Verdict-as-a-Service moves malware scanning from the endpoint to the cloud


Today, no one can do without data at work. However, malware often lurks in shared resources. Stefan Hausotte and his team have developed a solution for this with G DATA Verdict-as-a-Service. He reveals more in an interview.

Employees in companies today work with a wealth of files, such as graphics, text documents or spreadsheets. To ensure that the shared directories containing the information are safe from malicious code, Stefan Hausotte, Head of Threat Intelligence & Infrastructure at G DATA, and his team have developed G DATA Verdict-as-a-Service (VaaS). The service scans files for malware and thus ensures security. VaaS can be integrated into websites, data storage, applications, or other solutions without much effort. The highlight: companies don't have to provide any hardware for its operation because VaaS is hosted in the cloud.

I spoke to Stefan about the background to G DATA Verdict-as-a-Service, the advantages for customers and what is planned for the future.

How does VaaS work?

Stefan: G DATA Verdict-as-a-Service is basically what you used to know as a classic antivirus engine from your computer or other device. We moved the whole thing to the cloud. As a result, there is no longer a security solution running on the device- This also eliminates the requirement to update it yourself. This means that no system resources are used when the scanner is checking files. Instead, customers receive a so-called SDK, a software development kit in a programming language, that they can integrate into their application. The SDK controls the scan via the cloud so that the data is checked there. Afterwards, the end result of this evalutation, - which is the verdict – is delivered back and shows whether the file is harmful or not or whether it is a so-called PUP - a Probably Unwanted Program. The customers decide what happens to it, based on the context of their product - for example, whether a harmful file is blocked or deleted. The basic idea is that we move the scanning from the endpoint to the cloud. Customers don't have to worry about installations on the devices or signature updates.

We recognize many different types of malware by their hash value, so before each file upload, we check whether the file is already known. In this way, VaaS prevents redundant uploads of the same file as well as unnecessary network traffic from being generated. The advantage of this is that the cloud is always up to date and new threats are thus quickly detected.

How did you come up with the idea of programming G DATA Verdict-as-a-Service?

Stefan: The idea was brought to us by several companies. They wanted a simple, scalable solution that could be integrated into their own product to scan files for harmful content. The companies wanted to do this with as little effort as possible. Integrating our own technologies into another solution would have been far too much effort. After we had received several enquiries about this, we sat down and thought about what we could do to achieve this. In addition, we had found that we actually have a similar problem in general: We need to scan a lot of data for malicious content quickly and in a scalable way. That's how VaaS came about as an OEM product.

For which customers is G DATA Verdict-as-a-Service intended?

Stefan: Many companies offer products that receive data from users in some way and the provider cannot check whether there is malware among them. This is the case with storage solutions, for example. For example, users could upload malicious files and then share them with their team, whereupon a colleague downloads one of the files. That would obviously be very bad. Therefore, a scan at this point makes a lot of sense. This use case exists in many companies and solutions.

What did you place particular emphasis on during the development?

Stefan: G DATA Verdict-as-a-Service should be easy to integrate by the client's developers and only require a few lines of code. Simplicity was the number one goal for us during development. Integration should only be a small hurdle, so that any company can build antivirus protection into their solutions or services, and subsequently not have to worry about anything and have it just work. It was also important to us that the developers on the customer side do not need any special security knowledge, but that the integration is done with copy-and-paste, so to speak. We then give the companies an access token - and the integration is done.

What advantages do companies have when they rely on G DATA Verdict-as-a-Service?

Stefan: Companies do not have to set up and maintain any additional infrastructure themselves; for example, there is no need to operate a scan server. In addition, no security solution needs to be installed and deployed. IT managers do not have to worry about updates on the clients because the cloud is always up to date. Another advantage is scalability. It doesn't matter whether a handful or a million files are scanned per day. Companies can easily increase the amount of data to be scanned if the use case requires it. The limiting factor with VaaS is the speed at which the data can be transferred to the cloud.  Usually, the files being scanned are not very large, so a scan is completed in a few seconds.

How do you work together with clients?

Stefan: Companies can contact us directly via our landing page and then get directly in touch with the development team. This is very important to us because we are selling a product that is made by developers for developers. VaaS is not a classic security solution in the sense of a finished product to which nothing is changed. Our service is integrated into the customer's solution, which requires a direct line from developer to developer. This way, questions and ambiguities can be solved quickly. So far, this point has been very well received by the customers. We answer questions at the level they come from, for example how VaaS is integrated or how direct feedback is given. We also offer interested companies free test accounts. This way, companies can try out and test G DATA Verdict-as-a-Service.

You have included IONOS as a cloud partner in this project. Why did you choose this company?

Stefan: We needed a cloud partner for our project. Just like our customers, we also wanted to benefit from scalability. How many VaaS clients will we have in the future and how many files will be scanned? The only sensible solution here was a public cloud. The cooperation with IONOS came about because our customers clearly communicated that it is very important to them where the data is located. Of course, the big providers also operate data centers in Germany, but here the trust on the part of our customers is simply not there because they are US companies. The goal was clear: if we upload and process data in the cloud, it has to be a German company with German data centers. We really must be able to guarantee that the data will not leave the German legal area. IONOS had also met other criteria that are important to us, such as the security certifications for the data centers and a very direct contact. IONOS also has very good scaling possibilities. In addition, our partner has a size and strength so we are sure that we can work together in the long term.

How long did it take you to develop VaaS?

Stefan: The development took about a year. From the beginning, we had a pilot customer with whom we are in close exchange and receive valuable feedback. From the beginning, we wanted to develop a project that is absolutely client-oriented and offers the maximum benefit. Working directly with clients is the best thing you can do from our point of view.

What are the long-term plans for G DATA Verdict-as-a-Service? Are you developing the service further?

Stefan: G DATA Verdict-as-a-Service is the prelude to its own product strategy. For me, VaaS is G DATA's first step towards cloud security. More and more data are going into the cloud. The cloud is the possibility to cover all clients and operating system types - from Windows computers to Android mobile devices, to servers, websites, data storages or services, in terms of security. VaaS is the first step - we still have many ideas. The basic product is ready, but we will develop further features, such as the connection of malware sandboxes for dynamic analyses. Customers can then get comprehensive reports on what the malicious code is doing in detail. Another idea is to check domains or URLs. These can also be malicious. We could also build this into the service so that websites for companies are checked. We respond to the wishes of our customers.

Information around G DATA Verdict-as-a-Service and the possibility to test it for free is possible here.

from Kathrin Beckert-Plewka
Public Relations Manager