Firmware v4.38 and Express Mode
So, the splash screen in 4.38 talks about the new cloud query 'Express' mode for threat analysis. The closing makes it sound like it can improve throughput?
But the question is, what difference in security is there between Express and Stream? One would assume that Express would have all the signature file based signatures PLUS realtime updates. But if that's the case, why do the ATPs support a Hybrid mode where both Cloud and Signature analysis is done? What's the advantage? Or is Express mode more secure because of realtime updates, but slower overall because of cloud query latency? Or is it a subset of protection compared to Stream mode?
The McAfee announcement doesn't help much:
https://www.businesswire.com/news/home/20200427005100/en/Zyxel-Partners-McAfee-Provide-Robust-One-Box-Security
Can Zyxel provide some added insight into this? Hybrid makes sense on an ATP, but for a USG, when would you want Express? For real time threat updates but with less coverage and faster throughput? Or just if you needed a boost in throughput but you sacrifice some security?
But the question is, what difference in security is there between Express and Stream? One would assume that Express would have all the signature file based signatures PLUS realtime updates. But if that's the case, why do the ATPs support a Hybrid mode where both Cloud and Signature analysis is done? What's the advantage? Or is Express mode more secure because of realtime updates, but slower overall because of cloud query latency? Or is it a subset of protection compared to Stream mode?
The McAfee announcement doesn't help much:
https://www.businesswire.com/news/home/20200427005100/en/Zyxel-Partners-McAfee-Provide-Robust-One-Box-Security
The Express mode leverages an ever-expanding AI-driven cloud database to provide an unprecedented level of threat intelligence, while the Stream mode uses a signature-based database to provide a granular and thorough deep local scan. The new hybrid mode combines the two functions to maximize security coverage with wide and deep security scans to protect the network from the inside-out and defend the business from rapidly evolving cyber attacks.
Can Zyxel provide some added insight into this? Hybrid makes sense on an ATP, but for a USG, when would you want Express? For real time threat updates but with less coverage and faster throughput? Or just if you needed a boost in throughput but you sacrifice some security?
1
All Replies
-
I have the same question, which is important, especially since one cannot activate both modes concurrently on a USG.
0 -
On the Express mode, the throughput will be higher on UTM performance.
To your questions, here it is the Pros and Cons between Express and Stream Mode for your reference. It should be able to give you some ideas to make the decision.
Express Mode:
Better performance on UTM throughput and Threat intelligence will evolve by AI.
However, on Express Mode, the internet is Required. It cannot work in isolated environment, Mutant Malware may be skipped initiatively.
Stream Mode:
Good for fresh mutant malware protection, Signatures can be provided offline
However, the throughput could be effected due to computing power overhead, and Number of signatures limited by hardware
0 -
OK discounting the online/offline scenario where we should always have Internet access (it's an Internet gateway ), let me see if I'm understanding....
Express uses AI that will learn over time, but is *less* effective against new threats? While the signature/Stream is better against new threats?
That seems to go against what you'd think, that by querying the cloud, you'd have access to threat signatures in realtime. So which gets the latest signatures first, Express or Stream? or does Stream not do signature based threat analysis and is just Heuristic/AI based?0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight