Chinasec (Anyuan) desktop cloud data security solution effectively solves the security risks in the process of information storage, transmission and use in a virtualized environment.
Through the data encryption function of desktop virtual mirror, the hidden trouble of administrator's priority access right and virtual machine escape caused by centralized storage of cloud data is solved, and the privacy data of desktop cloud users is prevented from leaking. ? Two-factor cloud terminal authentication combined with PKI technology can avoid the risk of cloud terminal identity authentication and improve the security of remote use of cloud terminal. ? The division of security domain based on cloud terminals has abolished the traditional mechanism that PC terminals rely on physical ports to divide virtual security domain, which conforms to the characteristics of cross-regional use of cloud terminals and strengthens the security control of data transmission between cloud terminals. ? The automatic encryption function of data dynamic boundary realizes the controllable interaction between various departments in the cloud, and prevents cloud terminal data from being leaked through mail, web pages or instant messaging tools.
What are the features of the program? The risk of unified storage is shared by encryption. Encrypt the user's virtual disk space or real data storage space in the background, and realize the control of unauthorized users accessing disk space and administrators illegally accessing virtual machine storage space. ? Aiming at the data security of desktop cloud thin terminal, the outgoing channel is completely eliminated, which can effectively control the use of network communication channels such as e-mail and instant chat tools by end users and avoid data leakage. At the same time, it can also audit the outgoing data of end users, which can be traced back afterwards. ? Chinasec encrypts the packets encapsulated by the network card from the transmission control of the network layer, so that the cloud desktops with the same key in the same group can be transparently decrypted. In this way, the virtual terminal can be isolated in the desktop cloud environment, and the virtual security domain can be divided by software. ? On the unified platform, IT can support the collaborative management of ordinary PC terminals, cloud desktop and virtualization terminals, mobile intelligent terminals and Internet of Things terminals, and can effectively cope with the rapid changes and expansion of enterprise IT architecture, and build a data security system with collaborative linkage of all IT architectures. Kingsoft Internet Security "cloud security" is the whole network defense security architecture to solve the severe security situation of the Internet after the commercialization of Trojans. It includes three levels: smart client, cluster server and open platform. "Cloud security" is an enhancement and supplement to the existing anti-virus technology, and the ultimate goal is to make users in the Internet era get faster and more comprehensive security protection.
The first is a stable and efficient smart client, which can be an independent security product or a security component integrated with other products, such as Kingsoft Internet Security 20 12, Baidu Security Center, etc., providing basic functions of sample collection and threat handling for the whole cloud security system. Kingsoft Internet Security 20 1 1, launched by Kingsoft Internet Security 20 10, changed the bloated software volume before, greatly reduced the resource occupation and made the user experience leap forward.
Secondly, with the support of the server, it includes distributed mass data storage center, professional security analysis service and security trend intelligent analysis and mining technology, and cooperates with the client to provide users with cloud security services;
Finally, cloud security is based on an open security service platform, which provides platform support for third-party security partners to fight viruses. Kingsoft Internet Security not only provides security services for users of third-party security partners, but also establishes a network-wide defense system through cooperation with third-party security partners. Let every user participate in the whole network defense system, and he will not be alone when he encounters a virus.
1. A mercury platform supporting mass sample storage and calculation
2. Internet trusted authentication service
3. Crawler System Trend Micro Security Cloud 6 Killer:
1.Web reputation service
With the help of one of the largest domain reputation databases in the world, Trend Micro's Web reputation service assigns reputation scores according to factors such as website pages, historical location changes and suspicious activity signs found by malware behavior analysis, so as to track the credibility of web pages. The technology will then continue to scan websites and prevent users from accessing infected websites. In order to improve the accuracy and reduce the false positive rate, Trend Micro Web Reputation Service will assign a reputation score to a specific page or link of a website, instead of classifying or blocking the whole website, because usually only some legitimate websites will be attacked, and the reputation will change over time.
By comparing the reputation scores, we can know the potential risk level of a website. When users visit websites with potential risks, they can be reminded or blocked by the system in time, thus helping users to quickly confirm the security of the target website. Web reputation services can block the source of malicious programs. Because the prevention of zero-day attacks is based on the credibility of the website rather than the real content, it can effectively prevent the initial download of malicious software, and users can gain protection ability before accessing the network.
2. Email reputation service
Trend Micro's email reputation service checks the IP address against the reputation database of known spam sources, and verifies the IP address with a dynamic service that can evaluate the reputation of email senders in real time. Improve the reputation score by continuously analyzing the "behavior", "activity range" and previous history of IP addresses. According to the IP address of the sender, malicious emails are intercepted in the cloud, thus preventing web threats such as bots or botnets from reaching the network or users' computers.
3. Document reputation service
Trend Micro Smart Protection will include file reputation service technology, which can check the reputation of every file located at an endpoint, server or gateway. The basis of inspection includes a list of known benign files and a list of known malignant files, which is the so-called anti-virus signature code. High-performance content distribution network and local buffer server will ensure that the delay time in the inspection process is minimized. Because malicious information is stored in the cloud, it can reach all users in the network immediately. Moreover, compared with the traditional downloading of antivirus signature files that occupy the endpoint space, this method reduces the endpoint memory and system consumption.
4. Behavior correlation analysis technology
Trend Micro Smart Protection uses the "correlation technology" of behavior analysis to comprehensively link threat activities to determine whether they are malicious behaviors. A single activity of a Web threat seems harmless, but if multiple activities are carried out at the same time, it may lead to malicious results. Therefore, it is necessary to judge whether there is a threat according to the heuristic point of view, and the relationship between different components of potential threats can be checked. By correlating different parts of threats and constantly updating its threat database, Trend Micro has gained a prominent advantage, that is, it can respond in real time and provide timely and automatic protection against email and Web threats.
5. Automatic feedback mechanism
Another important part of Trend Micro Smart Security is the automatic feedback mechanism, which realizes uninterrupted communication between Trend Micro products and the company's all-weather threat research center and technology in the form of two-way update flow. By checking the routing reputation of a single customer to determine various new threats, Trend Micro's extensive global automatic feedback mechanism functions much like the "neighbor monitoring" method adopted by many communities. Realizing real-time detection and timely "* * * smart" protection will help to establish a comprehensive and up-to-date threat index. Every new threat discovered by a single customer's regular reputation check will automatically update all threat databases of Trend Micro around the world to prevent future customers from encountering the threats already discovered.
6. Summary of threat information
The research of researchers from the United States, the Philippines, Japan, France, Germany and China will supplement the feedback and submission of Trend Micro. At TrendLabs, the anti-virus research and technical support center of Trend Micro, employees in various languages will provide real-time response, all-weather threat monitoring and attack defense to detect, prevent and eliminate attacks.
Trend Micro comprehensively applies various technologies and data collection methods, including honeypots, web crawlers, customer and partner content submission, feedback loops and TrendLabs threat research. Trend Micro can get all kinds of information about the latest threats. Analyze threat data through the malware database of Trend Micro Cloud Security and Trend Micro Lab Research, Service and Support Center. Kaspersky's full-featured security protection aims to build a seamless and transparent security system for Internet information.
1. In view of all kinds of information security threats under the Internet environment, Kaspersky Lab takes the anti-malicious program engine as the core and technology integration as the basis, and realizes the functional platformization of information security software. The core functions such as system security, online security, content filtering and anti-malware can realize unified, orderly and three-dimensional security defense on the platform of full-featured security software, instead of hashing different types of products with different functions;
2. With the strong background technical analysis ability and the support of online transparent interaction mode, Kaspersky Full-featured Security Software 2009 can be used when users "know and agree (awareness &: Online collection and analysis (online real-time collection &; Analysis) Samples of malicious programs such as suspicious viruses and Trojans in users' computers. Users can update the global anti-virus database 1 time every hour on average, and then solve and distribute them immediately. So as to realize the online collection, real-time analysis and online distribution of malicious programs such as viruses and Trojans, that is, the "cloud security" technology. Kaspersky Full-featured Security Software 2009 transparently applies the technology of "cloud security" to the vast number of computer users through "Kaspersky Safety Net", making Kaspersky's global user groups become a super-intelligent security defense network, which can immediately immunize against new threats and put an end to security threats. Kaspersky Security Network has been developed and tested by Kaspersky Lab for a long time, which has high stability and maturity. Therefore, we can take the lead in providing services directly to users in the official version of full-featured security software 2009.
3. Through the flat service system, realize the zero-distance docking between users and technical background. Kaspersky has the world's leading malicious program sample center and malicious program analysis platform, and the anti-virus database updated every hour can ensure the zero-distance docking between the security defense capability of users' computers and the technical background. In Kaspersky's full-featured security defense system, all users are active participants in Internet security and direct beneficiaries of security technology innovation.
Cloud security scanner
Singularity scanner
Singularity cloud security integrated vulnerability detection system is the world's first in-depth security assessment system based on APT intrusion detection mode, which is dedicated to application security testing and comprehensive scanning analysis of website security vulnerabilities under web2.0. Its efficient and accurate security scanning strategy enables users to easily find vulnerability threats and provide detailed and professional vulnerability scanning reports for security managers. Web server comprehensive vulnerability detection service covers almost all application vulnerabilities defined by international authoritative security organizations such as CVE, packetstorm, OWASP, WebAppSec and domestic and foreign security communities, and can be applied to foreign server vulnerability detection.
Discover the security vulnerabilities of the WEB application server;
Discover website security vulnerabilities;
Can support overseas VPN intrusion detection servers to solve the problem that overseas or blocked websites cannot be scanned;
Support conventional vulnerability detection model and intelligent penetration detection model.
Support simple mode (single domain name), batch mode (multi-domain name), fast scanning and deep scanning;
Professional, clear and accurate visual statement;
It supports more than 500 detection strategies and dozens of logical infiltration intrusion detection behaviors, and can accurately scan website vulnerabilities.
Support intelligent penetration detection model, including 0day update detection, vulnerability combination, Google hacking crawler and other vulnerability detection.
Super vulnerability analysis ability
The original dual-channel intelligent detection model not only supports conventional vulnerability detection, but also has an intelligent penetration detection model.
The first professional detection model for common email systems, forums, blogs and web page editors at home and abroad.
Support cookies login status depth detection function.
Integrating JavaScript intelligent parsing engine can more accurately detect malicious code, DOM type cross-site script vulnerabilities and arbitrary page jump vulnerabilities.
Simple operation steps, professional and customizable expansion options can easily complete high-quality intrusion detection. McAfee, a well-known security vendor, announced that it will launch Artemis, a security system based on cloud computing. The system can protect the computer from viruses, Trojans or other security threats.
Researchers at AvertLabs, a subsidiary of McAfee, said that the system can shorten the time for collecting and detecting malware and the time for configuring the whole solution.
With the development of security system, this time has been reduced from several days to several hours, and then to several milliseconds.
DaveMarcus, director of security research and communication at AvertLabs, said: Artemis system manages a window in which all activities of enterprise users are carried out, and this window will continuously analyze whether there is malware. The purpose of Artemis is to minimize the time spent.
Traditional security systems use threat signature database to manage malware information, but as a cloud computing service, Artemis can respond to threats before signature files are released.
Marcus said that AvertLabs researchers find tens of thousands of new signature documents every week. If the user's computer is equipped with Artemis system, once suspicious files are detected on the computer, they will immediately contact the McAfee server to determine whether the suspicious files are malicious. In this way, McAfee can also use the collected data to provide customized security solutions for enterprises.
Experts say Artemis can provide real-time security protection. In the traditional signature-based security system, there is often a time delay from discovering security threats to taking protective measures.
CharlesKolodgy, research director of IDC security products, said: "The traditional signature-based malware detection method has shortcomings. As user behavior changes, security threats are also changing, and malware detection technology has not kept up with the pace of development. " Because this process is completely controlled by the internet and automatically controlled by the program, it can maximize the user's ability to prevent Trojans and viruses. Ideally, it takes only a few seconds from a pilfer date trojan attacking a computer to the whole "cloud security" network having immunity and killing ability.
Cloud security plan: How does Rising deal with 65438+ million new Trojan viruses every day?
How does Rising analyze and process the 865,438+10,000 new Trojan virus samples received every day? It is certain that manpower alone cannot solve this problem. The core of the "Cloud Security" plan is Rising's "Automatic RsAutomatedMalwareAnalyzer" (RsAMA for short), which can dynamically classify a large number of virus samples and analyze their * * * characteristics. With the help of this system, the processing efficiency of virus analysis engineers can be doubled.
Although there are 8000 ~ 65438+ ten thousand Trojan virus samples collected every day, Rising's automatic analysis system can automatically classify the Trojan virus according to its variant groups, and extract the characteristics of each variant group by using the "characteristic extraction technology of variant virus family". In this way, after the automatic analysis of tens of thousands of new Trojan viruses, there are only hundreds of new Trojan virus samples that really need manual analysis. The large-scale feature library built in cloud mode is not enough to deal with the rapidly growing security threats. Anti-virus manufacturers at home and abroad still need to work hard on the core anti-virus technologies, such as virtual machine, heuristic, sandbox, intelligent active defense and other unknown virus prevention technologies to be strengthened and developed, and the self-protection ability of most anti-virus software also needs to be strengthened. No matter how fast the virus grows, it is only a change in quantity. However, in reality, a very small number of malignant viruses have applied new virus technology.
"Cloud security" must be based on core technologies such as kernel-level self-protection, sandbox and virtual machine, so as to show its power. Without these core technologies, anti-virus software may be embarrassed in front of viruses. In reality, many anti-virus softwares scan and find viruses, but they are unable to remove them, or even shut down by viruses. That's why when Jiang Min introduced KV2009, it first emphasized the core technologies such as sandbox, kernel-level self-protection, intelligent active defense, virtual machine, etc., and put the cloud security anti-virus system behind. Antivirus is the same as other industries. First of all, the foundation should be firm enough, the foundation is not firm, and the building is unreliable no matter how high it is.
"Sandbox" is a deeper system kernel-level technology, which is different from "virtual machine" in technical principle and expression. "Sandbox" will take over the behavior of virus calling interface or function, and implement rollback mechanism to restore the system after it is confirmed as virus behavior, while "virtual machine" has no rollback recovery mechanism. After the virus is triggered, the virtual machine judges that it is a certain virus according to its behavior characteristics and calls the engine. In fact, KV2009 with "sandbox" has begun to play a powerful role in dealing with the invasion of new viruses. Some users turned off all kinds of real-time monitoring of Jiang Min KV2009 antivirus software, and only started the "sandbox technology active defense" mode. As a result, after running the new virus "Sweep Wave", all the behaviors of the virus were intercepted and erased, leaving no chance to leave any trace in the system.
At present, the main problem facing antivirus is the technical challenge of driving virus to antivirus software. So the first task of antivirus is to further upgrade the core technology of antivirus. On the premise of ensuring anti-virus technology, make full use of the rapid response mechanism of "cloud security" anti-virus system to create a dual security guarantee system of "cloud security" and "sandbox".