How is next-generation AV different?

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

How is next-generation AV different?

There is a lot of buzz in the IT world about Next-Generation Antivirus (NGAV), but what’s the difference compared to traditional antivirus?

Traditional antivirus relies on signatures. A signature is like a fingerprint, a way to uniquely identify each malware item. The antivirus vendors attempt to obtain every single malware in existence to take their fingerprints. When your antivirus updates it is receiving the latest set of fingerprints. If you encounter a new strain of malware before your antivirus vendor does, your antivirus won’t detect it. Unfortunately the malware writers can just make a trivial change to their code and the fingerprint changes too.

NGAV analyses the behaviour of each program running on your device. If a program is opening multiple files, encrypting them, then deleting the original then that’s behaving like ransomware. It will stop the program and move it to the quarantine. It does not rely on the vendor having seen that exact malware before.

Other NGAV features vary between vendors, but some useful ones are:

  • Attack forensics - View the chain of events of a particular attack, which files were touched, etc
  • Sandboxing - Run a suspicious application in a safe sandbox before allowing it to run in your environment
  • Risk analytics - Get notified of risks within your organization such as misconfigurations, vulnerabilities etc
  • Device roll back - Roll a device back to the state it was in before the attack
  • Ransomware warranty - The vendor will pay compensation if due to ransomware the device roll back feature was not able to restore the device to the state it was in before the attack
  • Self Isolation - When a threat is detected, isolate the device from the network until the threat has been resolved

Contact us to improve your organisation’s security

Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand