Speed matters when stopping IBM i malware, including virus and ransomware attacks. Any IBM i anti-malware software you use should be performance tuned for the fastest possible malware detection and response times. Failure to promptly detect and react to malware attacks can result in lost data, stolen secrets, reputation loss, revenue destruction, and more.
Listed below are six valuable anti-malware performance features you should look for and activate when using IBM i anti-malware software. Consider using these features for improved malware detection and response performance, reduced resource utilization, and fewer Integrated File System (IFS) infections when you purchase and configure IBM i anti-malware solutions:
- Only-new scanning
- Heuristic scanning
- Local versus remote scanning
- Asynchronous processing
- Multi-threaded processing support
- Power system AI-enhanced malware detection (future capabilities)
Here are the advantages each feature brings to the fight against IBM i malware attacks:
Only-new scanning
When only-new scanning is activated, previously scanned files are not rescanned unless they have changed. This feature improves malware detection performance by reducing the number of files being scanned during on-demand or scheduled scans.
Heuristic scanning
Heuristic scanning searches for zero-day malware and virus infections that have no known malware signature. It detects infected IBM i files based on the behavior and properties of the scanned files rather than relying on a signature match in the malware database.
Local scanning versus remote scanning
Many IBM i packages offer remote malware detection, where the actual scanning is performed by an external service rather than on the IBM i itself. Remote detection can have a dual effect on malware processing: it can improve IBM i resource utilization but may decrease scanning performance.
Scanning Integrated File System (IFS) objects locally increases CPU and memory usage. Offloading that scanning to an external service reduces IBM i resource demands, which improves system performance. However, scanning IFS files remotely can introduce latency; files must be transferred to the external service for scanning, and results must be sent back to the IBM i for resolution.
Before deploying remote scanning, consider whether the reduction in IBM i resource demand outweighs potential communication latency during the scanning process.
Asynchronous processing
Asynchronous processing allows most of the detection work to occur outside of IBM i exit point programming. Many IBM i anti-malware packages identify attacks entirely within IBM i exit point processing, which can slow performance as the OS waits for each exit program to complete before proceeding to the next action.
Some solutions (including iSecurity Anti-Virus and Anti-Ransomware) split their malware/ransomware processing into two parts. Most of their detection work occurs asynchronously, outside of the IBM i exit program processing. This means that processes and users no longer have to wait for an anti-malware exit program to finish before continuing their work.
Asynchronous processing can significantly improve performance, especially in high-volume environments. It also reduces latency by allowing other processes to continue while malware detection is in progress.
Further Reading: New iSecurity Anti-Virus & Anti-Ransomware Releases Support Asynchronous Processing & Multithreading
Multi-threaded processing support
Multi-threaded processing support allows anti-malware detection to share virus and ransomware detection activities within a single IBM i server job. Some older anti-malware software uses non-threaded server jobs for individual users’ malware detection.
Multi-threaded support reduces overhead, improves performance, and reduces latency by minimizing the number of detection jobs that need to run simultaneously.
Power system AI-enhanced malware detection (future capabilities)
AI-enhanced hardware features for IBM Power systems could be crucial in the battle against malware attacks. New Solid-State Drive (SSD) technology can use machine learning to continuously monitor I/O statistics for anomalies that indicate malware activity. Power10 chips also include additional on-processor accelerators for AI optimization and performance. As vendors integrate more AI capabilities into IBM i malware protection, these new SSD technologies and Power10 accelerators could enhance malware detection performance and efficiency.
Few IBM i malware protection products utilize these capabilities today, but this is an area to watch for improved malware detection performance.
Further Reading: IBM Power10 Servers Now Available
Further Reading: Waiting for AI-Enhanced IBM i Anti-Ransomware Protection
Speed: The main advantage for anti-malware protection
High-performance malware detection features enable organizations to better use speed as a defensive tool against malware. To improve your security capabilities, consider using products with these features when deploying IBM i anti-malware protection.
Please contact SEA for more information on configuring IBM i security against malware attacks.
