Most firms are still using traditional anti-virus vendors such as Webroot, Kaspersky or Tend Micro. These anti-virus programs work on a “signature database” model where files are being scanned and compared against a database, i.e. a list of known viruses and corresponding file names. Once a virus is detected, the virus is either quarantined or cleaned with vaccines.
There are a few issues with a signature based AV system:
- The growth in the number of threats that are being released continues to grow tremendously, thus putting a strain on the traditional AV vendors to quickly release updates that include the latest threats. This leaves a vulnerability gap within the AV product from the time an anti-malware program is released into the wild, till the time the AV vendor detects the malicious program and releases an update to account for that. During this gap, each device that is using that vendors AV program is vulnerable to that new attack.
- The update requires an always on internet connection and confirmation that the device is able to download the latest updates. In the event the PC cannot download those signature udpates, the device is vulnerable to attacks that have been released since the last update was successfully applied.
- Hackers are actively working to bypass signature based AV solutions, as this is still the predominant type of AV used today. Changing a virus to a different name or changing a few lines of code can circumvent a signature based system. This makes it easier for hackers to quickly release variants to their malicious code.
Next Generation Anti-Virus products differs from traditional antivirus solutions by incorporating many extra features, such as the ability to learn the behavior of the endpoint in which the solution is installed, identifying any anomalous behavior without querying a signature database or vaccines. Improved environment analysis and unknown threat detection techniques also enable greater efficiency without consuming computing power or requiring frequent update downloads.
In addition to its focus on digital threat prevention, NGAV also protects the system against zero-day exploits (wherever it is written in the case of files with PDF, DOC, and DOCX extensions, as well as executables) to handle malicious code and infect the endpoint. Subscription-based antivirus does not easily detect this type of attack.
There are a few Next Generation AV products available in the market today:
- Deep Instinct
are a few that are gaining market share in the industry.
Traditional antiviruses are no longer an effective means of protecting IT environments in the current cyber security scenario. You need to analyze your environment, what level of protection your endpoints require, and the options for implementing a NGAV.
In any case, it is much easier to prevent than to remediate a cyber attack.