Our enterprise is considering cloud-based antivirus. Do you think this could offer greater protection than regular...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
antivirus, as it could be updated more constantly, or would the risks involved with moving the functionality to the cloud (i.e., possible loss of antivirus if the provider went down) outweigh the potential perks?
Yes, cloud-based antivirus can offer greater protection than traditional signature-based antivirus. And there are more benefits than simply speed of updates for some cloud antimalware software. One of the newest and most promising functionalities that has been introduced is collective or community intelligence: When one or more systems identifies a malicious executable, it's able to give feedback to the cloud antimalware provider, thus providing a wider surface area for rapidly detecting new malware. Traditional antimalware vendors have started to include this and other functionalities, such as behavioral detections, in their software on top of their signature detection to try to increase the speed of their updates.
There are, however, potential risks to using cloud-based antimalware, like downtime of the cloud provider, downtime on the local network, or general network problems. Downtime at the cloud provider is an issue of significantly greater concern than with traditional antimalware software that can operate without any additional infrastructure. Some cloud antimalware providers do offer options for offline protections, which can be used if there is downtime. The offline option would be important if the local network or ISP has a problem, causing the organization not to be able to reach the provider, or for users not regularly connected to the Internet. Other network issues like high latency or high packet loss may result in the cloud-based antimalware performing poorly, but this would affect all applications that need access outside the network, and offline protections could be used. These offline protections could include standard local antivirus and host-based security controls.
One other unique issue that could be exacerbated by using cloud-based antimalware software concerns false positives. Currently, an enterprise can test an updated virus definition prior to pushing it to its client systems, but performing this testing on malware definitions from a cloud antimalware product might not be possible. This is probably not an issue, except for the most cautious organizations, but it is something to be aware of when performing an enterprise antivirus comparison or considering a cloud-based antimalware system.
Dig Deeper on Secure SaaS: Cloud services and systems
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.