Please note we have recently updated our Privacy Policy, effective May 24, 2018. You may view the updated Privacy Policy here.
By using this website, you consent to the use of information that you provide us in accordance with the Privacy Policy.


Replacing Traditional Antivirus with Next-Generation Antivirus: 7 Steps to Conduct the Test Drive

January 4, 2017 / Ryan Murphy

(Editor’s Note: The content below derives from the recently published SANS Guide “Out with the Old, In with the New: Replacing Traditional Antivirus.”)

Attacks today are complex. You need to test Next-Generations Antivirus Solutions (NGAV) to deal with known and unknown malware, signature and signature-less attacks, integration with intelligence, response and many other automated capabilities and features.

 7 Steps t0 Conduct the Test Drive to Replace AV with NGAV

SANS recommends the following evaluation steps:

1. Configure your evaluation environment.

• Pick a sample of the different types of machines that you manage (e.g., Windows 7, 8 and 10 workstations, laptops).
• Image the test machines based on the standard configuration for the organization’s endpoint.

2. Evaluate from the viewpoint of your main users: endpoint users and administrators. There is nothing more frustrating than choosing a product that makes administration more difficult and/or generates constant calls to the help desk.

3. Establish possible use cases and evaluation objectives, including:

• Phishing attack
• Infected bring-your-own-device (BYOD) equipment or machine
• Latent ransomware
• Targeted or insider threat

4. If evaluating more than one product, try to maintain consistency across all the products being evaluated. For each use case, develop a well-defined scenario that:

• Outlines the steps in the use case.
• Accounts for what the NGAV should show.
• Documents the anticipated performance and outcomes based on your preliminary review of the product’s features.

5. Create a scorecard that includes operational requirements and the functionality needed on a 1–10 basis. Again, remember to apply the same standard as you evaluate all products.

6. Create appropriate evaluation documents and scripts based both on the scenario(s) and previous product evaluation results.

7. Conduct the evaluation, document results and determine the leading product(s) and vendor(s) for further consideration.


To view the product requirements to consider when replacing traditional AV with NGAV, download the free SANS Guide “Out with the Old, In with the New: Replacing Traditional Antivirus.”


TAGS: Carbon Black. NGAV / Next-Generation Antivirus