General Discussion > Information Technology & Cyber Security

What is "Next Generation Anti-Virus"?


It is relatively easy to define what's been described as "legacy" AV. A solution that relies on pattern updates for detection. While this has been vaguely sufficient for a decade, the sheer number of new malware and the ridiculous ease with which old malware can be repackaged to become undetectable by patterns makes it insufficient. Even with accelerated signature updates, like Trend Micro's hourly update, simply can't keep up with the volume.

Hence the advent of so-called "Next Generation" AV solutions that offer alternatives to pattern-based detection. But what those alternatives are are pretty much all over the place. Solutions range from:

Application white listing - only the apps you trust can run

Remediation - continually take snapshots of the environment so that you can undo any changes that malware makes (e.g., ransomware)

Exploit prevention - prevent execution of the attacks themselves upon vulnerable applications

Malware detection through static analysis - use regression analysis to determine the likelihood that a file is bad and make decisions on that

A fair number of startup have entered this space under the Next-Gen AV flag. Many established players (e.g., Symantec, etc.) have entered this space on their own. Larger players actually weave their Next Gen solutions into total solutions that include other products that act as network activity sensors as well as sandboxes for greater intelligence.

When the dust settles, and the hype associated with the term becomes mainstream .  . . which technique will reign supreme?


[0] Message Index

Go to full version