Next Generation Antivirus 被认为是防病毒(AV)解决方案功能的一个进步, and leverages known, 基于签名的防御技术与 扩展检测和响应(XDR) 结合人工智能(AI)和/或机器学习(ML)的功能. 通过利用高级分析来关联来自多个遥测源的警报, NGAV quickly identifies actionable threat intelligence to anticipate and prevent threats faster.
NGAV is deployed in the form of cloud-based software that has a lighter impact on systems and endpoints,并且在组织和企业中日益成为更常见的AV类型.
In a sense, when XDR and NGAV work together, they are both protecting the network perimeter and extending threat-detection techniques beyond it. EDR发生在位于安全边界内的端点. 不法分子仍然可以找到方法进入手机或笔记本电脑等终端, 所以一个好的EDR解决方案是最后一道防线.
再一次,这是广义和具体的区别. As mentioned above, 现代NGAV解决方案旨在利用先进的分析来确保安全, anticipate, 防御网络内外的威胁. Anti-malware solutions are primarily designed to scan individual systems for malware built to bypass security controls.
NGAV的工作原理是检测和防止恶意软件和无文件攻击. 它利用预执行方法来防止战术, techniques, and procedures (TTPs) and malicious behavior used with purpose by bad actors or unwittingly by someone who is properly credentialed. Let’s take a closer look at how an NGAV solution accomplishes its detection and prevention goals:
Providers of NGAV solutions and services typically design the technology to be rapidly launched and operating in such a way as not to hinder performance of network systems or endpoints.
当我们谈论NGAV时,这最后两个字母在文化中仍然很突出. 几十年来,“反病毒”这个词一直是使用计算机的社会的一部分, so it bears asking the question: What exactly are the differences between modern NGAV and traditional perceptions of AV?
AV primarily focuses on protecting the endpoint and/or quickly removing an affected device that may be part of a larger critical infrastructure, 因此可能会对未受影响的设备造成更大的干扰. 这可能会导致企业遭受重大的财务和声誉损失.
NGAV超越了这些传统的AV流程, blocking diverse attacks – including fileless malware – across the entire endpoint ecosystem. NGAV’s main goal is to detect and prevent attacks from reaching critical endpoints all over the network. 不仅如此,通过机器学习和人工智能学习,它还可以帮助阻止逃避行为. 再多的检测技术也解决不了问题 malware and other threats, rather it’s smarter detection focused on prevention that will put attackers on the defensive.
最后一个关键区别在于之前提到的学习概念. 传统的AV在端点上可能很重, meaning it doesn’t really have the capability to adapt to a system’s unique behaviors – it is what it is, and that’s all it will ever be. NGAV, on the other hand, 能否从端点过去的行为中学习, systems, 以及安装了它的网络. This is why it’s so adept at detecting evasive actions and blocking threats much earlier in the killchain than was heretofore possible.
The benefits of NGAV are numerous compared to traditional AV, and can accelerate an organization's network detection and response (NDR) program.
为企业和安全组织抵御现代威胁, 他们必须努力超越使用ngav阻挠技术的坏人. 这包括在杀戮链中更快地阻止已知和未知的威胁, 切断终端和深层系统访问, or even preventing network access entirely. Traditional AV typically uses signature-based detection methods whereas NGAV leverages a combination of signature-based detection, AI, 和ML来揭示当今攻击者使用的http.
As previously mentioned, ML and AI impart NGAV solutions with the ability to adapt to specific behaviors in systems they’re tasked with protecting. This helps analysts to gain a deeper understanding of their endpoints and network systems so they can defend against threats and design better protections based on telemetry that could indicate impending attacks.
NGAV解决方案通常被设计为轻量级的, add-on technology that won’t slow down system operations – and therefore security personnel productivity. It typically has a small footprint that can deploy quickly, drive key insights, and enable faster mean-time-to-respond (MTTR) 使用自动化资产和流程控制等操作.
具有更低的运营成本、更高的效率 threat intelligence and detection capabilities, and comprehensive coverage, NGAV solutions are typically ideal for security professionals looking to further consolidate across the tech stack. 作为现有检测和响应(D&R)组织可能已经有的解决方案, NGAV可以加速打破安全实践之间的孤岛. 这可以是生产力、效率和增长的驱动力 security operations centers (SOCs) that may already be stretched thin.
As with any solution – especially shopping for one within a category that has the buzzy phrase “next gen” in its name – there are many options and potential vendors. So, it’s best to know how to find one that can tailor an NGAV solution to your unique environment.