Next Generation Antivirus is considered a step forward in antivirus (AV) solutions capabilities, and leverages known, signature-based prevention techniques in combination with extended detection and response (XDR) capabilities that incorporate artificial intelligence (AI) and/or machine learning (ML). By leveraging advanced analytics to correlate alerts from multiple telemetry sources, NGAV可以快速识别可操作的威胁情报,以更快地预测和预防威胁.
NGAV以基于云的软件的形式部署,对系统和系统的影响较小 endpoints, and is increasingly the more common type of AV in organizations and enterprises.
In a sense, when XDR and NGAV work together, 它们既保护了网络边界,又扩展了网络之外的威胁检测技术. EDR happens at the endpoint that lies inside of that security perimeter. Bad actors could still find a way to an endpoint like a phone or laptop, so a good EDR solution is a last line of defense.
Again, it's the broad versus the specific here. As mentioned above, a modern NGAV solution is designed to leverage advanced analytics to secure, anticipate, and defend against threats at and beyond the network perimeter. 反恶意软件解决方案主要用于扫描单个系统,以查找绕过安全控制的恶意软件.
NGAV works by detecting and preventing malware and fileless attacks. It leverages pre-execution methodologies to protect against tactics, techniques, 和程序(TTPs)以及恶意行为,这些恶意行为是由不良行为者有意使用的,或者是由具有适当资格的人无意中使用的. 让我们仔细看看NGAV解决方案是如何实现其检测和预防目标的:
NGAV解决方案和服务提供商通常将技术设计为快速启动和运行的方式,而不会影响网络系统或端点的性能.
When we talk about NGAV, those last two letters still loom large within culture. The term “antivirus” has been a part of computer-using society for decades, 所以有必要问一个问题:现代NGAV和传统的AV观念到底有什么不同?
反病毒主要侧重于保护端点和/或快速移除受影响的设备,这些设备可能是大型关键基础设施的一部分, thus causing potentially larger disruption among unaffected devices. This could lead to a business enduring significant financial and reputational damage.
NGAV moves beyond these traditional AV processes, 阻止各种攻击-包括无文件恶意软件-跨越整个端点生态系统. NGAV的主要目标是检测和防止攻击到达整个网络的关键端点. Not only that: Via ML and AI learning, it can help put a stop to evasive actions. More detection technology won’t solve the problem of malware and other threats, 相反,它是专注于预防的更智能的检测,将使攻击者处于防御状态.
One last key difference is focused on the previously mentioned concept of learning. Traditional AV can be heavy on an endpoint, 这意味着它并没有真正的能力去适应系统的独特行为——它就是这样, and that’s all it will ever be. NGAV, on the other hand, can learn from past behaviors of the endpoints, systems, and networks on which it’s installed. 这就是为什么它如此擅长于在杀戮链中更早地发现逃避行为和阻止威胁.
与传统的AV相比,NGAV的好处很多,可以加速组织的发展 network detection and response (NDR) program.
For businesses and security organizations to stand against modern threats, they must attempt to outpace bad-actor use of NGAV-thwarting technology. This includes blocking known and unknown threats sooner in the killchain, cutting off endpoint and deep-system access, or even preventing network access entirely. 传统的反病毒通常使用基于签名的检测方法,而NGAV则结合了基于签名的检测方法, AI, and ML to surface the TTPs used by today’s attackers.
As previously mentioned, ML和AI赋予NGAV解决方案适应其任务保护系统中的特定行为的能力. 这有助于分析人员更深入地了解他们的端点和网络系统,以便他们可以防御威胁,并根据可能指示即将发生的攻击的遥测设计更好的保护措施.
NGAV solutions are generally designed to be lightweight, 不会降低系统运行速度的附加技术,从而降低安全人员的工作效率. 它通常占用空间小,可以快速部署,驱动关键洞察,并更快地启用 mean-time-to-respond (MTTR) with actions like automated-asset and process containment.
With lower operational costs, more efficient threat intelligence and detection capabilities, and comprehensive coverage, NGAV解决方案通常是希望进一步整合整个技术堆栈的安全专业人员的理想选择. As a value-add for an existing detection and response (D&R) solution an organization may already have, NGAV can accelerate the breaking down of silos between security practices. This can be a productivity, efficiency, and growth driver for security operations centers (SOCs) that may already be stretched thin.
就像任何解决方案一样——尤其是在一个名称中有“下一代”这个时髦短语的类别中购买——有很多选择和潜在的供应商. 因此,最好知道如何找到一个可以根据您的独特环境定制NGAV解决方案的解决方案.
Antivirus: Latest Rapid7 Blog Posts
Rapid7 Research: Encapsulating Antivirus (AV) Evasion Techniques in Metasploit Framework