We’re continuing to ride the wave of IT transformation and marketing efforts around various cloud computing paradigms. Driven by the need to handle increasing malware volume and the opportunity to derive intelligence from a large user community, antivirus vendors have been incorporating some aspects of cloud-themed processing into their products.
Reminder: What is Cloud Antivirus?
I defined the notion of cloud antivirus in my earlier post on the topic:
Cloud anti-virus is anti-malware technology that uses lightweight agent software on the protected endpoint, while offloading the majority of data analysis to the provider’s infrastructure.
Instead of having to assess whether a file is malicious by performing analysis locally, the agent captures the relevant details from the endpoint and provides them to the cloud engine for processing. As the result, the broad community of the tool’s users benefit from the processed data collected from various subsets of the population.
While some products are designed to act as standalone cloud antivirus tools, the broader adoption of cloud capabilities has been driven by enhancements incorporated into existing antivirus or Internet security products.
Cloud Antivirus Capabilities Build Into Common AV Products
I spent some time exploring publicly-available information about common antivirus products to understand how the vendors describe and position their cloud capabilities. Here’s the gist of what I found, in case you want to dig deeper into this topic:
- AVG Protective Cloud Technology “uses multiple scanning engines and behavioral detection simultaneously to identify emerging and previously unknown threats. Once [it] identifies threats, solutions are developed and AVG clients around the world are updated in near real time.”
- ESET Cloud-powered Reputation engine scans “for malware faster and with enhanced detection while registering fewer false positives.”
- F-Secure Cloud “makes decisions on the reputation of files based on a wide range of criteria. As an example, prevalence—how common the file is in the online world—is now one of the key factors in the decision-making process through which malware is identified.”
- Kaspersky Security Network “combines the capabilities of continuous globally distributed monitoring of real-life threats, a centralized analysis of threats using Kaspersky Lab’s substantial expert and technology resources, and the immediate generation and distribution of protection measures.”
- McAfee Global Threat Intelligence “is a comprehensive, real-time, cloud-based threat intelligence service that enables McAfee products to protect customers against cyberthreats across all vectors—file, web, message, and network.”
- Panda Cloud Protection “leverages Panda Security’s proprietary Collective Intelligence technology, which operates in the cloud harnessing the experience of Panda’s user community providing immediate protection against new malware in those first, most damaging hours and minimizing performance hit on local PCs.”
- Sophos Live Protection “gives you a direct connection to the very latest information we have about new threats. Using our global intelligence network, we can spot new threats quickly and make sure your users are protected—immediately.
- Symantec Insight “can identify how common or rare a file is, how old it is, its security rating, and how it might be associated with malware. Through context, Insight can identify new or rapidly mutating threats as well as rare but tightly targeted attacks.”
- Tend Micro OfficeScan in-the-cloud scanning technology is used “to make the scanning process more efficient. The technology works by offloading a large number of antimalware signatures previously stored on the local computer to a scan server hosted in-the-cloud.”
The excerpts above that outline how antivirus vendors describe their cloud capabilities are taken mostly from marketing documents. If you have pointers to more technical descriptions of these mechanisms, please leave a comment.