What is Next-Generation Antivirus (NGAV)? via Carbon Black
In information security, the mere mention of the word “antivirus” elicits a largely unfavorable response. I’ve heard some descriptions from infosec pros that include: “not enough,” “ineffective,” and “archaic.”
There’s merit to these claims. Antivirus has long been the most ubiquitous endpoint-security technology in the world. And, for a time, it was enough. Antivirus (AV) was able to stop “most” malware attacks. As attacks evolved, antivirus remained stagnant. Breaches occurred. Data was stolen. Headlines cemented indelible reputations for businesses.
Today, signature and heuristic-based antivirus, the very kind that protected us for years, catches less than half of noteworthy malicious events. If a business is using traditional AV, it is essentially calling “heads” or “tails” on its data security.
Unsurprisingly, very few businesses are satisfied with those odds. Increasingly, leaders from businesses around the world are turning to protection that is nearly 100 percent effective in stopping attacks – “next-generation antivirus” (NGAV.)
Next-Generation Antivirus (NGAV) Defined
NGAV is the natural (and much needed) evolution of traditional AV that protects computers from the full spectrum of modern cyber attacks, delivering the best endpoint protection with the least amount of work. NGAV speaks to a fundamentally different technical approach in the way malicious activity is detected and blocked.
NGAV takes a system-centric view of endpoint security, examining every process on every endpoint to algorithmically detect and block the malicious tools, tactics, techniques and procedures (TTPs) on which attackers rely.
NGAV does four, critical things to protect businesses:
1 – Prevents commodity malware better than traditional AV
2 – Prevents unknown malware and sophisticated attacks by evaluating the context of an entire attack resulting in better prevention.(traditional AV does not)
3 – Provides visibility and context to get to the root cause of a cyber attack and provide further attack context and insight (traditional AV does not)
4 – Remediates attacks (traditional AV simply stops mass malware)
Additionally, NGAV is easy to deploy and easy to administer from the cloud.
Put another way, NGAV is traditional AV “on steroids” offering superior prevention than traditional AV coupled with cutting-edge endpoint detection and response (EDR) capabilities.
NGAV helps customers reduce what they have to worry about, what they spend their time on by an order of magnitude. Because time is in very short supply, NGAV is also about being easy. After all, we don’t have a chance if we don’t let security teams do security.
No more spending lots of time pushing out signatures or worrying about how to administer your security stack. Install it, and if you don’t have much time that’s fine. And, best of all, if you have more time, you can do more investigation, more remediation in the same product. It’s a new cyber weapon, and it’s time to decide how it can work for you. It’s time to replace traditional AV.
Replacing Traditional AV
Organizations from around the world, including Major League Baseball and the National Hockey League are replacing their traditional AV solutions with NGAV.
To learn more about how organizations are making this decision, what factors they are considering, and the successes they’ve seen during implementation, view this free webinar from the SANS Institute.