Tuesday, June 24, 2008

trend micro and cloud watching

last thursday mike rothman wrote the following:
Is traditional signature-based AV dead? It's definitely on life-support, as Trend announces a cloud-based something or other. Will it work? Who knows, but clearly the sacred cow of AV will be served for dinner sooner rather than later. - Trend Micro release

if you're like mike and think this has anything to do with moving away from signature-based technology then you need to read that release a second time... or a third time... or an nth time - it doesn't really matter how many times you've read it before you need to read it again, especially the following passage:
By storing the majority of pattern files in an Internet cloud database and keeping them at a minimum on the endpoint, Trend Micro helps stop Web, file and email threats before they reach the end-user or the corporate network. This new approach lightens bandwidth consumption on customers’ networks and endpoints and provides faster and more comprehensive up-to-date protection.

in other words, it's still signature-based, they're just putting the signatures in the cloud rather than the endpoint now... it's not your grandmother's scanner but it's still signature-based av...

one of the benefits of letting this post stew a little is that i've gotten to see what others have said about the subject... as a not-so-accurate barometer of av innovation, amrit williams thinks it's the most innovative thing to come out of the av industry in the past decade but alan shimel rightly points out that it sounds a lot like something panda has been doing for some time now... i would add that both are conceptually reminiscent of the digital immune system developed by ibm (starting more than a decade ago) and sold to symantec (and we know what symantec does with the things it buys, or rather we don't)... it would be hard to imagine that either trend or panda came up with their 'in-the-cloud' architectures without taking a few lessons away from this progenitor and so i wonder if we can really say this innovation came about within the past decade at all...