Keep your head in the cloud

The war against malware is being fought in the cloud

Most of the malware that threatens businesses comes from the internet, so it makes sense to fight it there.

And while hackers were quick to exploit the web as its popularity began to boom during the 1990s, so were the people who sought to curtail such activities. Anti-virus vendors came first. Back then their software was the principal way of fighting malware.

Such vendors were not really dealing with malware in the “cloud” ­ the latest industry term for internet services ­ but were instead just using the internet as a way of updating their customers’ computers with new threat definitions as rapidly as possible.

Spam was endemic, and new ideas were needed by the late 1990s. Jos and Ben White founded MessageLabs in the UK and Scott Petry founded Postini in the US.
Both companies worked on the same idea ­- destroy spam in the cloud, before it has a chance to get anywhere near users.

The approach allowed new tactics to be used. Rather than going through the time-consuming process of identifying every new spam message and creating a signature for comparison, the approach allowed rogue IP addresses to be identified.

Vendors could block and blacklist a particular address that was seen to be the source of spam emails, something that is harder to do if anti-spam software is installed on each customer’s own premises.

Both companies ­- MessageLabs and Postini ­- had their imitators. And both have diversified their approach to help fight another major threat, web-borne malware. Such a strategy meant the vendors have had to overcome another problem which is not really apparent with email ­latency.

People receiving an email will not be affected by a few seconds’ delay, as the post is run through a spam filter, making little difference.

But with the internet, latency can have a significant effect. Users clicking on a web link will find a delay of a few seconds annoying.

Such difference means the early history of filtering web content is not the same as the approach that has been developed for email spam ­- and often relies on in-house provision.

The market leaders in filtering web content, Websense and Secure Computing, often sell their software through partners.

That is not to say that providing web defences in the cloud is not possible. Postini‘s web security service is based on a system from a partner called ScanSafe, and processes close to 10 billon web requests in the cloud every month.

Despite the fact that many IT managers still like to keep components of online defences in-house for reasons of manageability and performance, in reality the war against malware is being fought and won largely in the cloud.

As a result, many IT security vendors are turning towards a hybrid approach. Take Trend Micro’s recent “client-cloud” initiative, where the firm’s Smart Protection Network -­ a primarily in-the-cloud service ­ could be replicated in-house using two new virtual appliances.

You are not short of choices when searching for the anti-malware approach that best suits your business.

Bob Tarzey is service director at Quocirca