Traditional antivirus programs have been the primary means of protecting endpoints since the late 1980s, where digital threats are detected through signature databases that allow infected files to be recognized and cleaned with vaccines.
This type of antivirus has lost its effectiveness as operating systems, software, computer networks and digital threats have become more sophisticated over time. The rapid growth in the number of threats is continuous and includes new malware as well as variations of the same family, which makes a signature-based approach ineffective because it cannot keep up with the growth in a timely manner.
The way traditional antivirus also works dramatically damages the endpoint's performance by its intrusive behavior. Performing periodic disk and computer memory scans and frequent subscription bank updates consume hardware and network bandwidth when they do not require system-wide reboots, which causes user dissatisfaction.
The next generation antivirus (NGAV) differs from traditional antivirus solutions by incorporating many extra features, such as the ability to learn the behavior of the endpoint in which the solution is installed, identifying any anomalous behavior without querying a signature database or vaccines. Improved environment analysis and unknown threat detection techniques also enable greater efficiency without consuming computing power or requiring frequent update downloads.
In addition to its focus on digital threat prevention, NGAV also protects the system against zero-day exploits (wherever it is written in the case of files with PDF, DOC, and DOCX extensions, as well as executables) to handle malicious code and infect the endpoint. Subscription-based antivirus does not easily detect this type of attack.
Carbon Black offers a Next-Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR) solution called Cb Defense. Cb Defense detects malicious behavior and, in doing so, prevents zero-day exploits or ransomware from completing its task.
In the video below, Carbon Black shows you what Petya looks like when it infects an endpoint, and how Cb Defense is prevents it, and then provides visibility into how Petya works.
Traditional antiviruses are no longer an effective means of protecting IT environments in the current cyber security scenario. You need to analyze your environment, what level of protection your endpoints require, and the options for implementing a NGAV.
In any case, it is much easier to prevent than to remediate a cyber attack.
João Paulo Silva is an information security specialist for CIPHER's Security Integration team.