Our enterprise is considering cloud-based antivirus. Do you think this could offer greater protection than regular...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
antivirus, as it could be updated more constantly, or would the risks involved with moving the functionality to the cloud (i.e., possible loss of antivirus if the provider went down) outweigh the potential perks?
Yes, cloud-based antivirus can offer greater protection than traditional signature-based antivirus. And there are more benefits than simply speed of updates for some cloud antimalware software. One of the newest and most promising functionalities that has been introduced is collective or community intelligence: When one or more systems identifies a malicious executable, it's able to give feedback to the cloud antimalware provider, thus providing a wider surface area for rapidly detecting new malware. Traditional antimalware vendors have started to include this and other functionalities, such as behavioral detections, in their software on top of their signature detection to try to increase the speed of their updates.
There are, however, potential risks to using cloud-based antimalware, like downtime of the cloud provider, downtime on the local network, or general network problems. Downtime at the cloud provider is an issue of significantly greater concern than with traditional antimalware software that can operate without any additional infrastructure. Some cloud antimalware providers do offer options for offline protections, which can be used if there is downtime. The offline option would be important if the local network or ISP has a problem, causing the organization not to be able to reach the provider, or for users not regularly connected to the Internet. Other network issues like high latency or high packet loss may result in the cloud-based antimalware performing poorly, but this would affect all applications that need access outside the network, and offline protections could be used. These offline protections could include standard local antivirus and host-based security controls.
One other unique issue that could be exacerbated by using cloud-based antimalware software concerns false positives. Currently, an enterprise can test an updated virus definition prior to pushing it to its client systems, but performing this testing on malware definitions from a cloud antimalware product might not be possible. This is probably not an issue, except for the most cautious organizations, but it is something to be aware of when performing an enterprise antivirus comparison or considering a cloud-based antimalware system.
Dig Deeper on Secure SaaS: Cloud services and systems
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.