Internet threat detection ‘in the cloud’
Stopping Internet attacks in real-time
Amir Lev, CTO, Commtouch
These days, IT managers are faced with many options of how and where to manage enterprise solutions: in-house, managed service or in the Internet ‘cloud.’ Internet security solutions are comprised of several components – primarily threat detection, threat blocking and provisioning/management tools. Of these various elements, one that can be managed most effectively in the cloud is threat detection.
‘In the cloud’ threat detection is the only technique capable of protecting networks from the massive, dynamic attacks that plague the Internet today. Locally-hosted detection that relies on manual updates of vendor-distributed signatures provides too little protection, too late. Only automatic detection that takes place in the Internet cloud can stop all types of attacks in real-time.
Threat detection that takes place in the Internet cloud can protect against all types of emerging threats in real-time. An ‘in the cloud’ detection network actively monitors and analyzes global Internet traffic to detect new outbreaks within moments of first appearance, long before any damage is done to end users. It observes botnets around the world in order to detect new outbreaks and protect subscribers from all types of malicious activity (spam, malware, DDOS, blended-threats) within moments. Cloud-based detection networks need to be automated, since the rapidity and vast quantity of threats would overwhelm any attempts at handling them manually. Since protection is instantaneous and automatic, ‘in the cloud’ detection can protect against today’s aggressive, dynamic threats and also save precious IT management resources.
Email threat detection must be ‘in the cloud’ to effectively protect against the massive spam, email-borne malware and blended-threat email outbreaks common today. In the age of large botnets of zombie PCs, malicious code and content is quickly mass-produced and distributed. A botnet can send a few billion malicious emails within just a few hours; the time it takes a traditional security vendor to develop and distribute a signature. The end result is, despite IT managers diligently updating new signatures, Internet security solutions with a locally-hosted threat detection component leave networks vulnerable during the most damaging first hours of an outbreak.
Web security must also be handled ‘in the cloud.’ The enormous size of the web traffic that must be classified necessitates that detection take place on the Internet itself, as there is no way enough local resources could be made available for such a tremendous amount of processing. Furthermore, there are numerous types of web threats – malware, spyware, adware, bots – to name just a few. Managing an in-house solution for each type of threat places an extraordinary burden on IT management resources.
Cloud-based threat detection does not dictate implementing a fully cloud-based or managed solution. Detection in the cloud can be one component of any in-house appliance, software gateway or managed service. IT managers that want to maintain in-house control and privacy of email can still manage security policies and threat quarantines locally. To avoid the complications and limitations of browsing via remote proxies, web browsing can also take place locally. Others may opt to handle both detection and administration ‘in the cloud’ through a managed service to reduce management overhead. Regardless of what solution is selected, the element of cloud-based detection provides dynamic real-time protection against email and web-based threats.
Visit Commtouch’s Web site for more information.