Six Vendor Cloud security samples

Jinshan Poison pa "cloud security" definition


Jinshan Poison pa "cloud security" is to solve the Trojan horse after the commercialization of the Internet severe security situation emerged as a whole network defense security architecture. It includes three levels of intelligent client, clustered server and open platform. "Cloud security" is the reinforcement and complement of existing anti-virus technology, and the ultimate goal is to enable users in the Internet age to get faster and more comprehensive security.


first stable and efficient intelligent client, it can be a stand-alone security products, can also be integrated with other products security components, such as Jinshan Poison PA 2009 and Baidu Security Center, which provides the entire cloud security system sample collection and threat processing basic functions;


second service side support, it is including the distributed mass data Storage Center, professional security Analysis Services and the security trend of intelligent analysis and mining technology, at the same time it and client collaboration, to provide users with cloud security services;


Finally, cloud security is based on an open security Service platform that provides Third-party security partners with platform support for virus confrontation. Jinshan Poison Bully Cloud Security provides security services for third party security partner users, and relies on the cooperation with Third-party Security partners to establish a network-wide defense system. So that every user is involved in the whole network defense system, the virus will not be alone.


Jinshan Poison pa "cloud Security" architecture


1. Mercury Platform for storage and calculation of large quantities of


2. Internet Trusted authentication Service


3. Reptile System


Trend Technology-stop
before web threats arrive

Trend Technology Securecloud Cloud Security 6 big killer:


1.Web Reputation Service


with one of the world's largest domain reputation databases, trend-tech web reputation services can track the credibility of web pages by specifying credit scores based on factors such as site pages, historical location changes, and suspicious activity signs found in malware behavior analysis. The technology will then continue to scan the site and prevent users from accessing the infected Web site. In order to improve accuracy and reduce false positive rate, the trend technology web reputation service assigns a credit score to a particular page or link in a Web site, rather than categorizing or intercepting the entire site, since only a portion of the legitimate site is attacked, and the reputation can change over time.


By the comparison of the credit score, you can know the potential risk level of a website. When a user accesses a site that is potentially risky, it can be alerted or blocked in a timely manner to help users quickly identify the security of the target site. With Web reputation services, you can guard against the source of malicious programs. Since the 0 attack is based on the credibility of the site rather than the real content, so can effectively prevent the initial download of malware, users access to the network before access to protection capabilities.


2. E-mail reputation service


Trend Technology's email reputation service checks IP addresses against the reputable database of known spam sources, while validating IP addresses with dynamic services that can evaluate the reputation of e-mail senders in real time. The credit score is refined by continuous analysis of the IP address's "behavior", "Scope of activity", and previous history. By the sender's IP address, malicious e-mail is intercepted in the cloud, preventing web threats such as zombies or botnets from reaching the network or user's computer.


3. Document Reputation Service


Current trends Technology Cloud Security will include file reputation service technology, which checks the credibility of every file located at an endpoint, server, or gateway. The check is based on a list of known benign files and a list of known malicious files, which are now called antivirus signatures. A high-performance content distribution network and a local buffer server will ensure that latency is minimized during the inspection process. Because malicious information is stored in the cloud, it is possible to reach all users on the network immediately. Furthermore, this approach reduces endpoint memory and system consumption compared to traditional antivirus signature file downloads that occupy the endpoint space.


4. Behavioral Correlation Analysis Technology


Trend Technology Cloud security use the "Relativity Technology" of behavior analysis to link the threat activity to determine whether it is malicious behavior. A single activity on the Web threat does not seem to hurt, but if you do multiple activities at the same time, it can lead to malicious results. It is therefore necessary to determine whether there is a real threat in terms of heuristics, and to examine potential threats to the interrelationships between different components. By associating different parts of the threat and constantly updating its threat database, trend technology has a prominent advantage of being able to respond in real time and provide timely and automatic protection for e-mail and web threats.


5. Automatic feedback mechanism


Trend technology Another important component of cloud security is the automatic feedback mechanism, which enables continuous communication between trend technology products and the company's 24x7 Threat Research center and technology in a two-way update stream. By examining the routing reputation of individual customers to identify new threats, the trend-wide global automated feedback mechanism functions much like the "neighbourhood-supervised" approach adopted by many communities today, and the realization of real-time detection and timely "common intelligence" protection will help to establish a comprehensive and up-to-date threat index. Each new threat found by a single customer's regular credit check automatically updates trend technology's global threat database, preventing future customers from encountering a threat that has been identified.


6. Threat Information Rollup


research from the United States, the Philippines, Japan, France, Germany and China will complement the feedback and submission of trend technology. In the trend technology antivirus research and Support Center trendlabs, staff in various languages will provide real-time response, 24/7 of all-weather threat monitoring and attack defense to detect, prevent and eliminate attacks.


Trend Technology combines various technologies and data collection methods-including "honeypot", web crawlers, customer and partner content submissions, feedback loops, and trendlabs threat research-to get information on the latest threats. Threat data is analyzed through the malware database in trend technology cloud security and the TrendLabs research, service and Support Center.


Kaspersky--Fully functional security protection: seamless and transparent security system to build


Kaspersky's fully functional security shield aims to build a seamless and transparent security system for Internet Information:


1. In view of the various types of information security threats in the Internet environment, Kaspersky Lab takes the anti-malware program engine as the core, and based on technology integration, realizes the function platform of information security software. Core functions, such as system security, online security, content filtering and Anti-malware program, can realize unified, orderly and three-dimensional security defense on the platform of fully functional security software, but not the hash of different types and functions of products.


2. With strong background technical analysis capabilities and online transparent interactive mode support, Kaspersky fully functional security software 2009 can be in the user "informed and agreed (Awareness&approval)" In the case of online collection, analysis ( onlinerealtimecollecting&analysing) A sample of malicious programs, such as suspicious viruses and Trojans in the user's computer, and distributed to users by the global anti-virus database, which is updated 1 times per hour ( instantsolutiondistribution). To achieve the virus and Trojan and other malicious programs online collection, real-time analysis and solutions online distribution of "Kaspersky Security Network", that is, "cloud security" technology. Kaspersky Fully functional security software 2009 through the "Kaspersky Security Network", the "cloud security" technology is transparently applied to the vast number of computer users, so that the global Kaspersky users to form a super intelligent Security Defense Network, in the first time to new threats to produce immunity, to eliminate security threats. "Kaspersky Security Network" through the Kaspersky Lab long-term research and development and testing, with a high degree of stability and maturity. Therefore, we can take the lead in the full functional security software 2009 official version of the product directly to provide users with services.


3. Through the flat service system to achieve the user and technology backstage 0 distance docking. Kaspersky has the world's leading Malware program Sample center and malicious program analysis platform, updated anti-virus database every hour to protect the user's computer security defense capabilities and technology backstage 0 distance docking. In Kaspersky's fully functional security defense system, all users are active participants in Internet security and instant beneficiaries of security technology innovation.


McAfee push Cloud Security

McAfee,
's renowned security manufacturer, announces that it will launch a cloud-based security system Artemis. The system protects the computer from viruses, trojans, or other security threats.


McAfee's Avertlabs researchers say the system can shorten the time it will take to collect and detect malware and configure the entire solution.


with the development of the security system, this time has been reduced from the past few days to several hours, and now down to "a few milliseconds."


Avertlabs Security Research and communications director Davemarcus said: "The Artemis System manages a window in which all activities of the enterprise user are carried out, and the window will continue to analyze for malicious software." The purpose of Artemis is to minimize the time spent. "


traditional security systems use a threat-signature database to manage malware information, and as a cloud computing service, Artemis can react to threats before they are issued.


Marcus says Avertlabs researchers will find tens of thousands of new signature documents each week. If a user's computer is equipped with a Artemis system, if the computer is detected with a suspicious file, contact the McAfee server immediately to determine if the suspect file is malicious. In this way, McAfee can also use the data collected to provide a customized security solution for the enterprise.


experts say Artemis can provide real-time security protection. In the traditional security system based on signature, there is a time delay between the discovery of security threats and the adoption of protective measures.


IDC Security product research director Charleskolodgy says: "There is a shortage of traditional malware detection methods based on signature." As user behavior changes, security threats are also changing, malware detection technology in general does not maintain synchronized development. "


Rising "cloud security" plan white paper


"Cloud Security" (cloudsecurity) Program: The user and rising technology platform through the Internet closely linked to form a huge Trojan/malicious software monitoring, killing network, each "rising card 6.0" users are "cloud security" (cloudsecurity) Plan to contribute to the effort to share the safety gains of all other users.


"Rising card 6.0" "Automatic Online Diagnostics" module, is a "cloud security" (cloudsecurity) program, one of the core, whenever users start the computer, the module will automatically detect and extract the computer suspicious Trojan samples, and upload to rising "Trojan/malware Automatic Analysis System" ( Rsautomatedmalwareanalyzer, referred to as Rsama), the whole process takes only a few seconds. Then Rsama will analyze the results of feedback to users, killing Trojan virus, and through the "Rising Security Database" (Risingsecuritydatabase, referred to as RSSD), to share all other "rising card 6.0" users.


because this process all through the Internet and by the program automatic control, can maximize the user to Trojan Horse and virus prevention ability. Ideally, from a theft Trojan from the attack on a computer, to the entire "cloud security" (cloudsecurity) network for its immune, killing ability, only a few seconds.


"Cloud Security" (cloudsecurity) Program: Rising How to handle 100,000 new Trojan virus every day


rising how to analyze, deal with 8.1 million of new Trojan virus samples received every day? It is certainly not possible to solve this problem, "cloud security" (cloudsecurity) program is the core of rising "Trojan/malware Automatic Analysis System" ( Rsautomatedmalwareanalyzer, referred to as Rsama), the system can be a large number of virus samples of dynamic classification and common characteristics analysis. With the help of this system, the efficiency of the virus analysis engineer can be improved exponentially.


Although the Trojan virus samples collected every day have 8~10 million, but rising automatic analysis system can be based on Trojan virus variable population automatic classification, and the use of "Mutant virus family feature extraction technology" respectively, each variable population characteristics of the extraction. In this way, tens of thousands of trojans and viruses for automatic analysis and processing, the real need for real artificial analysis of the new Trojan virus samples only hundreds of.


jiangmin Build "cloud security" + "sandbox"


Large-scale feature library built in cloud is not enough to deal with the rapid growth of security threats, domestic and foreign antivirus manufacturers also need to be in the core anti-virus technology up and down, such as virtual machine, heuristic, sandbox, intelligent active defense and other unknown virus prevention technology need to strengthen and develop, Most anti-virus software itself also needs to strengthen the self-protection ability. The rapid growth of the virus, just the amount of change, and the reality of the huge loss, but is often a very small number of applications of new virus technology of the malignant virus.


"cloud security" must be based on "kernel-level self-protection" "sandbox" "virtual machine" and other core technologies to show the power, without these core technologies, anti-virus software in front of the virus may appear "helpless" embarrassment, the reality of many anti-virus software scan found the virus, but unable to clear, Even the virus shuts down the phenomenon everywhere. This is why jiangmin in the introduction of KV2009, the first emphasis is "sandbox" "kernel-level self-protection" "Intelligent Active Defense" "virtual machine" and other core technologies, and the "cloud security" anti-virus system behind the reasons. Antivirus and other industries, the first is the foundation to be strong enough, the foundation is not solid, the building of the height is not reliable.


"Sandbox" is a deeper system kernel-level technology, and "virtual machine" both in the technical principle or in the form are different, "the sandbox takes over the behavior of the virus calling the interface or function, and the rollback mechanism is implemented after the virus behavior is confirmed, and the" virtual machine "does not have a rollback recovery mechanism. After the virus is fired, the virtual opportunity is based on the behavior characteristics of the virus to determine a certain type of virus, and call the engine to clear the virus, there is an essential difference between the two. In fact, the KV2009, which has been applied to the new virus invasion, has already begun to play a powerful role. There are users in the shutdown jiangmin KV2009 anti-virus software real-time monitoring, only opened the "active defense with sandbox technology" mode, the results run "sweep wave" new virus, all the behavior of the virus was intercepted and erased, no chance to leave any traces in the system.


currently the most important problem facing anti-virus is the technical challenge of virus-killing software. Therefore, the current anti-virus priority is to further enhance the anti-virus core technology, in the premise of ensuring anti-virus technology, full use of "cloud security" anti-virus system fast response mechanism, to create a "cloud security" plus "sand box" double security guarantee system.