In last week’s post, we discussed the first three capabilities you should consider in replacing your traditional antivirus with a next-generation antivirus (NGAV):
Checklist Category #1: Protection from the Full Range of Modern Attacks
Checklist Category #2: Extensible Cloud Security Intelligence and Analytics
Checklist Category #3: Visibility and Context into Attack and Detection Events
In today’s post, we continue to put you, the reader, in the driver’s seat when it comes to re-thinking your endpoint defenses and provide you with checklist items four through six to consider as you make your decision to transition to NGAV.
After all, once you have been informed, you still need to determine the best path forward for your security program.
Your Next-Gen AV (NGAV) Capabilities Checklist, Part 2
Checklist Category #4: Integrated Rapid-Response Capabilities
Not every attack can be prevented. If they could, we wouldn’t need any humans in security. So attacks happen, and when they happen, the faster and more conclusively your team can respond, the better. Being able to quickly stop the bleeding, investigate, and ultimately clean up the environment is crucial.
Your NGAV solution should make it easy to:
- Delete malware or temporary files across the organization
- Stop network activity for a specific process
- Quarantine a system and isolate it from the network
- Blacklist files from executing anywhere in the environment
Checklist Category #5: Lightweight Operations
We’ve all experienced antivirus grinding our computer to a halt while it scans the drive. Thankfully, those days are gone. Next-generation antivirus should be lightweight on the system and easy to administer so it doesn’t slow you or your users down. It’s about adding a lot of value without productivity loss or environmental impact. It’s about letting your users be productive and enabling your security team to focus on the actual security aspect of their jobs.
Your NGAV solution should:
- Deploy to your endpoints quickly and effortlessly
- Uninhibit the end-user’s productivity or typical user experience
- Exhibit lightweight resource usage on the endpoint
- Provide cross-platform support: Windows & Mac
Checklist Category #6: A Platform that Grows with Your Users, Systems and Teams
You have different assets and different business units, and they require different strategies for protection. Servers, for example, don’t change as often and (should) have highly restrictive protection policies. Meanwhile, your developers need more flexibility and exhibit more entropy. Your solution must adapt to the needs of your culture and guide your security program to lower risk through higher maturity levels.
Your NGAV solution should be part of a platform that provides:
- Group-based policies that allow for different security strategies to different systems
- Upgrade path to advanced incident response and threat hunting for SOCs and IR teams
- Upgrade path to default-deny and lockdown policies for sensitive or high-risk systems
- Upgrade path to app control, device control, and file integrity monitoring for servers and critical systems
The Antivirus Replacement Checklist provides:
- A list of features you need to prioritize for possible NGAV solutions
- Guidance on how to find a solution that will stop more than just malware
- Criteria you can use to make sure a solution will be the best fit for your organization.