Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is an excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black’s NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo, every Wednesday at 2PM EST, 11AM PST.
Preparing for NGAV at Scale
Stopping Attacks in Progress Starts with Asking the Right Questions
Due to the increased opportunity for financial gain, cyber criminals invest significant time and resources into creating advanced attacks to target enterprises.
According to a recently published report from Sophos, 70% of malware is designed for a single organization. These targeted samples cannot be stopped by legacy AV products that maintain signature databases of known, in-the-wild samples. Plus, most malware attacks employ obfuscation techniques that allow them to run in memory, evading more advanced anti-malware and machine-learning platforms focused on assessing new files that are dropped on an endpoint.
This doesn’t even account for the fact that for the past two years over half of breaches were caused by non-malware attacks. These attacks use sophisticated techniques that evade traditional defenses completely, and, as they require more knowledge of the environment for success, the attackers generally have a higher investment in the attack and therefore adjust and pivot where needed to maintain persistence until they reach their objectives.
QUESTIONS TO ASK YOURSELF
- What percentage of attempted cyberattacks resulted in a successful infection?
- How confident are you that your existing endpoint security can detect and prevent all types of attack?
- What is your biggest concern when it comes to preventing unknown, zero-day or non-malware-based attacks?
In response to this, when evaluating NGAV, enterprises should ensure that the platform:
- Has capabilities to detect and prevent non-malware techniques; not just capabilities like static or dynamic analysis that only address file-based attacks.
- Can detect malicious behavior from unknown sources; those that do not have reputation or have not been seen in the wild.
- Can address new and emerging threats (like ransomware) that experience rapid innovation and implement new techniques faster than signature-based approaches can be deployed.
WHAT DOES CARBON BLACK PROVIDE?
Unlike other solutions that focus on blocking commodity malware, Cb Defense mitigates risk of a breach caused by advanced and targeted threats that enterprises face on a daily basis:
- Blocks custom-built threats targeted at enterprises
- Prevents sophisticated non-malware attacks that bypass tradition AV
- Enables you to future-proof your ransomware defenses
KEY FEATURE: Streaming Prevention
Cb Defense’s prevention technology was built and tested against emerging threats and targeted attacks that are critically important to high-profile enterprise. It analyzes events and how they connect (event streams) to uncover malicious behavior as it unfolds.
Thanks for joining us as we explore “Preparing for NGAV at Scale,” our in-depth guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV. You can click here to get a copy of the full report. Join us next week as we continue to profile this report.