Antivirus is Outdated. How to Embrace the Next-Generation

{authorName}

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

15 April 2021

Legacy AV tools are no longer good enough for today's enterprises. Here's what you should be replacing them with.

Article 4 Minutes
Antivirus is Outdated. How to Embrace the Next-Generation
  • Home
  • IT
  • Security
  • Antivirus is Outdated. How to Embrace the Next-Generation

All businesses now need to make their cyber security defenses a top priority. Today's threats are more complex than ever and the potential costs of data breaches are high.

For instance, IBM and the Ponemon Institute calculate that in 2020, the average data breach costs an organization $3.86 million, factoring in lost business, mitigation, compensation and other penalties. But it also revealed that those organizations with the most advanced protection technologies could cut these costs in half.

Yet for many firms, the foundation of their efforts is still old-fashioned antivirus (AV) software, even among the largest enterprises. However, the tactics used by many of today's more advanced threats have been designed specifically to bypass these defenses, which can often mean these tools don't pick up the latest attacks and could leave businesses with a false sense of security.

Why legacy AV is no longer up to the job

One of the main reasons why legacy AV tools are no longer effective is that the style of attacks used by hackers has evolved. Traditional AV solutions work on the principle of hunting for 'signatures' of known malware - strings of characters that are associated with specific threats.

This means that a legacy AV system is an inherently reactive solution, and one that's only able to work if the malware a firm encounters has already been identified and catalogued in the AV's database. Providers of this software are constantly looking for new threats and updating their databases, but it's a game of cat and mouse in which they will always be one step behind the hackers.

In fact, Ponemon estimates that more than three-quarters of compromised businesses were targeted by an unknown or zero-day attack that traditional AV tools wouldn’t be able to protect them from.

A new generation of attack types

It's not just zero-day vulnerabilities, however. Attackers are also developing new ranges of attack techniques that traditional AV tools are unable to detect. For instance, one increasingly common tactic is the use of fileless malware, which doesn’t leave a telltale footprint for AV solutions to spot.

Such attacks may take advantage of tools and operations routinely carried out by IT administrators, such as the use of Microsoft PowerShell, to avoid detection. Other techniques that are increasingly used include memory-based attacks, remote logins and macro attacks. None of these involve the introduction of new files to the system, so they’re able to bypass traditional AV tools.

Enter next-generation AV

To counter these threats, you need a more advanced solution - next generation antivirus (NGAV). This goes beyond the traditional signature-based defences used by legacy systems, using the latest technology to proactively hunt for threats that would otherwise be missed.

While NGAV is a fairly broad term, it generally describes systems that include at least some of the following:

  • Artificial intelligence (AI)
  • Machine learning algorithms
  • Cloud-based analytics
  • Behavioral monitoring and anomaly detection

It works by looking closely at not only your files, but your applications, processes and network connections to see what impact actions have. It can then spot any activities that are unusual or likely to be malicious and take steps to block them, even if it’s never seen the precise nature of the threat before.

Another key element of a successful NGAV is the addition of an endpoint detection and response (EDR) system. This offers real-time monitoring and analysis of endpoint data, in order to identify even the smallest changes in files or registries that can be indicators of malicious activity.

As many enterprises face network sprawl and the addition of many more endpoints, from mobile devices to Internet of Things sensors, EDR solutions will be essential in ensuring these parts of your network are under control.

EDR is a separate solution to NGAV, but the two often work hand-in-hand to provide you with comprehensive protection.

The key benefits of NGAV solutions

Deploying a NGAV system will help you spot a wide range of threats that would have otherwise gone unnoticed. One of the main ways it does this is through AI and predictive analytics. This can build up a picture of what your usual activity looks like in order to detect anything out of the ordinary.

But these tools do far more than simply plug any gaps in your security defenses. Among the other benefits of NGAV is that the technology is much easier to deploy and maintain than traditional AV.

While it may be a lengthy process to roll out legacy AV across a large network - with the average deployment taking three months - NGAV can be much faster to get up and running. Because it's typically delivered via the cloud, there's no extra hardware or software to install. What's more, as it doesn't rely on frequently-updated lists of signatures, it's far easier to maintain.

It's also a much more lightweight solution than traditional AV. As it takes up fewer resources on the endpoint, this eliminates any performance issues associated with scans and updates.

Further reading:

 

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Comments

Join the conversation...