August 26, 2011
Hybrids Are Cool. Hybrids Are Awesome. But What about Hybrid Protection?
There’s been a lot talk for quite a while now surrounding how cloud technologies can help increase protection against malware. One tendency is to fall into the trap of considering the cloud as a silver bullet that can effectively solve all security related issues at once.
I agree that cloud-based protection certainly brings many advantages – both to end users and security vendors. Yes, it permits us to detect new threats much faster and deliver necessary updates to users. However, I don’t share the euphoria that is promoting this approach as a self-sufficient technique capable of tackling security threats by itself.
Protection needs to be multi-layered, with each layer complimenting the others, contributing to the overall security level and shielding computers in any environment – and in a well-balanced manner so as to maintain top computer performance.
There are three main issues that significantly limit the scope of cloud protection being used on its own.
First, availability. Cloud protection only works when a computer is online. Once it goes offline it stays vulnerable to a variety of local threats. For example, USB flash drives can easily infect a PC with self-installing malware. Malware can also be present on CDs and DVDs, or be transferred from other computers when synchronizing or exchanging data.
Second, the nature of cloud security itself. Let’s talk plainly here: we cannot be 100% sure that the cloud itself is fully immune to attacks. In fact, the recent incident with the Sony Playstation Network (details here, here and here) demonstrates just the opposite – that the cloud is becoming a main target for hackers. Without endpoint protection, a single cloud break-in can immediately bring down computer protection in its entirety with no alternative solution for staying secure. Importantly, depending on how the cloud interacts with endpoints, a break-in may allow hackers to seize control over them. And last but not least, a lack of strong endpoint protection means a lack of self-defense, which can lead to malware easily blocking access to the cloud.
Third, the protection, detection and elimination of rootkits and polymorphic and other highly sophisticated malware are either extremely difficult or impossible with cloud protection on its own. A strong endpoint solution is still required – one featuring deep integration with the operating system.
Let me state it again: I like the cloud idea, but I disagree with the idea of relying on cloud protection on its own.
Users need a combination of a cloud-based and a stand-alone endpoint approach to ensure maximum protection – regardless of the presence of an Internet connection. I doubt this combination will be replaced by purely cloud-based protection in the foreseeable future. And even if we ever do reach 100% global Internet coverage – and, by extension – possibly 100% cloud-based protection coverage – localized security concerns will of course persist, as will the sophisticated malware mentioned as the third issue above, which need to be tackled with strong endpoint solutions.
This is exactly what our Hybrid Protection does. It’s the best of both worlds.
This is why hybrids are cool and awesome:
And I’m happy to report that Hybrid Protection will be powering the next release of our enterprise solutions, to be announced in October.