In 2014, an executive from Symantec was interviewed by the New York Times and said that antivirus is 51% effective. To cybersecurity professionals, this was not a big surprise: those in charge of keeping our networks safe were already acting under the assumption that anti-virus would not help them out on a rainy day.
For the rest, it was an amazing statement coming from the antivirus company who had over 25% of the market share. It begs the questions, if legacy AV is so ineffective, why stick with it and what’s the alternative?
This guide outlines how next-generation antivirus differs from traditional antivirus solutions, and why CISOs and business leaders are moving away from the obsolete model of legacy AV and choosing more effective solutions.
What Is Next-Generation Antivirus?
In contrast to legacy antivirus technology, next-generation antivirus (NGAV) advances threat detection by finding all symptoms of malicious behavior rather than focusing on looking only for known malware file attributes.
Traditional antivirus software, while sometimes effective, doesn’t track and inspect a potential virus. Instead, traditional AVs use signature-based detection methods, which threat actors have learned, a long time ago, how to evade.
To combat evolving cyberattacks, next-generation antivirus employs machine learning and predictive modeling techniques to establish predictive analytics that identify malware and malicious behavior before it has the chance to compromise your security protocols.
How Next-Gen Antivirus Works
Next-generation antivirus uses a combination of artificial intelligence, behavioral detection, and machine learning algorithms to identify threats. NGAV is cloud-based and doesn’t require integration into organizations’ tech stacks, which simplifies deployment and management while maintaining to-the-minute updates that combat the quickly evolving techniques and tools employed by hackers, scammers, and other types of cyber criminals.
Next-Gen AV vs. Legacy AV
Unlike traditional AV, next-generation AV (NGAV) identifies malicious activity using a system-centered, technical approach that examines every process on an endpoint. This allows next-gen AV to proactively detect and block the tools and tactics hackers use to gain entry. While traditional AV is focused on detecting malware at the endpoint alone, NGAV addresses a larger range of modern threat scenarios including ransomware and fileless attacks.
By looking at the whole context rather than just isolated incidents, next-gen AV offers a more effective means of recognising and deterring unknown malware and sophisticated attacks. This rich contextual information allows NGAV to understand the cause of the attack and thus prevent future ones. Rapid deployment and cloud access are also key features of next-gen AV.
Overall, next-gen antivirus offers increased endpoint detection, better response capabilities, and a greater number of preventative measures. In many cases, it can entirely replace traditional endpoint protection products.
Focus On Behavior, Not Identity
The key is to prevent anything that can be prevented pre-execution and to deal with what cannot by looking at the behavior of processes executing on the endpoint. This is effective because, despite the large and increasing number of malware variants, they operate in very similar ways. The number of malware behaviors is considerably smaller than the number of ways a malicious file might look, making this approach suitable for prevention and detection.
What to Look for in an NGAV Solution
1. EDR Capabilities
When considering a NGAV solution, look for endpoint detection and response (EDR) capabilities that utilizes AI and machine learning to provide real-time detection and prevention to complex threats.
2. Local and Autonomous
Look for a NGAV solution that is local and autonomous, meaning it works equally well with or without a network connection. In other words, the agent is not reliant upon cloud connectivity to the EPP/EDR management console for protection against malware, ransomware, and zero-day attacks.
3. Threat Intelligence Integration
Finally, look for NGAV solutions that integrate threat intelligence. Integrated threat intelligence enables security teams to immediately assess the impact, severity, and origins of threats, as well as receive guidance for response and remediation.
The Benefits of Switching to NGAV
With more effective technologies now available, enterprise customers need to consider the following benefits of moving away from legacy AV:
1. Reduce Operational Costs
It is hard to measure the overall cost of running outdated technology that may make you vulnerable to cyber threats. NSS Labs is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. Every year, they conduct a comparative test with all endpoint security players. NSS Labs identified SentinelOne as having the best overall TCO over a three-year period.
2. Boost Protection
As mentioned before, as early as 2014 legacy AV leaders already openly admitted the limitations of their capabilities. Since then, adversaries have improved their malicious techniques, easily bypassing traditional security products with techniques like fileless malware and PowerShell exploits. Get ahead of the attackers and prevent advanced attacks with next-generation technology.
3. Save Time
Time is a major factor when it comes to your security. The entire concept of dwell time – the time from adversary penetration to detection or mitigation is on average at least 90 days. Meanwhile, your security experts are wasting valuable time collecting evidence of a breach. You want your security team to focus on what matters, not looking for a needle in a haystack.
4. Improve ROI
In the beginning there was just AV. Then, another agent to cover advanced threats. Then an additional agent that can provide visibility. On top of that, another one to report applications from a vulnerability scan. And so it goes on. More agents running in parallel on your endpoint means more performance impact. With a next-gen AV solution like SentinelOne, you can block malware, respond to threats, and maintain compliance with just one solution.
5. Make the Software Work For You
A characteristic of legacy AV is that it requires highly-trained staff to operate and interpret. Where are all those alerts coming from and are they connected? Which ones are false positives, and why are people in Marketing complaining they can’t access their computers? SentinelOne’s next-gen AV takes the pain out of incident management. Attacks are automatically grouped together and a single alert identifies the threat and reveals the entire attack storyline, right back to the source.
6. Integrate Your Security Solutions
With the security industry as a whole experiencing a sharp cyberskills shortage, an endpoint security solution should integrate with your existing software stack and not create more work for your SOC team or IT administrators. In other words, you want an automated system with a set of rich, native APIs. SentinelOne provides a full Rest API to support integration with your existing solutions.
7. Reduce Post-Breach Costs
There’s no such thing as the perfect security solution, but post-breach you want to be able to make sense of the attack quickly and easily. An easy-to-use management console that presents the entire attack storyline can help you to quickly close out vulnerabilities and even track down the individuals responsible. The faster you can put things to rights, the lower the financial impact on the enterprise.
How Can SentinelOne Help?
SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects and responds to attacks across all major vectors. Designed for extreme ease of use, the SentinelOne platform saves customers time by applying AI to automatically eliminate threats in real time for both on-premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint.
With SentinelOne, administrators have access to a single product that provides deep expertise in multiple areas. A single product, it is both a jack of all trades and a master of all trades. SentinelOne protects Windows, macOS, and Linux systems alike, and, as protection can be carried out by an autonomous agent independent of internet connectivity, it can even protect air-gapped systems. Administrators who choose SentinelOne will have access to a versatile multi-platform product which encompasses multiple layers of defense.