Just a few weeks ago, Trend Micro CEO Eva Chen admitted the anti-virus industry is losing the war against hackers and authors of malicious code. The simple reason for this is that anti-virus vendors are struggling to keep up with the deluge of new malware variants that cyber-criminals release onto the Internet every month.
The traditional signature-based and newer behavioural-based approaches that most anti-virus suites use are simply not up to dealing with the challenges of a world where malware authors are using sophisticated techniques such as targeted attacks to breach their victim's security defences.
In addition, the constant security updates that anti-virus suites need to process to protect computers against new threats - and the exponentially growing malware variants of those threats - are a massive burden on corporate networks and desktops. And, becoming more commonplace, zero-day exploits manage to sneak past anti-virus solutions, even if users and administrators have diligently patched and updated their software.
Vendors have proposed a range of solutions to zero-day attacks and the sheer volume of malware variants, including options such as heuristic solutions (which look for transmission, structure, behaviour and content patterns associated with malicious code); and white-listing (only allowing only known, authorised applications to run on the computer). One of the latest ideas to come to the fore is security in the cloud - anti-virus solutions that offer the ability to scrutinise malware in the cloud.
Security vendors deliver software-like security services across the Internet from servers hosted in their data centres, often complemented by an anti-virus client at the endpoint. The approach is similar to the one that anti-spam vendors took, with great success, once the volume of junk mail on the Internet became too heavy for organisations to filter on their own networks. At the heart of the move towards security in the cloud is a shift away from client-based solutions towards a global network of threat intelligence that uses cloud-based technology to block Web-based threats before they reach the computer or the enterprise network.
Security in the cloud brings together Web, e-mail and file threat data using reputation technologies and continuously updated threat databases in the cloud to detect, analyse and protect customers from the latest threats.
Losing weight at the client side
Vendors have found themselves unable to effectively circulate up-to-date signature files to protect their customers at the same speed as malware authors are distributing them.
Dean Healy is Trend Micro's product manager, SecureData Security.
Over the past few years, vendors have found themselves unable to effectively circulate up-to-date signature files to protect their customers at the same speed as malware authors are distributing them. Also, with up to 5 000 new malware patterns emerging every day, downloading updates has become a major burden on corporate bandwidth and computer performance.
It makes sense to store most pattern files in an Internet cloud database and to keep them at a minimum on the endpoint. It's easier to keep security service in the cloud up to date with malware variants as they emerge, than it is to distribute new signature patterns to endpoints. While a cloud security solution may still have an agent on the client side, it could be up to 70% smaller than a traditional anti-virus client.
Another immediate benefit of in-the-cloud security is that it can correlate a range of data to detect new attacks, identify the root source of the attack and put efficient protective measures in place. This is critically important in a world of complex blended threats.
An attack might start with a spam e-mail that attracts a user to an infected Web site, where he or she is fooled into downloading bots or malicious payloads. Understanding and correlating all this activity at the endpoint is challenging, but a cloud security service can use algorithms and database information to interpret all this data effectively.
Ultimately, security defences should be built on overlapping systems that cover for each other even if one fails. Vendors that are pioneering security in the cloud understand that security in the cloud and security at the endpoint will complement each other.
That said, security in the cloud will be an essential part of any layered anti-malware solution in the future. Stopping malicious code in its tracks before it reaches the endpoint makes sense in a world where client-based solutions can't keep up with the malware authors.
* Dean Healy is Trend Micro's product manager at SecureData Security.
Share