How Antivirus Vendors Describe Their Cloud Capabilities

Cloud antivirus uses lightweight endpoint agents that send file details to provider infrastructure for analysis, allowing the broader user community to benefit from processed data. Major vendors including AVG, ESET, Kaspersky, McAfee, Panda, Sophos, and Symantec have incorporated such capabilities into their products.

We’re continuing to ride the wave of IT transformation and marketing efforts around various cloud computing paradigms. Driven by the need to handle increasing malware volume and the opportunity to derive intelligence from a large user community, antivirus vendors have been incorporating some aspects of cloud-themed processing into their products.

Reminder: What is Cloud Antivirus?

I defined the notion of cloud antivirus in my earlier post on the topic:

Cloud anti-virus is anti-malware technology that uses lightweight agent software on the protected endpoint, while offloading the majority of data analysis to the provider’s infrastructure.

Instead of having to assess whether a file is malicious by performing analysis locally, the agent captures the relevant details from the endpoint and provides them to the cloud engine for processing. As the result, the broad community of the tool’s users benefit from the processed data collected from various subsets of the population.

While some products are designed to act as standalone cloud antivirus tools, the broader adoption of cloud capabilities has been driven by enhancements incorporated into existing antivirus or Internet security products.

Cloud Antivirus Capabilities Build Into Common AV Products

I spent some time exploring publicly-available information about common antivirus products to understand how the vendors describe and position their cloud capabilities. Here’s the gist of what I found, in case you want to dig deeper into this topic:

AVG Protective Cloud Technology “uses multiple scanning engines and behavioral detection simultaneously to identify emerging and previously unknown threats. Once [it] identifies threats, solutions are developed and AVG clients around the world are updated in near real time.”

ESET Cloud-powered Reputation engine scans “for malware faster and with enhanced detection while registering fewer false positives.”

F-Secure Cloud “makes decisions on the reputation of files based on a wide range of criteria. As an example, prevalence—how common the file is in the online world—is now one of the key factors in the decision-making process through which malware is identified.”

Kaspersky Security Network “combines the capabilities of continuous globally distributed monitoring of real-life threats, a centralized analysis of threats using Kaspersky Lab’s substantial expert and technology resources, and the immediate generation and distribution of protection measures.”

McAfee Global Threat Intelligence “is a comprehensive, real-time, cloud-based threat intelligence service that enables McAfee products to protect customers against cyberthreats across all vectors—file, web, message, and network.”

Panda Cloud Protection “leverages Panda Security’s proprietary Collective Intelligence technology, which operates in the cloud harnessing the experience of Panda’s user community providing immediate protection against new malware in those first, most damaging hours and minimizing performance hit on local PCs.”

Sophos Live Protection “gives you a direct connection to the very latest information we have about new threats. Using our global intelligence network, we can spot new threats quickly and make sure your users are protected—immediately.

Symantec Insight “can identify how common or rare a file is, how old it is, its security rating, and how it might be associated with malware. Through context, Insight can identify new or rapidly mutating threats as well as rare but tightly targeted attacks.”

Tend Micro OfficeScan in-the-cloud scanning technology is used “to make the scanning process more efficient. The technology works by offloading a large number of antimalware signatures previously stored on the local computer to a scan server hosted in-the-cloud.”

The excerpts above that outline how antivirus vendors describe their cloud capabilities are taken mostly from marketing documents. If you have pointers to more technical descriptions of these mechanisms, please leave a comment.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. As CISO at Axonius, he leads the security and IT program, focusing on trust and growth. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →