Tuesday, June 28, 2011

Broad View of Cloud Security

Cloud Computing in the security industry has multiple definitions and several approaches:
-URL scanning
-AV scanning
-Spam scanning
-and more...

Cloud Paradigm
-Pro Cloud
-Against Cloud
-A hybrid approach is better

-No versioning (no large product updates)
-Low resource consumption
-Higher speed
-Not OS dependant
-Not hardware dependant
-Instant access to updates
-New technologies available like outbreak detection or statistics based algorithms
-Sometimes...It is also cheaper

-No internet connection means no cloud
-Susceptible to DDOS attacks
-Resource Consumption just moved in the cloud. It didn’t vanished!
-Connection spikes can cause false negatives (or, even self-DDOS)
-Instant updates can also mean instant faulty updates
-Data center failure means no detection

What Else Can Cloud Offer?
Opens the door to a new set of:
-Operating systems

Size Does Matter
-Several sources of URLs means an extremely large number of URLs
-Several clients that query the cloud means a massive number of links that have to be analyzed
-Links have various statuses (clean, infected, phishing, fraud) which change dynamically
-So, one has to move fast...

Lies, Damned Lies and Statistics
-Targeted attacks stay under the radar
-Slow spreading malware too

Not everybody likes us
-Website owners
-Maybe even social networks?
-And hopefully the bad guys (i.e. Hackers)

-We believe that a hybrid approach is best
-The cloud should be used as another filtering method and not as a universal solution
-Not only there should be a hybrid approach, but also these techniques have to be interconnected
-Although it looks quite easy in theory, creating and maintaining a cloud architecture is not an easy process