On Tuesday, July 19, Google announced a new feature that alerts web surfers when their PCs might be infected with malware. It’s hardly the only company using big data to fight cybercrime. We’ve covered a handful of them of over the past couple years. Here are five that stand out:
Panda Security: In 2009, Panda got an early start on providing cloud-based antivirus software. The product is relatively simple in premise: Create a central database of security threats collected from users’ machines and feed the antivirus scanner with that data. Because it runs in the cloud, the application can perform much of the heavy computational lifting in the cloud, sparing users’ machines the cycle overload often associated with antivirus software.
Google: With the announcement on Tuesday, Google found a great way to leverage its vast quantity of machine-generated data to combat malware. Essentially, Google is monitoring search-engine traffic for anomalies associated with a particular strain of malware. When Google detects that user traffic is coming to it in a questionable manner, it alerts users so they can try to resolve the problem using their existing security tools.
IpTrust: Big data tools have numerous uses beyond those for which they were created, including detecting and preventing botnet activity. IpTrust uses a farm of Amazon EC2 servers running Hadoop and the Cassandra NoSQL database to store, process, and analyze terabytes of security-event data per day. It develops reputation scores for countless IP addresses, which lets users and third-party security products track down the source of malicious activity and even prohibit traffic from entering their networks.
Kindsight: Kindsight does deep-packet inspection to find malicious activity within traffic as it traverses the Internet, before it ever gets to consumers’ computers. The company has generated some controversy, however, because it also uses the deep-packet data it gathers to serve up ads that help keep the service free to ISVs that adopt it.
Incapsula: Web application firewalls are nothing new, but Incapsula is trying to advance the technology by crowdsourcing the task of gathering threat information. Similar to what companies such as Panda do for cloud antivirus products, the database serves firewalls for Web apps. As icing on the cake, Incapsula also acts as a CDN by letting users cache and serve content from its global pool of servers.
This list is in no way exhaustive. If you know of a cool new service taking advantage of big data sources to combat cybercrime, please discuss them in the comments section below.
Also from GigaOM:
Infrastructure Q2: Big Data and PaaS Gain More Momentum (subscription required)