Why legacy AV is no longer up to the job
One of the main reasons why legacy AV tools are no longer effective is that the style of attacks used by hackers has evolved. Traditional AV solutions work on the principle of hunting for 'signatures' of known malware - strings of characters that are associated with specific threats.
This means that a legacy AV system is an inherently reactive solution, and one that's only able to work if the malware a firm encounters has already been identified and catalogued in the AV's database. Providers of this software are constantly looking for new threats and updating their databases, but it's a game of cat and mouse in which they will always be one step behind the hackers.
In fact, Ponemon estimates that more than three-quarters of compromised businesses were targeted by an unknown or zero-day attack that traditional AV tools wouldn’t be able to protect them from.
A new generation of attack types
It's not just zero-day vulnerabilities, however. Attackers are also developing new ranges of attack techniques that traditional AV tools are unable to detect. For instance, one increasingly common tactic is the use of fileless malware, which doesn’t leave a telltale footprint for AV solutions to spot.
Such attacks may take advantage of tools and operations routinely carried out by IT administrators, such as the use of Microsoft PowerShell, to avoid detection. Other techniques that are increasingly used include memory-based attacks, remote logins and macro attacks. None of these involve the introduction of new files to the system, so they’re able to bypass traditional AV tools.
Enter next-generation AV
To counter these threats, you need a more advanced solution - next generation antivirus (NGAV). This goes beyond the traditional signature-based defences used by legacy systems, using the latest technology to proactively hunt for threats that would otherwise be missed.
While NGAV is a fairly broad term, it generally describes systems that include at least some of the following:
- Artificial intelligence (AI)
- Machine learning algorithms
- Cloud-based analytics
- Behavioral monitoring and anomaly detection
It works by looking closely at not only your files, but your applications, processes and network connections to see what impact actions have. It can then spot any activities that are unusual or likely to be malicious and take steps to block them, even if it’s never seen the precise nature of the threat before.
Another key element of a successful NGAV is the addition of an endpoint detection and response (EDR) system. This offers real-time monitoring and analysis of endpoint data, in order to identify even the smallest changes in files or registries that can be indicators of malicious activity.
As many enterprises face network sprawl and the addition of many more endpoints, from mobile devices to Internet of Things sensors, EDR solutions will be essential in ensuring these parts of your network are under control.
EDR is a separate solution to NGAV, but the two often work hand-in-hand to provide you with comprehensive protection.
The key benefits of NGAV solutions
Deploying a NGAV system will help you spot a wide range of threats that would have otherwise gone unnoticed. One of the main ways it does this is through AI and predictive analytics. This can build up a picture of what your usual activity looks like in order to detect anything out of the ordinary.
But these tools do far more than simply plug any gaps in your security defenses. Among the other benefits of NGAV is that the technology is much easier to deploy and maintain than traditional AV.
While it may be a lengthy process to roll out legacy AV across a large network - with the average deployment taking three months - NGAV can be much faster to get up and running. Because it's typically delivered via the cloud, there's no extra hardware or software to install. What's more, as it doesn't rely on frequently-updated lists of signatures, it's far easier to maintain.
It's also a much more lightweight solution than traditional AV. As it takes up fewer resources on the endpoint, this eliminates any performance issues associated with scans and updates.
- 7 Types of Security Threat and How to Protect Against Them
- How to Create a Successful Cybersecurity Plan
- A Guide to Replacing Antivirus with Advanced Endpoint Security
Access the latest business knowledge in IT
Join the conversation...