How is next-generation AV different?
- Details
- Created: Friday, 24 July 2020
- Written by Paul Grigg
There is a lot of buzz in the IT world about Next-Generation Antivirus (NGAV), but what’s the difference compared to traditional antivirus?
Traditional antivirus relies on signatures. A signature is like a fingerprint, a way to uniquely identify each malware item. The antivirus vendors attempt to obtain every single malware in existence to take their fingerprints. When your antivirus updates it is receiving the latest set of fingerprints. If you encounter a new strain of malware before your antivirus vendor does, your antivirus won’t detect it. Unfortunately the malware writers can just make a trivial change to their code and the fingerprint changes too.
NGAV analyses the behaviour of each program running on your device. If a program is opening multiple files, encrypting them, then deleting the original then that’s behaving like ransomware. It will stop the program and move it to the quarantine. It does not rely on the vendor having seen that exact malware before.
Other NGAV features vary between vendors, but some useful ones are:
- Attack forensics - View the chain of events of a particular attack, which files were touched, etc
- Sandboxing - Run a suspicious application in a safe sandbox before allowing it to run in your environment
- Risk analytics - Get notified of risks within your organization such as misconfigurations, vulnerabilities etc
- Device roll back - Roll a device back to the state it was in before the attack
- Ransomware warranty - The vendor will pay compensation if due to ransomware the device roll back feature was not able to restore the device to the state it was in before the attack
- Self Isolation - When a threat is detected, isolate the device from the network until the threat has been resolved
Contact us to improve your organisation’s security
