Traditional antivirus simply is not enough to fight the advanced, targeted attacks being used today.
So how do you fight back? What type of solution do you need to prevent the dramatic loss that can rampage through your company?
It’s time to fight back with the next generation of antivirus technology.
So what is next-generation antivirus (NGAV)?
NGAV is the evolution of traditional antivirus software, created to fill the gapping hole left by traditional AV tools by protecting against the entire scope of cyber attacks through advanced endpoint protection (AEP).
While the technical definition of what makes an antivirus “next-generation” has yet to be determined, at the minimum, it has to go beyond signature-based detection while incorporating a type of advanced technology such as artificial intelligence, data analytics, or machine learning.
How does NGAV stack up to traditional AV?
Traditional AV software works through a database of known malware characteristics. They scan the files and directories on an individual computer or device, comparing them with the information in their database. Once contaminated files or programs are detected, the AV will prevent them from running and either automatically remove them or alert the user to do so.
This solution can be effective against known malware—as long as the database is current and the antivirus version is kept up-to-date. However if new variations or strains of malware are created (and over three hundred thousand are reported each day), a traditional AV tool has no way to keep up, leaving your business open to these unknown risks.
new malicious files are detected everyday
On the other hand, NGAV can fight back against both known and unknown threats, because they are not dependent on signatures or a database of malware characteristics.
What makes a good next-generation antivirus?
With a variety of different options for NGAV tools, there are some defining characteristics that should be prioritized when looking for this technology.
Goes beyond signatures
At the core, NGAV leverages more than the indicators of compromise (IOCs) and metadata like virus definition databases and signatures, IP addresses, or URLs. This technology must use advanced data, like AI and machine learning, to detect new unknown variations and strains of malware.
Proactive, not reactive
A true NGAV needs to automatically block threats on the endpoint before they’re able to execute—and do it without user intervention.
Evolves with the attacks
The NGAV should protect your network even if it hasn’t been updated recently. This means it needs to evolve with the attacks rather than becoming less effective over time.
No cloud required
Many traditional solutions require a cloud connection and are useless without them. A NGAV needs to operate independently without a cloud connection so it can protect even offline devices.
It should be easy for your NGAV to be integrated with your existing infrastructure, demanding few resources from your computer or device.
The Challenges of NGAV
NGAV is the next step (and a good one) in the direction of greater endpoint security, keeping advanced attacks out of your systems. However, it still faces challenges, some similar to traditional AV.
1. No true behavioral analysis
NGAV still looks for specific attributes that it associates with potential threats. It is unable to account for attacker behavior, looking solely for specific characteristics to detect an attack. This leaves it open for attackers to adapt their future tactics in a way that makes them undetectable even by the next-gen solutions.
While a NGAV is still the best option in the current state of technology, that doesn’t mean it’s enough since it still cannot offer true behavioral analysis.
2. Focused on one machine at a time
Another challenge with an NGAV is that they lack the ability to cross-correlate data from multiple endpoints. They are only focused on the information compiled from one device. This allows the NGAV to see the story for one device, but not the full attack campaign across multiple devices and the entire network. While it might effectively fight the attack on one machine, the rest of the system remains open and vulnerable, leading to siloed attack analysis.
Advanced attacks don’t focus on one endpoint—their goal is to move throughout the system. Therefore, technology that only focuses on fighting one device at a time won’t give you the full picture you need to fight back.
3. Focused only on prevention
NGAV is focused on preventing attacks, and it does that very well. However, in the event that an attack makes its way onto the network, the NGAV offers little visibility into what happened or where the threat moved on the network. This is especially true as advanced attacks continue to use legitimate means such as compromised employee logins to make their way onto the network.
Prevention is only one piece of the puzzle. Businesses needs technology to detect and remediate attacks that have made it past their defenses, something that an NGAV lacks.
The ultimate security platform combines NGAV for prevention and EDR for detection
A Powerful Solution: NGAV + EDR
The ultimate endpoint security platform is one that combines NGAV, for prevention, and a tool such as Endpoint Detection & Response (EDR) to detect the malicious activities that might make their way around the antivirus.
EDR provides the full attack story in a way that NGAV cannot. This combination gives organizations confidence for both prevention and detection against even the most advanced, targeted attacks. The NGAV analyzes the behavior and threats on a single endpoint while EDR consolidates the data across all endpoints to provide a full picture of potential threats.