Trend Micro chief executive and co-founder Eva Chen unveiled a new vision for the company that includes 'in-the-cloud' malware analysis.
Unlike the computer viruses of 20 years ago, which were slow to evolve and infected thousands of systems worldwide, malware today evolves rapidly and infects relatively few systems, creating thousands of new variants each day.
Chen admitted that traditional signature-based antivirus strategies may seem rather outdated, but argued that pattern matching is still faster than running a full heuristic check of each new malware specimen. Her answer is to throw all the unknown samples up into the cloud for deeper and faster pattern recognition.
Over the last few years, Trend Micro has been building robust servers around the world, enabling it to offer more and more software-as-a-service (SaaS) solutions to its medium-sized business customers. Now Trend Micro is planning to include its in-the-cloud network service in two new suites for enterprises, and may, in the future, incorporate some of the technology in its home and small business offerings.
With faster internet connections available worldwide, Chen argued that it is faster to do a suspected malware check in the cloud than to initiate and execute a sandbox heuristic environment on the desktop.
The time taken for an in-the-cloud check is milliseconds rather than the one to two seconds required for each sandbox inspection. Over several thousand samples, the time savings add up. Also, all unknown samples could be gathered from around the world, and new signatures could be sent out worldwide.
Chen said she envisions a 15 minute turnaround from discovery to mitigation of each new piece of malware detected.
On Wednesday, Trend Micro announced two enterprise suites: a Threat Discovery Suite (due in the third quarter of 2008) to find internal security threats on a network, and a Threat Mitigation Suite (due in the fourth quarter of 2008) to provide analysis and policy review to protect against future threats.
Symantec's been doing the multiple global sites that analyze traffic, attacks, and such for a while... how is this new?