JANUARY 8, 2018

Next-Gen Anti-Virus: What is it and is it really good enough?

If you checked online tech news lately you have probably seen the term "next-gen" thrown around a lot but rarely explained in-depth. The industry is m

If you checked online tech news lately you have probably seen the term "next-gen" thrown around a lot but rarely explained in-depth. The industry is moving forward at a very rapid pace and almost every innovation is labeled as "next-gen" but when it comes to antivirus software, things have really gone to the next level. Next-gen Anti-Virus (NGAV) has changed the game completely with advanced the A.I. capabilities of machine learning and deep learning. Unlike traditional antivirus tools that use signatures and heuristics to block known attacks, Next-GenAV has ushered in the ability to anticipate new threats that have never been detected before, and block them from entering an organization’s systems pre-emptively. To fully appreciate the power of next-gen AV we need to have a closer look at the features and capabilities it possesses.

Next Gen Anti Virus: What is it?

Next-Generation Antivirus uses a combination of artificial intelligence in the form of machine learning algorithms, behavioral detection, and exploit mitigation techniques which all work together to enable the end-user to anticipate, prevent, and block both known and unknown threats immediately. Since NGAV is cloud-based it can be deployed in a matter of hours while traditional AV technologies, which are deployed on a server on-premises can take days.

What are the main differences?

There are a few key differences that separate Next Gen Anti Virus or NGAV from Legacy AV. For example, the detection of unknown threats is very different now. Before, legacy AV had to rely on signatures, which are hard to update and ineffective against file-less attacks. In contrast, NGAV relies on machine learning which has been trained to predict and prevent new threats based on the similar features that it may share with older, previously known threats. The cloud-based operation consumes minimal memory on the endpoint machine, so there is no need for expensive top-performing computers with high processing capacity. The speed in which it takes to detect attacks is another big advantage that comes with NGAV, as it can be achieved in seconds as opposed to minutes or even days.

What are the differences in terms of Deployment and Protection?

Ease of implementation, speed and the level of protection that comes with NGAV represent critical developments in the endpoint security software arena. The implementation of legacy software is difficult because the average setup needed months to be implemented correctly to ensure detection accuracy. It often requires on-site hardware and software installation which involves a slow process that is expensive and complicated. Now, because deployment largely happens remotely, with just a slim, lightweight agent on the end user’s device, there is minimal impact on the device, and the end-user could easily forget that it’s even there!

Before next-gen AV, protection had to rely on frequent updates from the service provider. The updates would include a long list of signature hashes that would block attacks that the vendor had come in contact with and prepared a hash or heuristic to protect against it. However, with the increasing frequency of generated attacks and the fact that many of these attacks can wreak their damage within just moments, these signature-based updates couldn't come fast enough. The manual process of detecting and preventing threats entailed that whenever a new threat emerged on the web, the provider needs to send the respective update to end-users, a process which even if it took place in just a matter of minutes, is still too slow to prevent the rapid execution of an attack.

But is Next Gen Anti Virus good enough?

In today's threat landscape, there has been a massive increase in cybersecurity disasters. With that in mind, and due to the lack of expertise, it seems (and rightfully so) more and more organizations are concerned for the security of their infrastructure.

This concern has leads many organizations and businesses to use NextGen AVs, for the speed in which they can prevent attacks and their ability to prevent increasingly sophisticated, never seen before attacks.

In order to keep up with the constant influx of threats, companies need to utilize next-gen anti-virus software to analyze malware and automate the identification and classification of both known and unknown threats. But not all next-gen solutions are created equal, particularly regarding their effectiveness, power, and efficiency. To truly stop and prevent threats, you need the most advanced form of technology in cybersecurity and cyber threat prevention, which is deep learning. Our patented deep learning framework is not only able to prevent these threats and identify their origin and classification, but it does so without the threats ever even executing on the user's device. Deep Instinct's customers get full intel and malware classification of the attack, without the risk and damage that comes with being hit.

In the cybersecurity industry, where there is an ongoing need to respond to cyberattacks in real-time with minimal human interaction, the need for an autonomous solution is on the rise. The best way to eliminate human interaction is simply by using a solution with greater autonomy, that's going to analyze and block attacks without any human involvement required. In Deep Instinct's product, this level of automation is enabled by deep learning, the most advanced form of A.I.

As deep learning is inspired by the human brain’s ability to learn, its ability to identify an object becomes instinctive. Similarly, bringing this approach to cybersecurity results in a new form of cyber intelligence – providing the brain the ability to recognize malware and categorize it according to its malware family: Ransomware, backdoor, dropper, spyware, virus, worm and PUA (Potentially Unwanted Application), for example.


Why is it important to classify zero-day malware files in real-time?

By classifying different types of malware in real-time, security teams have immediate visibility and knowledge of the malware that has hit their organization, giving them fast insights on the attack and a better understanding of the attack's impact.

Arguably representing the next level of anti-virus protection, X-Gen AV provides SOC and IR teams with the confidence that their systems are constantly protected, even when their not around to watch over every user. It allows their detection and response mechanisms to be activated in the quickest way possible gain a workable understanding of what exactly they are dealing with.

In this whitepaper, we explain how the Deep Classification model works, and how we’ve integrated the malware classification feature into Deep Instinct.

To learn more, download the free whitepaper >>

malware classification whitepaper