Combining the Power of NGAV and EDR
By Infogressive Team | April 9, 2019
Traditional antivirus simply isn’t enough to fight the advanced, targeted attacks being deployed today.
How do you fight back? What solutions do you need to prevent the dramatic loss that can rampage through your company?
It’s time to fight back with the next generation of antivirus technology.
What is next-generation antivirus (NGAV)?
Next-generation antivirus is the evolution of traditional antivirus software, created to fill the void left by traditional tools by protecting against the full scope of cyberattacks through advanced endpoint protection.
While the technical definition of what makes an antivirus “next-generation” has yet to be determined, at the minimum, it has to go beyond signature-based detection while incorporating a type of advanced technology such as artificial intelligence, data analytics, or machine learning.
How does NGAV compare to traditional antivirus?
Traditional antivirus software works through a library of known malware characteristics. They scan the files and directories on an individual device, comparing them with the information in the library. Once contaminated files or programs are detected, the antivirus will prevent them from running and either automatically remove them or allow the user to do so.
This solution can be effective against known malware—as long as the library is current and the antivirus version is continually updated. However if new strains of malware are created (and over three hundred thousand are reported each day), a traditional antivirus tool has no way to keep up, leaving an organization open to these risks.
On the other hand, next-generation antiviruses can fight back against both known and unknown threats, because they are not dependent on signatures or a library of malware characteristics.
What makes a good next-generation antivirus?
With a variety of different options for NGAV tools, there are some defining characteristics that should be prioritized when looking for this technology.
Goes beyond signatures
At the core, a next-generation antivirus leverages more than the indicators of compromise (IOCs) and metadata like virus definition databases and signatures, IP addresses, or URLs. This technology must use advanced data, like artificial intelligence and machine learning, to detect unknown strains of malware.
Proactive, not reactive
A true next-generation antivirus needs to automatically block threats on the endpoint before they’re able to execute—and do it without human involvement.
Evolves with the attacks
The NGAV should protect your network even if it hasn’t been updated recently. This means it needs to evolve with the attacks rather than becoming less effective over time.
No cloud required
Many traditional solutions require a cloud connection and are useless without them. A NGAV needs to operate without a cloud connection so it can protect even offline devices.
It should be easy for your next-generation antivirus to be integrated with your existing infrastructure, demanding few resources and easy management.
The Challenges of NGAV
A next-generation antivirus is the next step (and a good one) in the direction of greater endpoint security, keeping advanced attacks out of the system. However, it still faces challenges, some similar to traditional antivirus software.
1. No true behavioral analysis
An NGAV still looks for specific attributes that it associates with potential threats. It is unable to account for attacker behavior, looking solely for specific characteristics to detect an attack. This leaves it open for attackers to adapt their future tactics in a way that makes them undetectable even by the next-generation solution.
While an NGAV is still the best option in the current state of technology, that doesn’t mean it’s enough since it still cannot offer true behavioral analysis.
2. Focused on one machine at a time
Another challenge with an NGAV is that they lack the ability to cross-correlate data from multiple endpoints. They are only focused on the information compiled from one device. This allows the NGAV to see the story for one device, but not the full attack campaign across multiple devices and the entire network. While it might effectively fight the attack on one machine, the rest of the system remains open and vulnerable, leading to siloed attack analysis.
Advanced attacks don’t focus on one endpoint—their goal is to move throughout the system. Therefore, technology that only focuses on fighting one device at a time won’t give you the full picture you need to fight back.
3. Focused only on prevention
A next-generation antivirus is focused on preventing attacks, and it does that with great success. However, in the event that an attack makes its way onto the network, the NGAV offers little visibility into what happened or where the threat moved on the network. This is especially true as advanced attacks continue to use legitimate means such as employee logins to make their way onto the network.
Prevention is only one piece of the puzzle. Companies need technology to detect and remediate attacks that have made it past their defenses, something that an NGAV lacks.
A Powerful Solution: NGAV + EDR
The ultimate endpoint security platform is one that combines NGAV, for prevention, and a tool such as Endpoint Detection & Response (EDR) to detect the malicious activities that might make their way around the antivirus.
EDR provides the full attack story in a way that NGAV cannot. This combination gives organizations confidence for both prevention and detection against even the most advanced, targeted attacks. The NGAV analyzes the behavior and threats on a single endpoint while EDR consolidates the data across all endpoints to provide a full picture of potential threats.
If prevention fails, you need visibility into what happened. Combining the power of NGAV and EDR offers security to your network, no matter how basic or advanced the threat may be.