Antivirus in the Cloud: fad or future? writes Malcolm Tuck, UK Managing Director, Kaspersky Lab.
Although identified by Gartner as a top ten IT strategy for 2011, cloud technology has yet to realise its full potential in corporate IT departments – the promise of increased flexibility and scalability provided by the cloud is offset by ongoing concerns about the security of corporate data. So it is ironic that the cloud represents one of the most exciting and promising new channels for the development and use of anti-malware software.
A good fit for IT security
Cloud computing is an effective method for performing a number of IT security tasks associated with protecting users. First of all, cloud computing allows parallel data processing, i.e. it is ideal for tasks which can be divided into several parts and processed simultaneously, thus getting quicker results. This is crucial for current antivirus products.
In order to analyse a suspicious program it must be checked against lists of malicious and security software as quickly as possible. If this does not yield results, it must be compared to the signatures of known threats, its code must be scanned for dangerous instructions and its behaviour must be examined in an emulator.
All of this research can be performed in parallel. Some processes can even be divided into even smaller parts, for example, database searches. Cloud analysis has a great advantage over analysis performed on a local machine as it allows all of the required detection technologies to be used, having first distributed them between several computers for analysis, thus providing faster and more qualitative research.
Additionally, cloud data processing is ideal for reducing the load on a local machine. This task – reduction of resource usage – is important for antivirus developers.
Data processing using cloud services also contributes to the accumulation of extremely valuable information. This feature is also important in combating IT threats. The harvested information is necessary for the immediate neutralisation of all known threats, as well as for the detailed analysis of new malicious programs and the development of antivirus solutions.
There must be a continuous exchange of data between the cloud and the numerous local machines running security products. Local computers provide information about current threats which are analysed and neutralised using the cloud’s enhanced computing power, providing a continuous stream of information. Should a new threat appear on just one local machine, protection can be developed immediately and delivered to the other computers connected to the cloud. The bigger the cloud in terms of the number of local machines connected to it, the higher the security level.
Making the right antivirus decision
Antivirus products should incorporate all of the above-mentioned advantages of cloud computing: rapid, deep, parallel data processing, reduction of load on local computers and constant accumulation of valuable information about IT threats.
Information about malicious programs, spam, phishing resources and other threats, as well as safe programs, should be processed and accumulated in the cloud. This information allows antivirus solutions to provide full control over suspicious programs on users’ computers without impeding the operation of a user’s safe software. Suspicious programs should be checked against a list of malicious and trusted software. A scanning system based on digital imprints is a much faster method than signature-based scanning.
The use of information from the cloud, in addition to detection results from local machines, should minimise the number of false positives. The response time to new threats should then decrease because the cloud service immediately receives information about any newly emerging threats, analyses it quickly, develops the necessary protection tools and delivers them to users’ computers.
Many IT departments still approach the cloud with caution. By recognising the part it can play in an IT security strategy, they can benefit from highly effective parallel computing and instantaneous data exchange, and the subsequently enhanced quality of protection.
About Trusted Computing Group
It’s exhibiting at Infosecurity Europe 2011, the infosec industry event on April 19 to 21 at Earl’s Court, London. The event provides a free education programme, and exhibitors showcasing new and emerging technologies. For further information visit –
