Next-Generation Antivirus solutions prevent all types of attacks, known and unknown, by monitoring, responding to attacker tactics, techniques and procedures (TTPs).
Let’s Define Next-Generation Antivirus (NGAV)
Next-Generation Antivirus takes traditional antivirus software to a new, advanced level of endpoint security protection. It goes beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence to:
- Detect and prevent malware and fileless non-malware attacks
- Identify malicious behavior and TTPs from unknown sources
- Collect and analyze comprehensive endpoint data to determine root causes
- Respond to new and emerging threats that previously go undetected.
Today’s attackers know exactly where to find gaps and weaknesses in an organization’s network perimeter security – and they penetrate these in ways that easily bypass traditional antivirus software. These attackers use highly developed tools to target vulnerabilities that leverage:
- Memory-based attacks
- PowerShell scripting language
- Remote logins
- Macro-based attacks
And because traditional AV only focuses on signature file- or definition-based threats, it cannot detect any of these environments from modern threats that do not introduce new files to the system.
However, NGAV focuses on events – files, processes, applications, and network connections – to see how actions, or event streams, in each of these areas are related. Analysis of event streams can help identify malicious intent, behaviors, and activities – and once identified, the attackers can be blocked.
This kind of approach is increasing important today, because enterprises like Major League Baseball, the National Hockey League, and other major sport organizations are increasingly finding that attackers are specifically targeting their individual networks. The attacks are multi-stage, personalized, and significantly higher risk – and antivirus solutions don’t have a chance of stopping them.
According to its 2017 Market Guide for Endpoint Detection and Response Solutions, Gartner now considers endpoint detection and response (EDR) as a foundational security capability. When it is combined with NGAV, companies can more accurately identify suspicious and unauthorized activities, preventing many of these behaviors outright and enabling the capabilities to respond and remediate advanced malicious threats faster and better than ever before.
To help NGAV solutions identify threats that slip past traditional AV, EDR provides a holistic approach to data collection, which in turn powers machine learning, predictive analytics, and behavior monitoring with a complete picture of the environment. Together, these technologies help companies monitor events and identify patterns that may be suspicious, turning them into attack visualizations that can be easily consumed by administrators and responders.
EDR can help discover even the most minute changes in files, registries, and networks that help security teams uncover malicious activity hidden in plain sight. From there, EDR helps responders contain the identified threats and block emerging, never-been-seen-before attacks that otherwise can slip through most NGAV solutions.
328% growth rate in cyberattacks per month reported in 2017
According to the State of Endpoint Security report from Ponemon Institute:
Antivirus software companies not only compete with vendors that deliver similar products, but they are also directly competing against the nefarious attackers. Head-to-head in this race, the attackers have the winning hand.
The report also notes that of those organizations that experienced an endpoint attack that compromised their company, 77% percent said the attack was a fileless attack or exploit.
Clearly, antivirus software is losing this race.
To fully unleash NGAV and EDR solutions, companies must take advantage of the cloud and its immense computational power, unlimited scalability, and ease of management. Taking endpoint security to the cloud ensures a proactive, rather than reactive approach that combines big data with powerful analytics to help outsmart the latest, most threatening emerging attacks.
For example, the cloud enables streaming analytics, where normal and abnormal endpoint activity can be monitored and compared to any unfiltered historical endpoint data. By analyzing these event streams and comparing them to what looks like normal ones, the cloud creates a global threat monitoring system that not only detects attacks, but predicts ones that have never been seen before. This powerful approach is simply not possible with traditional AV solutions.
NGAV in the cloud also offers bi-directional communication with endpoints, so that all unfiltered endpoint data can be monitored and turned into predictive analytics that proactively protects companies from sophisticated attacks.
Plus, the cloud provides the infrastructure benefits that most companies are already experiencing with other enterprise software – simplified, less costly operations, faster deployment, and the latest and most innovative technology.