It’s clear that traditional AV no longer works. It cannot stop “next-generation” attacks such as ransomware. Advanced attacks require next-generation antivirus (NGAV), which can stop more attacks and close more security gaps than traditional AV.
Upgrading to NGAV is a shift that’s happening with companies across the globe. One of them is the National Hockey League (NHL). In a recent webinar led by SANS, Ready to Replace AV? Criteria to Evaluate NGAV Solutions, Greg Notch, SVP of IT & Security at the NHL revealed why he decided to upgrade to NGAV and the criteria he used to evaluate solutions.
“More is getting through… one of the problems we were having with our traditional antivirus is keeping signatures up to date,” Notch said.
What is NGAV? See our recent blog post to learn more!
With new ransomware variants getting more sophisticated, as well as malvertising, watering hole and drive-by download attacks getting through their web filters, the NHL needed to upgrade their defenses with a new approach.
When looking for a NGAV solution, Notch looked for a solution that was low impact to the user. No execution delays, low CPU and low memory utilization were key for the NHL in selecting a NGAV solution.
As Notch said: “People already hate antivirus for what it does to the endpoints – we didn’t want to compound that problem”.
Additionally, Notch also knew he wanted heuristic behavior monitoring and a solution that was looking for the things they knew were threats, particularly around ransomware. The NGAV product needed to be able to stop new techniques such as disabling volume shadow services, using crypto APIS, and script based DLL injections.
Reputation and code-signature validation were also critical to the NHL. More specifically, code-signature validation so that he could whitelist binaries in their environment with an easy way to manage that process.
Notch’s criteria also included finding a solution with no unpacking or sandbox execution on the local endpoint. A lot of antivirus vendors do this and it can be used to compromise an endpoint rather than protect it.
After evaluating different antivirus solution, Notch chose Cb Defense. As he shared in the SANS webinar: “I personally found that Cb Defense was very easy to manage. It’s cloud-based, you put your agents on there, you dial-in your rule sets and when events come up they are easy to triage and easy to pull IOCs out of there and put them into your others tools”.
Hear more the audio clips from Greg’s SANS presentation and download the comprehensive guide from SANS ‘Replacing Traditional Antivirus’ here: Upgrading To Next-Gen Antivirus.