|
Stream
Based Scanning
Most
organisations are aware that some varieties of malicious
software enter their networks and computers through
web traffic. A user only needs to browse a web page,
click on a URL link in an email, or view web email to
unwittingly activate HTTP-based spyware and worms. As
IDC and InfoWorld have pointed out, the web is the new
vector for malware attacks.
But
most organisations are not aware of the magnitude of
this problem. To see the thousands of malware that come
in through web traffic and realise the true extent of
this threat, they would need to deploy an extremely
high performance gateway anti-malware product that could
detect and stop malware on HTTP without generating latency
and impeding network performance. They would be alarmed
to learn that the majority of the malware CP Secure
customers catch is on HTTP. How is this possible?
| The
Traditional Approach
Today's
scanning technology, used in everything from desktop
anti-virus software to gateway anti-virus appliances,
is batch-based.
Many
anti-virus vendors built their batch-based scan
engines during an era when viruses were transmitted
via removable media. They based their algorithms
on the assumption that the entity to be scanned
could be randomly accessed.
In
this batch-based method, scanning commences only
after the entire file is received, and outputting
starts only after the entire file has been scanned
(see figure 1).
Therefore,
end-users often experience long delays or sometimes
even timeouts while the file is transferred and
scanned.
When
applied to the new malware threats in real-time
web traffic, the traditional scanning approach
introduces unacceptable levels of latency that
bring enterprise web activities to a standstill.
|
CP
Secure's Solution
Stream-based
scanning is based on the simple observation that
network traffic travels in streams. CP Secure's
scan engine starts receiving and analyzing traffic
as the stream enters the network (see figure 2).
As soon as a number of bytes are available, scanning
commences.
The
scan engine continues to scan more bytes as they
become available, while at the same time another
thread starts outputting the bytes that have been
scanned.
CP
Secure's pipeline approach, in which the receiving,
scanning, and outputting processes occur concurrently,
ensures that network performance is not impeded.
The
result is that internet traffic is scanned virtually
in real-time – a performance advantage that
is easily noticeable to the end-user.
Anti-malware
scanning of real-time web traffic at the internet
gateway is now feasible.
|
Figure
1 : Traditional Batch-based Scanning |
Figure
2 : CP Secure's Stream-based Scanning |
The
Benefit
CP
Secure’s patent-pending stream-based scanning
architecture enables, for the first time, the scanning
of very high volumes of real-time internet traffic for
malware, without bringing enterprise internet activities
to a standstill. Organisations can now protect their
confidential data and maintain organisational continuity
by stopping spyware and viruses at the internet gateway,
without stopping the internet.
|
