A View from Robert Lemos
Antivirus Firms Look to Solidify Cloud Model
Cloud or not? Antivirus companies look for faster ways to detect malicious code, but are foggy on the exact definition of a cloud service.
In the search for better, faster antivirus detection, many companies are pursuing a “cloud” approach to the problem of identifying viruses and other malicious software. Yet, while most vendors agree that moving the analysis–or intelligence–of the product from the user’s computer to Internet-connected servers at a company’s facility–the “cloud”–is the essence of a cloud service, they disagree to what extent security firms have moved to the cloud.
“On the surface, it is hard to differentiate because people can use the term ‘cloud’ really frivolously,” says Oliver Friedrichs, CEO of startup Immunet. “When we talk about cloud, we are talking about fairly advanced cloud infrastructure and a real-time capability to look up applications to see if they are malicious.”
With Immunet entering the market last month, the competition is heating up. But even the definition of the market is up in the air.
In April, McAfee heralded its Artemis Technology, a service for automating analysis of viruses and other malware, as an effective way to improve antivirus. Later that month, Panda Security claimed to have the first free cloud antivirus solution–a claim that security firm Prevx lambasted a day later, labeling Panda’s product “bloatware with a fancy name.”
“If we weren’t the first, we believe we were one of the pioneers of having the agent watch for malicious behavior and activity and feed it back to our servers,” Prevx CEO Mel Morris says.
Morris argues that being a cloud service is not necessarily a binary proposition. Companies’ products can adopt more cloudlike behavior. Immunet’s service, for example, is not even mostly cloud, Morris argues.
“It does feed back to a centralized database, so I think it has attributes of cloud,” Morris says of Immunet’s product. “You could say it is 70 percent [traditional] AV and 30 percent cloud. While Panda is 30 percent [traditional] AV and 70 percent cloud.”
Yet the services have the same overall goal: to make analysis faster and push the results to users more quickly. McAfee’s cloud technology is an offshoot from its quest to create a better automated analysis engine. Its Artemis Technology automatically analyzes up to 95 percent of all potential threats seen by McAfee’s users. Panda’s Collective Intelligence system crunches through some 37,000 potential threats every day, handling 99 percent of the work in classifying programs.
And while many services may not be completely cloudlike, especially to their competitors, most antivirus companies appear to be including at least the ability to get instant updates from online servers.
“What the antivirus industry is shifting toward is a data-mining problem more than an analysis problem,” Immunet’s Friedrichs says. “There are so many threats today that an analyst cannot analyze them all, so we are using data-mining techniques to find the needles in the haystack.”