The traditional form of antivirus software, built to protect your PC’s and Servers, has been around since the 1990’s. A lot has changed since then. Today’s cyber attackers have found ways to easily elude traditional antivirus software. They have developed sophisticated tools to target vulnerabilities not detectable by current-generation antivirus. Traditional AV only looks for known signature file or definition-based threats. They rely on checking a file’s hash against a known database of malware hashes. With an estimated 390,000 unique samples of malware created every day, keeping an up-to-date database of “signatures” is next to impossible.
Newer types of attacks that traditional antivirus software can’t detect are:
Polymorphic Malware, meaning malware that can take on many forms, thus eluding detection.
Maliciously Formatted Documents which can exploit vulnerabilities in order to execute code.
Fileless malware that isn’t detected since the malicious processes happen only in-memory with no files saved to the hard drive, so do not create telltale files for the Antivirus scanners to find.
Encrypted Traffic which is where cyber attackers can hide their activities from inspection by deploying end-to-end encryption of the traffic between the victim and the attacker’s computer.
Next-Generation Antivirus focuses instead on events and should include:
Detection- the ability to predict malicious content and stop it from executing. If it can’t be stopped before execution, sense when an attack is happening by closely monitoring the system, looking for malicious behaviors.
Prevention- the ability to automatically enact countermeasures – killing malicious processes and quarantining devices, to thwart the attack from achieving its objectives.
Remediation- the ability to automatically return systems to their pre-attack state, restoring full functionality, thus reducing the costs and productivity drain associated with system downtime.
Forensics- the ability to trace back all actions and instances that led to the attack being successful. This helps determine where weaknesses still persist so they can be addressed.
What is the Cost
Next-generation Antivirus is more costly than traditional AV, as one would expect given the far superior protection it provides. It uses sophisticated machine learning and artificial intelligence to provide predictive analytics. On the other hand, the costs of not moving forward with your organization’s cyber protection can be far greater, including:
- Business disruption
- Lost productivity
- Data corruption / loss /theft
- Legal costs
- Loss of customer confidence
- Damaged reputation
- Lost profits
BSC has partnered with a Next-Generation Antivirus solution provider that we are strongly urging all of our clients to move to. Contact us now to learn more.