Our enterprise is considering cloud-based antivirus. Do you think this could offer greater protection than regular...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
antivirus, as it could be updated more constantly, or would the risks involved with moving the functionality to the cloud (i.e., possible loss of antivirus if the provider went down) outweigh the potential perks?
Yes, cloud-based antivirus can offer greater protection than traditional signature-based antivirus. And there are more benefits than simply speed of updates for some cloud antimalware software. One of the newest and most promising functionalities that has been introduced is collective or community intelligence: When one or more systems identifies a malicious executable, it's able to give feedback to the cloud antimalware provider, thus providing a wider surface area for rapidly detecting new malware. Traditional antimalware vendors have started to include this and other functionalities, such as behavioral detections, in their software on top of their signature detection to try to increase the speed of their updates.
There are, however, potential risks to using cloud-based antimalware, like downtime of the cloud provider, downtime on the local network, or general network problems. Downtime at the cloud provider is an issue of significantly greater concern than with traditional antimalware software that can operate without any additional infrastructure. Some cloud antimalware providers do offer options for offline protections, which can be used if there is downtime. The offline option would be important if the local network or ISP has a problem, causing the organization not to be able to reach the provider, or for users not regularly connected to the Internet. Other network issues like high latency or high packet loss may result in the cloud-based antimalware performing poorly, but this would affect all applications that need access outside the network, and offline protections could be used. These offline protections could include standard local antivirus and host-based security controls.
One other unique issue that could be exacerbated by using cloud-based antimalware software concerns false positives. Currently, an enterprise can test an updated virus definition prior to pushing it to its client systems, but performing this testing on malware definitions from a cloud antimalware product might not be possible. This is probably not an issue, except for the most cautious organizations, but it is something to be aware of when performing an enterprise antivirus comparison or considering a cloud-based antimalware system.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.