Next-Generation Antivirus solutions prevent all types of attacks, known and unknown, by monitoring, responding to attacker tactics, techniques and procedures (TTPs).

Let’s Define Next-Generation Antivirus (NGAV)

Next-Generation Antivirus takes traditional antivirus software to a new, advanced level of endpoint security protection. It goes beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence to:

• Detect and prevent malware and fileless non-malware attacks
• Identify malicious behavior and TTPs from unknown sources
• Collect and analyze comprehensive endpoint data to determine root causes
• Respond to new and emerging threats that previously go undetected.
  

Today’s attackers know exactly where to find gaps and weaknesses in an organization’s network perimeter security – and they penetrate these in ways that easily bypass traditional antivirus software. These attackers use highly developed tools to target vulnerabilities that leverage:

• Memory-based attacks
• PowerShell scripting language
• Remote logins
• Macro-based attacks

And because traditional AV only focuses on signature file- or definition-based threats, it cannot detect any of these environments from modern threats that do not introduce new files to the system.

However, NGAV focuses on events – files, processes, applications, and network connections – to see how actions, or event streams, in each of these areas are related. Analysis of event streams can help identify malicious intent, behaviors, and activities – and once identified, the attackers can be blocked.

This kind of approach is increasing important today, because enterprises like Major League Baseball, the National Hockey League, and other major sport organizations are increasingly finding that attackers are specifically targeting their individual networks. The attacks are multi-stage, personalized, and significantly higher risk – and antivirus solutions don’t have a chance of stopping them.

According to its 2017 Market Guide for Endpoint Detection and Response Solutions, Gartner now considers endpoint detection and response (EDR) as a foundational security capability. When it is combined with NGAV, companies can more accurately identify suspicious and unauthorized activities, preventing many of these behaviors outright and enabling the capabilities to respond and remediate advanced malicious threats faster and better than ever before.

To help NGAV solutions identify threats that slip past traditional AV, EDR provides a holistic approach to data collection, which in turn powers machine learning, predictive analytics, and behavior monitoring with a complete picture of the environment. Together, these technologies help companies monitor events and identify patterns that may be suspicious, turning them into attack visualizations that can be easily consumed by administrators and responders.

EDR can help discover even the most minute changes in files, registries, and networks that help security teams uncover malicious activity hidden in plain sight. From there, EDR helps responders contain the identified threats and block emerging, never-been-seen-before attacks that otherwise can slip through most NGAV solutions.
328% growth rate in cyberattacks per month reported in 2017

According to the State of Endpoint Security report from Ponemon Institute:

Antivirus software companies not only compete with vendors that deliver similar products, but they are also directly competing against the nefarious attackers. Head-to-head in this race, the attackers have the winning hand.

The report also notes that of those organizations that experienced an endpoint attack that compromised their company, 77% percent said the attack was a fileless attack or exploit.

Clearly, antivirus software is losing this race.