Signature-based scanning was falling behind the pace in the ongoing war against cyberattacks, resellers learned in a recent CRN webinar on how to protect a virtualised environment.
Viruses were mutating form almost every time they jumped from one PC to the next, which meant that a signature based on one version would be immediately outdated and effectively rendered useless, said Richard Dornhart, senior regional product manager, enterprise and mobility group, Symantec.
Dornhart talked about one approach by Symantec which used a “reputation index” called Insight to judge whether a new file would be malicious based on factors such as its age, its popularity, which PCs had sent it, among others.
Dornhart said that a similar approach to files within a virtualised environment could build a long white list of files known to be safe, which meant that an anti-virus program would only need to scan those files which had been changed. This was often well under 20 percent of the total files, which dramatically reduced scan times.
Other ways to reduce scan times included virtual image exception, which excluded cloned images from scans; a shared cache which meant that common files among virtual machines were scanned once; virtual client tagging which set group-specific policy; and resource levelling, which reduced the frequency of overlapping scans and definition updates which could chew up resources.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
