Our enterprise is considering cloud-based antivirus. Do you think this could offer greater protection than regular antivirus, as it could be updated more constantly, or would the risks involved with moving the functionality to the cloud (i.e., possible loss of antivirus if the provider went down) outweigh the potential perks?
Yes, cloud-based antivirus can offer greater protection than traditional signature-based antivirus. And there are more benefits than simply speed of updates for some cloud antimalware software. One of the newest and most promising functionalities that has been introduced is collective or community intelligence: When one or more systems identifies a malicious executable, it's able to give feedback to the cloud antimalware provider, thus providing a wider surface area for rapidly detecting new malware. Traditional antimalware vendors have started to include this and other functionalities, such as behavioral detections, in their software on top of their signature detection to try to increase the speed of their updates.
There are, however, potential risks to using cloud-based antimalware, like downtime of the cloud provider, downtime on the local network, or general network problems. Downtime at the cloud provider is an issue of significantly greater concern than with traditional antimalware software that can operate without any additional infrastructure. Some cloud antimalware providers do offer options for offline protections, which can be used if there is downtime. The offline option would be important if the local network or ISP has a problem, causing the organization not to be able to reach the provider, or for users not regularly connected to the Internet. Other network issues like high latency or high packet loss may result in the cloud-based antimalware performing poorly, but this would affect all applications that need access outside the network, and offline protections could be used. These offline protections could include standard local antivirus and host-based security controls.
One other unique issue that could be exacerbated by using cloud-based antimalware software concerns false positives. Currently, an enterprise can test an updated virus definition prior to pushing it to its client systems, but performing this testing on malware definitions from a cloud antimalware product might not be possible. This is probably not an issue, except for the most cautious organizations, but it is something to be aware of when performing an enterprise antivirus comparison or considering a cloud-based antimalware system.
Related Q&A from Nick Lewis, Enterprise Threats
Chameleon malware targets insecure wireless access points. Enterprise threats expert Nick Lewis explains how to defend against the malware.continue reading
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.