small align text-align-left refresh
Informational Series

What is Next-Generation Antivirus (NGAV)?

text_image_eight full_width

Featured Webinar

Moving Endpoint Security to the Cloud: Replacing Traditional Antivirus

Modern attacks such as ransomware and advanced phishing are becoming more prevalent each year. “Next-generation” attacks require next-generation antivirus (NGAV), which can stop more attacks, see more threats and close more security gaps than traditional AV. NGAV solutions that are purpose-built to utilize cloud-based analytics enable an even more dynamic, proactive approach to endpoint security. In this webcast, SANS will discuss how cloud-based analytics can assist organizations in managing the security of their endpoints and function with NGAV to improve protection and simplify operations.

Register Now

basic_heading secondary align text-align-left color text-black refresh

Let’s Define Next-Generation Antivirus (NGAV)

text_image_eight full_width

Next-Generation Antivirus solutions prevent all types of attacks, known and unknown, by monitoring, responding to attacker tactics, techniques and procedures (TTPs), providing security administrators with real-time response capabilities, data science, predictive analytics, and threat intelligence.

Next-Generation Antivirus takes traditional antivirus software to a new, advanced level of endpoint security protection. It goes beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence to:

  • Detect and prevent malware and fileless non-malware attacks

  • Identify malicious behavior and TTPs from unknown sources

  • Collect and analyze comprehensive endpoint data to determine root causes

  • Respond to new and emerging threats that previously go undetected.


padding refresh
text_image_two refresh

What is next-generation antivirus, or NGAV?

Though malware continues to be a constant threat, more than half of breaches today leverage fileless malware because it can bypass traditional antivirus defenses. This episode of "the 101" provides a clear definition of next-generation antivirus and why it is uniquely capable of malware and fileless malware (or non-malware) attacks.

To view this and other episodes of "The 101" click here.

basic_heading secondary align text-align-left color text-black refresh

Why Traditional Antivirus Software No Longer Works

text_image_eight full_width

Today’s attackers know exactly where to find gaps and weaknesses in an organization’s network perimeter security – and they penetrate these in ways that easily bypass traditional antivirus software. These attackers use highly developed tools to target vulnerabilities that leverage:

padding refresh
  • Memory-based attacks

  • PowerShell scripting language

  • Remote logins

  • Macro-based attacks

text_image_eight full_width

And because traditional AV only focuses on signature file- or definition-based threats, it cannot detect any of these environments from modern threats that do not introduce new files to the system.

However, NGAV focuses on events – files, processes, applications, and network connections – to see how actions, or event streams, in each of these areas are related. Analysis of event streams can help identify malicious intent, behaviors, and activities – and once identified, the attackers can be blocked.

This kind of approach is increasing important today, because enterprises like Major League Baseball, the National Hockey League, and other major sport organizations are increasingly finding that attackers are specifically targeting their individual networks. The attacks are multi-stage, personalized, and significantly higher risk – and antivirus solutions don’t have a chance of stopping them.

basic_heading secondary align text-align-left color text-black refresh

EDR: A Foundational Must for NGAV

text_image_eight full_width

What is Next-Generation Antivirus (NGAV) Data GraphicAccording to its 2017 Market Guide for Endpoint Detection and Response Solutions, Gartner now considers endpoint detection and response (EDR) as a foundational security capability. When it is combined with NGAV, companies can more accurately identify suspicious and unauthorized activities, preventing many of these behaviors outright and enabling the capabilities to respond and remediate advanced malicious threats faster and better than ever before.

To help NGAV solutions identify threats that slip past traditional AV, EDR provides a holistic approach to data collection, which in turn powers machine learning, predictive analytics, and behavior monitoring with a complete picture of the environment. Together, these technologies help companies monitor events and identify patterns that may be suspicious, turning them into attack visualizations that can be easily consumed by administrators and responders.

EDR can help discover even the most minute changes in files, registries, and networks that help security teams uncover malicious activity hidden in plain sight. From there, EDR helps responders contain the identified threats and block emerging, never-been-seen-before attacks that otherwise can slip through most NGAV solutions.

basic_heading secondary align text-align-left color text-black refresh

Industry Pulse: The Race Is on Between Attackers and Security Solutions

text_image_eight full_width

Antivirus software companies not only compete with vendors that deliver similar products, but they are also directly competing against the nefarious attackers. Head-to-head in this race, the attackers have the winning hand.

According to the State of Endpoint Security report from Ponemon Institute:

padding refresh
three_up_bullets color bg-white refresh

of organizations believe endpoint security risks are increasing


have seen new and unknown threats increase significantly.


believe they have the resources to minimize endpoint security risk.

text_image_eight full_width

The report also notes that of those organizations that experienced an endpoint attack that compromised their company, 77% percent said the attack was a fileless attack or exploit.

Clearly, antivirus software is losing this race.

basic_heading secondary align text-align-left color text-black refresh

The Answer: NGAV + EDR in the Cloud

text_image_eight full_width

What is Endpoint Security? Data GraphicTo fully unleash NGAV and EDR solutions, companies must take advantage of the cloud and its immense computational power, unlimited scalability, and ease of management. Taking endpoint security to the cloud ensures a proactive, rather than reactive approach that combines big data with powerful analytics to help outsmart the latest, most threatening emerging attacks.

For example, the cloud enables streaming analytics, where normal and abnormal endpoint activity can be monitored and compared to any unfiltered historical endpoint data. By analyzing these event streams and comparing them to what looks like normal ones, the cloud creates a global threat monitoring system that not only detects attacks, but predicts ones that have never been seen before. This powerful approach is simply not possible with traditional AV solutions.

NGAV in the cloud also offers bi-directional communication with endpoints, so that all unfiltered endpoint data can be monitored and turned into predictive analytics that proactively protects companies from sophisticated attacks.

Plus, the cloud provides the infrastructure benefits that most companies are already experiencing with other enterprise software – simplified, less costly operations, faster deployment, and the latest and most innovative technology.


basic_heading secondary align text-align-left color text-black refresh

How to Evolve to NGAV

To learn more about NGAV, access these resources:

resources refresh
basic_heading secondary align text-align-left color text-white refresh

Learn More About Carbon Black