The need for antivirus protection came to us just shortly
after computers started talking to each other. For years
most people needed to install and maintain an up-to-date
antivirus program to remain unaffected by malicious
activity. Cybersecurity threats have advanced
significantly since then. Fortunately for us, a new
generation of defences has evolved along with them.
What’s wrong with traditional antivirus
Most of us know what antivirus solutions do for us. We may not all know the technical details, but we get it. Special software is needed to protect your computer (often referred to as an “endpoint”) from malicious intent that may lie in wait. Antivirus software is installed on a computer and, as long as it is updated regularly, it monitors files for bad code and quarantines them if issues are detected.
This essential premise has not changed – you still need to protect yourself against malicious code being propagated by nefarious individuals; what has changed is the method of attack, what is attacked and the resulting outcome.
Traditional antivirus has become a victim of its own success. Attackers now know where the defence is installed and how it scans and searches for the viruses, and they have exploited the fact that traditional software relied on “updates,” or signature files that told the antivirus software what to look for. In most cases this meant looking for a particular bad file that had been unwittingly installed.
The traditional defence also came into play primarily during the scan, when the antivirus software would run scheduled investigations looking for trouble. What this meant was that, in the time between scans, there was vulnerability.
Since then, traditional antivirus software has become susceptible to newer attack scenarios like:
- memory-based intrusions
- PowerShell scripting language weaknesses
- macro-based attacks
- remote log-in masking and cracking
What are “next gen” antivirus solutions?
The single largest advantage of next-generation antivirus (NGAV) solutions is that they not only prevent many different types of attacks, but they also are no longer tied to the target computer and can actually learn from attacks as they happen.
While traditional defensive software depended on the placement of a file (or the manipulation of code in an existing file), NGAV no longer has this limitation, as it is focused on events. Events involving things like processes, applications, network connections or even files are monitored and malicious intent determined based on how these events change as the result of attacks.
NGAV is a significant step forward in several aspects:
- First, NGAV applications tend to be cloud-based. This means a lower dependency on local installations, and new information can continually, and more quickly, be shared with all subscribers – no need to wait for scheduled updates.
- Second, NGAV has taken advantage of advancements in the area of machine learning. Essentially, the NGAV programs are capable of learning what the normal operation of your programs looks like and able to identify deviations caused by malicious code.
The newer capabilities also include some extremely complex advancements in the areas of threat intelligence and behavioural analysis. These carry extreme value in that the systems are able to monitor and identify not just malicious programs, but also the impacts those programs have. Essentially, any changes impressed on the target system are identified right away by the impact they have. Rather than the system needing to wait for a file definition update to tell it there is new malicious code to watch for, the NGAV discerns the change in normal operation and takes action. With this significantly improved threat intelligence, the defence can be executed lightning fast.
Next gen versus traditional
The biggest difference between the traditional and NGAV programs is one of timing. Traditionally, your defences were reactive to intrusion: Attackers developed a new way to attack, and once those attacks were encountered, studied and built, updates were made available to prevent those exact problems in future. With the machine learning and artificial intelligence of new systems, a proactive approach is now available.
The advantages of NGAV are furthered by the fact that business networks, and even those at home, are increasingly more interconnected with various types of devices. It is commonplace now for even small to medium-sized (SMB) organizations to have multiple layers of connected devices. Servers, computers, mobile devices and network gear all create entry points for malicious software and need to be protected. Before NGAV, each one of these would need their own versions of antivirus software, and each would come with its related maintenance and updates.
Cybersecurity importance has continued to rise over the last few years. Ransomware, malware and denial of service attacks are on the rise, and smaller organizations are just as vulnerable as larger targets. Even most business insurance companies are now offering cybersecurity coverage due to the prevalence of these activities. Without proper coverage, your data – including customer and transactional details – can be copied, shared or held for ransom. But with these next-generation antivirus solutions, you can help protect your electronic assets.
The information provided on this page is intended to provide general information. The information does not take into account your personal situation and is not intended to be used without consultation from accounting and financial professionals. Allan Madan and Madan Chartered Accountant will not be held liable for any problems that arise from the usage of the information provided on this page.