Anti-Virus going to the Clouds

Cloud computing is a type of computing where the resources are provided as a service over the Internet. One example that I’m sure you’ve used is mapquest or Google maps. There are services that offer Office type products over the Internet. So, how will cloud computing be used for security and anti-virus. Many of the lead vendors have anti-virus products using the Cloud on the market now.

Currently security products run locally on your PC. They consume resources and are not always as up-to-date as they should be. Even the vendors have a difficult time staying on top of all the latest potential threats. Anti-virus programs developed in the SaaS (Software-as-a-service) model take the burden off of home users and small to mid size companies. These companies probably aren’t paying for a high end security solution and don’t have the resources to dedicate to data security.

Most lead vendors have released or are developing the next generation of security using the cloud-client content security infrastructure. The client is a light weight client, beneficial for your local pc’s. Trend micro has a product called “Smart protection network”. They use several statistics to help determine the condition of the files. Some of there tests use web reputation scores, email reputation and file reputation scores. The file will be blocked in the cloud if the reputation scores are at a high level. Ex. Incoming email can be tested based on the senders IP address, if they are on the suspect list then your email will be blocked in the cloud. This is determined through behavioral activity software running in the cloud.

CloudAV, developed at the University of Michigan during 2008 uses the concept of running multiple search and behavioral engines. Each engine is run on a virtual system, thus resolving the issue of multiple antivirus engines running on the same system.
CloudAV also uses cache analysis. This can increase processing and access time because once a file has been scanned it won’t need to be scanned again. The history of each file scan is saved and as new viruses are discovered, a retro scan is run. So, a file may have a virus that the anti virus vendors haven’t discovered yet. In this case, it will be caught when the vendor discovers the file and a retro scan is run.

Some of the benefits for cloud antivirus protection are: The signature files will be as up to date as possible, use of multiple search engines and less local resources used.

The disadvantages of using a model like this are: you need a strong Internet connection, there may be a lot of data transferred and do you want your files moved to the Cloud? While the engines will use a hashing mechanism(won’t have to transfer the whole file) for scanning, the fall back when there is a detection will probably be to transfer the whole file.

I think the biggest question is do you want your files out on the cloud? Fundamental question that you need to answer for yourself or your business.