The ideal approach, according to F-Secure chief technology officer Pirkka Palomäki, is to combine the best features of locally running systems with security services running in the cloud.
Users are now connecting to the internet from a growing number of devices, and the online threat landscape has evolved over recent years with money, rather than reputation, as the driving factor.
Palomäki identified three phases in the threat landscape. The first was the older mass-produced viruses, which could be defended against through signature-based detection.
The next phase involved more customised viruses, which used technologies such as rootkits to avoid detection. Again, methods have been developed to counter these, including faster responses as well as proactive and heuristic technologies.
The current phase sees not just a greater abundance of malicious software, but increasingly individualised attacks. F-Secure believes that enhanced proactive technology, combined with real-time protection delivered from the cloud, is the most effective way to deal with this threat.
"In the last 12 months we have discovered as many new individual malware cases as seen in the entire history preceding it, highlighting the massive growth of the problem," said Palomäki.
"At the current rate of acceleration there will be around 16 million new pieces of malware by 2013, far too many for today's client-based technologies to handle as signature databases would become too large, scanners would run too slowly and the program would not be able to update often enough to offer robust protection."
Palomäki believes that this deluge can be managed more effectively by using a hybrid of locally-based protection and hosted services. The system would work by running real-time look-ups on new files and applications, allowing them to be compared to databases of black and white lists.
"Our real-time protection network is based on in-the-cloud computing. It has been designed to support a wider range of security services than just antivirus, and F-Secure is now further enhancing many of its services to use the power of cloud computing," he explained.
As well as providing a wider breadth of protection, and reducing the number of unknowns, this approach can help protect against zero-hour threats as the platform is protected in real time for all customers.
This also means that more aggressive heuristics can be employed, as the number of potential false positives is greatly reduced.
When offline the system acts as a more traditional security application, but the number of potential attack vectors are reduced as well.
F-Secure also intends to use this combined platform to extend its service offerings. The company already offers online backup, but is working on services such as more granular security information.
"Looking towards the future, F-Secure's real-time protection network has the architecture and potential for checking the reputation of any objects, such as applications, sites, documents or even phone numbers. It provides more nuanced information, for example whether an application is 'productive' or 'violent'," concluded Palomäki.
F-Secure touts cloud-based security
By Ian Williams on Nov 14, 2008 6:34AM