WHAT IS WRONG WITH TRADITIONAL ANTIVIRUS?
Traditional antivirus products are based on signature recognition performed on endpoints. That is a failing strategy because:
the number of recognized threats has grown so huge that it is impractical to keep endpoint systems updated with signatures, and it’s impossible for endpoints to compare files against all known signatures
hackers and cybercriminals are using botnets and other techniques to propagate zero-day threats before signatures can be distributed to endpoints
Often no signatures at all exist for targeted threats aimed at single individuals or organizations. Hackers are using techniques like malware crypters, server-side polymorphism and QA testing so they cannot be recognized by signatures.
For these reasons, it is no wonder most information security experts question the ability of signature-based antivirus products to block the newest and most dangerous forms of malware.
CLIENT | CLOUD ARCHITECTURE
The “fat client” architecture of traditional antivirus products relies on heavyweight modules on endpoint systems to compare suspicious files with threat signatures. A client/cloud architecture fundamentally changes this dynamic. Only a very small client is needed on the endpoint. This client finds new files and creates hashes (signatures) of those files. The hashes are sent to a cloud-based server and compared with a large signature database. Responses are sent back to the endpoint system.
The client / cloud architecture has tremendous benefits over traditional antivirus products:
Fat-client antivirus products are effectively obsolete. A client/cloud architecture is the only way to make real-time signature-matching practical and effective.