IT Knowledgebase
< All Topics

What is next-generation antivirus (NGAV)

Next-generation antivirus (NGAV) works by leveraging artificial intelligence, machine learning, behavioral detection, exploit mitigation, cloud-based architecture, and other cutting-edge technologies to stop both legacy and never-before-seen threats that may evolve quickly to circumvent cybersecurity measures.

Next-Generation Antivirus takes traditional antivirus software to a new, advanced level of endpoint security protection. It goes beyond known file-based malware signatures and heuristics because it’s a system-centric, cloud-based approach. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence to:

  • Detect and prevent malware and fileless non-malware attacks
  • Identify malicious behavior and tactics, techniques and procedures(TTPs) from unknown sources
  • Collect and analyze comprehensive endpoint data to determine root causes
  • Respond to new and emerging threats that previously go undetected.

NGAV is also agile. As a lightweight and fast tool, it shields an endpoint without hindering its performance.

Why Traditional Antivirus Software No Longer Works

Today’s attackers know exactly where to find gaps and weaknesses in an organization’s network perimeter security – and they penetrate these in ways that easily bypass traditional antivirus software. These attackers use highly developed tools to target vulnerabilities that leverage:

  • Memory-based attacks
  • PowerShell scripting language
  • Remote logins
  • Macro-based attacks

And because traditional AV only focuses on signature file- or definition-based threats, it cannot detect any of these environments from modern threats that do not introduce new files to the system.

However, NGAV focuses on events – files, processes, applications, and network connections – to see how actions, or event streams, in each of these areas are related. Analysis of event streams can help identify malicious intent, behaviors, and activities – and once identified, the attackers can be blocked.

This kind of approach is increasing important today, because enterprises like Major League Baseball, the National Hockey League, and other major sport organizations are increasingly finding that attackers are specifically targeting their individual networks. The attacks are multi-stage, personalized, and significantly higher risk – and antivirus solutions don’t have a chance of stopping them.