We all have a love-hate relationship with antivirus solutions, right? They're a necessary evil—you get a lot of false positives, they're constantly requesting software updates, and they're hogs on system resources. Microsoft is addressing many of these common complaints with Microsoft Security Essentials (MSE), which is a far leaner and still very competent antivirus solution.
However, Microsoft Security Essentials still follows a traditional software model, which means you'll need to regularly push security updates to all of your systems and even then, there will always be short spans of time where you are not protected. With the acquisition of a company called Immunet, Sourcefire (makers of the open-source SNORT intrusion detection/prevention system) is offering something different.
What Is Immunet?
Immunet is a cloud-based, client-side antivirus solution.
"One thing that we've seen in the enterprise AV space is that many companies that have products today have really not changed the technology for the last 10-15 years. They're all definition-based, and despite having some behaviorial technologies, most of the threats are still detected using standard definitions. The problem with that is that you're never up to date. Vendors are pushing more and more down to the desktop every day—anywhere from 10,000-20,000 new definitions are getting pushed out to each and every desktop in the enterprise on a daily basis," said Oliver Friedrich, senior vice president of cloud technology. "With Immunet, our definitions, detection engines, and our behavioral technologies are in the cloud so you're always up to date."
Benefits of Immunet include:
Address constantly-changing threats. Since it's cloud-based, updates are immediate.
The footprint is much smaller. For example, Immunet is only about 5MB, meaning its strain on your systems is far less than traditional solutions, which can get into the hundreds of megabytes. (Note: MSE is only about 7MB.)
It works with your existing antivirus solution. You don't have to get rid of your other antivirus solution and shouldn't have any issues running both, according to the vendor.
Cloud-Based and Open Source Integration
Sourcefire already has an open-source antivirus solution called ClamAV. One of the chief benefits of ClamAV is that your organization can define your own signatures/definitions, letting you adjust the solution to target (or ignore) certain types of activities and threats.
"None of the leading vendors allow you to write signatures for your own system. ClamAV is an open-source project, which means it's always been user modifiable. You can write your own signatures for it and put it anywhere in the system. The power of that is that if I have something unique in my environment that I want to look for, such as a specific hacker that is targeting you, I can modify that myself immediately, rather than waiting for the vendor to get back to me," said Martin Roesch, chief technology officer and creator of SNORT.
In the future, Sourcefire plans to integrate ClamAV with Immunet, which would offer the benefits of both solutions.
Do you see a cloud-based antivirus solution such as Immunet as a compelling alternative to traditional solutions? What questions do you still have? Let me know in the comments or on Twitter @breinholz.
- Is an Open-Source Framework the Key to Preventing Security Threats?
- Security Essentials Logs More Than 30 Million Users in First Year
- Microsoft, Google Skirmish Over IE Security Vulnerabilities