How Google Uses Reputation Data to Improve Security Across Its Properties


Google researchers have combined a number of reputation techniques to create a system that is 99 percent successful in detecting and blocking malicious executables downloaded by users of its Chrome browser.

The system, known as Content-Agnostic Malware Protection (CAMP), triages up to 70 percent of executable files on a user’s system, sending attributes of the remaining files that are not known to be benign or malicious to an online service for analysis, according to a paper (PDF) presented at the Network and Distributed System Security Symposium (NDSS) in February.

Google’s ability to mine data from millions of connections, and then leverage that information across its various properties, is invaluable.

It’s why their spam protection is best, it’s why their web security is relatively strong, it’s why they’re overall just good at learning from their data.

They have the Borg approach: get hit with something once, spread the defense to all collective systems near instantly so that it never happens again.

This can be seen in email malware defense like this article talks about, and in the way they do code testing. Before code goes to the Internet it gets blasted with all the existing threats they’ve ever seen–up to and including yesterday–to make sure it doesn’t have any flaws they’ve already been stung by.

They’re just really good at harvesting lessons-learned from their data in near realtime, and that is a security meta-feature that I think puts things like Google Apps ahead of most offerings security-wise.

Related posts: