Step-by-Step: Antivirus software into the cloud security

Let's take a look at a manufacturer's explanation of cloud security, cloud security fuses the new technologies and concepts such as parallel processing, grid computing, unknown virus behavior judgment and so on, through the network of a large number of clients to monitor the behavior of the software in the Internet, get the latest information of Trojan and malicious programs, push to the server for automatic analysis and processing, Then distribute the virus and Trojan solution to each client. In short, the application of cloud security technology, identification and killing virus no longer rely on the local hard disk only virus library, but rely on a large network services, real-time collection, analysis and processing. The entire internet is a huge "anti-virus software", the more participants, the more secure each participant, the entire Internet will be more secure.

The cloud of the trend

What are the improvements to cloud Security 2.0? Cloud security to antivirus software industry impact? Future anti-virus software will not be able to handle the growing number of malicious code, from the Internet threat has shifted from the virus to Trojans and malicious code, which means that anti-virus software only to establish a sample of local virus library is completely inadequate, which requires network services, Collect, analyze and process in real time. The entire internet is a huge "anti-virus software", the more participants, the more secure each participant, the entire Internet will be more secure.

We see that cloud security has been able to implement the "Gateway-terminal" part of the virus defense, guarding the gateway means to hold the threat from the Internet 70%-80%, but there are still 20% of the threat is through other channels into the corporate network, including terminals. In addition, because the terminal facing the network is the enterprise employees, and the enterprise staff security awareness of the mixed and security management is imperfect, resulting in the enterprise's network security is still under threat.

Therefore, solving the security problems of the terminal network environment becomes extremely important. Cloud Security 2.0 is to achieve the terminal security Defense, its file reputation technology relies on a huge cloud threat database, users to access the file before the credibility of the file to prevent malicious file download access. It is reported that Cloud Security 2.0 has 34000 servers composed of clouds, can be completed in milliseconds query, to help enterprises achieve 0 jet lag virus code update, 0 time virus code deployment, 0 growth resources occupy three "0" Protection!

To build a cloud security system, and make it normal operation, need to solve four major problems: first, the need for a large number of clients (cloud security probes); second, the need for professional anti-virus technology and experience; third, it requires a lot of financial and technical input; four, it can be an open system that allows partners to join ( Without involving the user's privacy or consent of the user.

This means that the anti-virus software industry will accelerate the integration, and the emergence of strong and strong situation, similar to the trend of technology such a global user group antivirus software companies will have more sensitive perception, faster response speed. Its strong technical strength and financial strength, you can guarantee the strength to build and run a powerful server.

In addition, the trend technology to provide network security services to a number of large enterprises around the world, including the country's largest bank analysis agencies, the world's largest manufacturers of notebook hinge and China's important government departments, such partners are also reflected in the trend of technology cloud Security 2.0 of the full trust of defense capabilities.

Rising cloud

After a year of smooth operation, cloud security system to the security industry's promotion is obvious:

First, in the Yunan system-wide support, the rising engineer analysis of its data trends, can accurately predict the Internet security big events. After the trend analysis of the data, rising experts can accurately understand the user infected with which Trojan virus, which hang horse site attacks, just as people through the analysis of satellite cloud forecast weather, the Internet security threat to make accurate estimates.

Second, through the cloud security system data analysis, rising experts can make the maximum of anti-virus software optimization, so that its ability to kill more powerful, less consumption of resources. After analyzing the virus trends of system data, hanging horse website behavior, rising engineers can be for a lot of similar viruses to make "general killing code", sometimes an optimized virus code can kill hundreds of thousands of similar Trojan virus, so not only can greatly reduce the volume of the virus, so that anti-virus software running faster, can also be killing many unknown new viruses. Since the implementation of the cloud security plan, rising anti-virus software virus database volume has been reduced by more than 60%.

Third, because the use of the "Server + client" logic structure, rising anti-virus software has become lighter, fewer manslaughter. Similar to Google Docs's thinking, rising anti-virus software many features are put into the "cloud security" of the server, such as the virtual machine status of the virus analysis, the traditional anti-virus software will be put to the client to achieve, but will consume a lot of resources, so that the machine runs slowly, and easy manslaughter, false positives. And put on the server side, antivirus software as long as the connection to the server can obtain the results of analysis, do not consume any resources, and will never manslaughter.

Rising cloud security at the beginning of the establishment, regardless of the user, the media or industry, for the role can play a skeptical attitude, some use different technical ideas of peer manufacturers have a lot of controversy. But the results of the first anniversary of the smooth running of the cloud security system show that it not only promotes the whole industry to intercept and handle the process of horse-hanging websites and virus samples, but also makes the anti-virus software itself have a great improvement, killing ability is stronger, running more smoothly.

What other benefits can cloud security bring us? First of all, rising full-featured security software 2009 has been implemented through the local client analysis to collect suspicious files and automatically reported to the Cloud Security Analysis Center, after the analysis center of the Automated analysis system to determine feedback to the client to deal with the technical process. The advantage is that you can not need to maintain a large number of virus library at the client, only need to do a short connection with the cloud can determine the attributes of the file, greatly reducing the burden on the client, but also solve the increasing virus library on the normal client pressure problem. The optimization of the virus database, and the design of the cloud Security network, make the rising full function security software 2009 in the virus library volume is less, while the killing effect is increased by 35%.

Kill soft Cloud Technology core

Cloud Security provides us with a broad view of the seemingly simple content, which lacks seven core elements:

1. Web Reputation Service

With a fully reputable database, cloud security can be used to track the credibility of web pages by assigning credit scores based on factors such as site pages, historical location changes, and suspicious activity indicators found in malware behavior analysis. The technology will then continue to scan the site and prevent users from accessing the infected Web site. To improve accuracy and reduce false positives, security vendors also assign a credit score to a particular page or link in a Web site, rather than categorizing or intercepting the entire site, since only a portion of the legitimate site is attacked, and the reputation can change over time.

By the comparison of the credit score, you can know the potential risk level of a website. When a user accesses a site that is potentially risky, it can be alerted or blocked in a timely manner to help users quickly identify the security of the target site. With Web reputation services, you can guard against the source of malicious programs. Since the 0 attack is based on the credibility of the site rather than the real content, so can effectively prevent the initial download of malware, users access to the network before access to protection capabilities.

2. e-mail reputation service

The e-mail reputation service checks the IP address against the reputable database of known spam sources and validates the IP address with dynamic services that can evaluate the reputation of the sender of an e-mail message in real time. The credit score is refined by continuous analysis of the IP address's "behavior", "Scope of activity", and previous history. By the sender's IP address, malicious e-mail is intercepted in the cloud, preventing web threats such as zombies or botnets from reaching the network or user's computer.

3. Document Reputation Service

File reputation Service technology, which checks the credibility of each file located at an endpoint, server, or gateway. The check is based on a list of known benign files and a list of known malicious files, which are now called antivirus signatures. A high-performance content distribution network and a local buffer server will ensure that latency is minimized during the inspection process. Because malicious information is stored in the cloud, it is possible to reach all users on the network immediately. Furthermore, this approach reduces endpoint memory and system consumption compared to traditional antivirus signature file downloads that occupy the endpoint space.

4. Behavioral Correlation Analysis Technology

The "Relevance Technology" of behavioral analysis can be used to link the threat activities to determine whether they belong to malicious behavior. A single activity on the Web threat does not seem to hurt, but if you do multiple activities at the same time, it can lead to malicious results. It is therefore necessary to determine whether there is a real threat in terms of heuristics, and to examine potential threats to the interrelationships between different components. By associating different parts of the threat and constantly updating its threat database, you can respond in real time, providing timely and automatic protection for e-mail and web threats.

5. Automatic feedback mechanism

Another important component of cloud security is the automatic feedback mechanism that enables continuous communication between the threat Research center and the technician in a bidirectional update stream. Identify new types of threats by examining the routing reputation of individual customers. For example, the global automatic feedback mechanism of trend science and technology is similar to the "Neighbourhood supervision" approach adopted by many communities now, and the realization of real-time detection and timely "common intelligence" protection will help to establish a comprehensive and up-to-date threat index. Each new threat found by a single customer's regular credit check automatically updates trend technology's global threat database, preventing future customers from encountering a threat that has been identified.

Because the threat data will be collected according to the credibility of the communication source rather than the specific communication content, there is no problem of latency, and the privacy of the customer's personal or business information is protected.

6. Summary of threat information

Security companies use a variety of technologies and data collection methods-including "honeypot", web crawlers, customer and partner content submissions, feedback loops. Threat data is analyzed through malware databases, services, and support centers in cloud security. 7x24 24x7 threat monitoring and attack defenses to detect, prevent, and purge attacks.

7. White List Technology

As a core technology, whitelist and blacklist (virus signature technology is actually using the blacklist technology ideas) is not much different, the difference is only in scale. Avtest.org's recent malicious samples (bad files, poor file) include about 12 million different samples. Even if the number has recently increased significantly, the number of bad files is still less than good files. The commercial white list has a sample of over 100 million, and some people expect the figure to be as high as 500 million. So it's a huge job to keep track of all the good documents that are present globally, and it may not be done by a single company.

As a core technology, the white list is now mainly used to reduce false positives. For example, there may be an actual, malicious signature in the blacklist. Therefore, the antivirus feature database will be regularly checked against the internal or commercial whitelist, and trend technology and pandas are currently performing this work regularly.

PostScript：

In fact, it is simple to say, cloud security is from the traditional stand-alone detoxification into the network of active anti-virus. Antivirus software using the Internet strong network support, through the Internet real-time monitoring of the user's host, in the user will visit the harmful Web page before reminding users to prevent in the first. Instead of being attacked like traditional software, it is a response. This not only greatly reduces the user's probability of poisoning, but also reduces the software in this area of the host resources occupied.

In addition, through the server and user terminals formed by the huge network cloud, the response speed on the event will be very fast. For example, it's like if everyone uses "cloud" safe anti-virus software. At this time, someone made a "Black cat incense" virus, so long as a user poisoned, other users of anti-virus software will receive this information immediately through the network and to make corresponding defensive response. In this way, there will be no large-scale poisoning incidents.