Recommended
More Related Content
What's hot
What's hot (20)
Similar to What is Next-Generation Antivirus?
Similar to What is Next-Generation Antivirus? (20)
Recently uploaded
Recently uploaded (20)
What is Next-Generation Antivirus?
- 2. Traditional Antivirus No Longer Works
- 3. EMAIL SCANNER TRADITIONAL ANTIVIRUS Traditional AV takes a malware-centric view of endpoint security; identifying malicious software by matching it to pre-identified signatures and heuristics. Malware identification Signatures & heuristics Decide once, forget forever PERSONAL FW URL SCANNER
- 4. Next-Gen Antivirus A Whole New Approach To Stopping Cyber Attacks
- 5. NEXT-GENERATION ANTIVIRUS NGAV takes a system-centric view of endpoint security, examining every process on every endpoint to algorithmically detect and block the malicious tools, tactics, techniques, and procedures upon which attackers rely. Long-term analysis to detect attacker patterns Data science & threat intelligence Deep attack context & insight
- 6. NEXT-GEN AV: System-Centric vs Malware-Centric • File attributes • File contents • File heuristics • Access patterns • Registry • Configuration • Network Activity • System Calls • File attributes • File contents • File heuristics NEXT-GEN AV TRADITIONAL AV Holistic monitoring of every process over time, whether malicious or not Point-in-time identification of malware based on simple rules
- 7. NEXT-GEN AVTRADITIONAL AV Ineffective protection that is easily bypassed by the modern attacker Targets all the attacker’s tools, techniques, tactics, and procedures
- 8. © 2016 Carbon Black. All Rights Reserved.
Editor's Notes
- This is the tech-talk for NGAV (Next-Gen Antivirus) This presentation can be given to a regional group as a vendor-agnostic description of NGAV Can be broken up into pieces Reference material for how Carbon Black defines and talks about NGAV technology
- The conclusion is that traditional antivirus no longer works. As a market we are seeing this happen quickly Over the last 12 months companies everywhere are questioning the effectiveness of AV They are looking for newer technologies that address modern day threats That’s created the opening for next-generation antivirus
- So let’s get a good understanding of what traditional AV is, and why it doesn’t work That way we can understand why next-gen AV does work Traditional AV has been around for decades It takes a malware-centric view of protecting the endpoint It sits on the endpoint and looks for malicious software that comes on the machine and stops it It also looks for processes that are executing actions known to be bed And it stops them It relies on signatures and some basic heuristics to identify that malware and make a decision – stop that process or let it go Once that decision is made, the software that you let run can run and do whatever it wants This worked 20 years ago, and it may have worked 10 years ago, but it doesn’t work today Furthermore, even though antivirus has multiple layers (personal firewall, url scanning, email scanning), these are all built on the same fundamental malware-centric technology This doesn’t work against today’s threats
- So with that as a backdrop, we have to look as an industry at how to stop attackers It’s not just the malware we want to stop There are all sorts of ways to get around antivirus There are ways to leverage the expertise of other attackers There are ways to do what you want to do without malware So next-gen AV is defined as AV that stops the attacker, and not just the malware
- Next-gen antivirus takes a system-centric view of endpoint security So it is looking at a computer – desktop, laptop, server It examines every single process It watches those processes execute over time It algorithmically detecting and blocking malicious tools, tactics, techniques, and procedures that the attackers rely on What that means is it’s watching processes, how they behave, how they interact It’s looking for patterns that are indicative of malicious intent And it then stops those processes, whether they are known to be malicious or they are good software (like Powershell) that’s been taken over for malicious use Getting to the next level, see the picture in the center here – next-gen AV looks at every process and conducts a long-term analysis, not just that one-time analysis like traditional AV It’s being fed by data science and threat intelligence that’s collected and processed in the cloud It comes down to the local system to identify these patterns Because of that you get significant context and insight about the attack You can see how it got there, what it tried to do – this context is a hallmark attribute of next-gen AV So overall – this is the definition of next-gen AV, it’s very different than traditional AV
- Now that we understand how TTPs are used to stop attackers, let’s talk a little more about the differences between next-gen AV and traditional AV First is something we’ve already discussed – NGAV is system-centric, and traditional AV is malware-centric What that means on the NGAV side is holistic monitoring of every process So you don’t know if a process is good or bad, so you watch every process on the machine and trace its behavior You’re not just looking at the file, you’re also looking at what it’s accessing, how it manipulates the registry, what’s happening on the network – all those data points go into that map that gets built and evaluated With traditional AV, it’s that point-in-time analysis to identify malware, using very simple rules Matches a signature, matches very specific behavioral activities (like scraping a password file) Because the data is so limited in traditional AV, it can’t be nearly as effective
- To summarize Traditional AV is ineffective – it’s easily bypassed by modern attacks But NGAV targets the attackers tools, techniques, tactics, and procedures Through that it is able to stop more attacks, see more threats, and close security gaps
- Thank you!