and bandwidth, but did not specify what to do with so many servers and bandwidth, also did not see the Qihoo has related product launch.

Lenovo to the strange Tigers and the recent lawsuit, I seriously doubt the tiger's "cloud security" is just for the rising aggravating a hype.

Summary

From the above analysis, we can see that trends and rising have put forward the concept of "cloud security", but the two refer to not the same thing. Trend Cloud security emphasizes blocking external threats, requiring a large number of servers (vendors); Rising cloud security emphasizes the perception of unknown threats already existing on the user's computer and requires a large number of clients (users). They represent the two camps, and many manufacturers are quick to follow. But both are currently flawed, the trend ignores the unknown threat to the local perception, collection, and rising is only passive defense, not in the unknown threat into the computer before the interception.

What kind of cloud security do we need? Personally feel that the two should be combined, that is, the current through the hanging horse, USB disk and other channels into the computer's unknown threat to intercept, but also through other channels (means) has entered the user's computer unknown threat to perceive.

As for Qihoo's cloud security based on "cloud computing," there is no shape to be seen, nor is it easy to comment. Whether it's hype or new technology, we'll wait and see.