smaller updates, applied more frequently, improve detection efficacy. However, the simple fact is that the greatest detection and protection comes from using a local scan engine linked to a cloud security service
To answer this, we need to look at the different deployment modes of scan engines: online, offline and off-net.
Operating in online mode, engines developed using SDKs such as the Anti-malware SDK can leverage the power of a cloud-based security service such as the Avira Protection Cloud. They don’t completely rely on the latest detection updates, but can query a live cloud database of known files. They can even upload unknown files for immediate assessment. Such an approach delivers, for all intents and purposes, complete detection, in real-time. A scan engine combined with a cloud security service is a very powerful anti-malware solution.
Scan engines connected to the internet but not paired with a cloud security service operate in offline mode. They continue to receive frequent detection updates but can no longer access the live cloud database or detection engines of the cloud security service. The risk then exists that new types of malware may emerge that are dissimilar enough to existing families of malware that they are not detected by the detection capabilities available locally. In this case, the malware may remain undetected until the next database update.
Completely disconnected from the Internet, and unable to receive any updates, the scan engine is off-net. This (unusual) scenario can be found where critical infrastructure or data is protected through a process of air-gapping. In this case, the user is responsible for generating their own detection updates and may use threat intelligence feeds as a way of enhancing their own threat database from which they can build their own update.
Anti-malware scan engines underpin malware detection in today’s protection systems. While their essential purpose and modus operandi has remained fairly consistent over time, increasingly sophisticated developments in technology, including AI, now assist them in performing their role. Scan engines that work with a cloud-based security service optimize malware detection through live access to a threat intelligence database. For more information on Avira’s scan engine SDK, take a look at Avira’s and for an overview of how Avira enables technology partnerships, you can learn more here.