下一代防病毒软件 is considered a step forward in antivirus (AV) solutions capabilities, 众所周知的杠杆作用, signature-based prevention 技术 in combination with extended detection 和 response (XDR) capabilities that incorporate artificial intelligence (AI) 和/or machine learning (ML). By leveraging advanced analytics to correlate alerts from multiple telemetry sources, NGAV可以快速识别可操作的威胁情报,以更快地预测和预防威胁.
NGAV以基于云的软件的形式部署,对系统和系统的影响较小 端点, 和 is increasingly the more common type of AV in organizations 和 enterprises.
在某种意义上, 当XDR和NGAV一起工作时, 它们既保护了网络边界,又扩展了网络之外的威胁检测技术. EDR happens at the endpoint that lies inside of that security perimeter. Bad actors could still find a way to an endpoint like a phone or laptop, so a good EDR solution is a last line of defense.
Again, it's the broad versus the specific here. 如上所述, a modern NGAV solution is designed to leverage advanced analytics to secure, 预测, 和 defend against threats at 和 beyond the network perimeter. 反恶意软件解决方案主要用于扫描单个系统,以查找绕过安全控制的恶意软件.
NGAV works by detecting 和 preventing 恶意软件 和 fileless attacks. It leverages pre-execution methodologies to protect against tactics, 技术, 和程序(TTPs)以及恶意行为,这些恶意行为是由不良行为者有意使用的,或者是由具有适当资格的人无意中使用的. 让我们仔细看看NGAV解决方案是如何实现其检测和预防目标的:
NGAV解决方案和服务提供商通常将技术设计为快速启动和运行的方式,而不会影响网络系统或端点的性能.
When we talk about NGAV, those last two letters still loom large within culture. The term “antivirus” has been a part of computer-using society for decades, 所以有必要问一个问题:现代NGAV和传统的AV观念到底有什么不同?
反病毒主要侧重于保护端点和/或快速移除受影响的设备,这些设备可能是大型关键基础设施的一部分, thus causing potentially larger disruption among unaffected devices. This could lead to a business enduring significant financial 和 reputational damage.
NGAV moves beyond these traditional AV processes, 阻止各种攻击-包括无文件恶意软件-跨越整个端点生态系统. NGAV的主要目标是检测和防止攻击到达整个网络的关键端点. Not only that: Via ML 和 AI learning, it can help put a stop to evasive actions. More detection technology won’t solve the problem of 恶意软件 还有其他威胁, 相反,它是专注于预防的更智能的检测,将使攻击者处于防御状态.
One last key difference is focused on the previously mentioned concept of learning. 传统的AV can be heavy on an endpoint, 这意味着它并没有真正的能力去适应系统的独特行为——它就是这样, 永远都是这样. NGAV, 另一方面, can learn from past behaviors of the 端点, 系统, 和 networks on which it’s installed. 这就是为什么它如此擅长于在杀戮链中更早地发现逃避行为和阻止威胁.
与传统的AV相比,NGAV的好处很多,可以加速组织的发展 network detection 和 response (NDR) 程序.
For businesses 和 security organizations to st和 against modern threats, they must attempt to outpace bad-actor use of NGAV-thwarting technology. This includes blocking known 和 unknown threats sooner in the killchain, cutting off endpoint 和 deep-system access, 甚至是预防 网络访问 完全. 传统的反病毒通常使用基于签名的检测方法,而NGAV则结合了基于签名的检测方法, AI, 和 ML to surface the TTPs used by today’s attackers.
如前所述, ML和AI赋予NGAV解决方案适应其任务保护系统中的特定行为的能力. 这有助于分析人员更深入地了解他们的端点和网络系统,以便他们可以防御威胁,并根据可能指示即将发生的攻击的遥测设计更好的保护措施.
NGAV solutions are generally designed to be lightweight, 不会降低系统运行速度的附加技术,从而降低安全人员的工作效率. 它通常占用空间小,可以快速部署,驱动关键洞察,并更快地启用 mean-time-to-respond (MTTR) with actions like automated-asset 和 process containment.
With lower operational costs, more efficient 威胁情报 以及检测能力, 全面覆盖, NGAV解决方案通常是希望进一步整合整个技术堆栈的安全专业人员的理想选择. As a value-add for an existing detection 和 response (D&R) solution an organization may already have, NGAV can accelerate the breaking down of silos between security practices. This can be a productivity, efficiency, 和 growth driver for 安全操作中心(soc) 这可能已经捉襟见肘了.
就像任何解决方案一样——尤其是在一个名称中有“下一代”这个时髦短语的类别中购买——有很多选择和潜在的供应商. 因此,最好知道如何找到一个可以根据您的独特环境定制NGAV解决方案的解决方案.
Antivirus: Latest Rapid7 博客 Posts
Rapid7研究: Encapsulating Antivirus (AV) Evasion Techniques in Metasploit Framework