In today’s modern age, we understand that we need some sort of Antivirus on our devices to protect us from potential threats of the modern IT world.
Normally modern-day PC’s come with a trial or a free year of some sort of Antivirus and are typically signature- or definition-based antivirus. They scan the files on your computer and sometimes even have real-time monitoring. If you think you are protected with these default programs–think again.
As attacks have grown more sophisticated, from using the infected file or malware, they are now using scripts, memory, file-less malware, and even the known applications you have installed on your machine!
Outdated antivirus techniques
These mentioned antivirus methods are out-moded and a significant percentage of malware and viruses aren’t even detected by them due to the rapidly rising sophistication of technologies.
Scanning for Viruses
This is a method of signature based protection. It looks at the files on your system and tries to match it against a virus database. If it finds a match, it tries to quarantine or eliminate it based on policy. This means the infection already exists and you’re only as safe as the signatures in the database.
While this method tries to prevent the infection before it happens, devices are still reliant on the database of signatures that may or may not be up to date.
In a nutshell, it looks for changes to bait files. It also looks for changes you may not have made such as changing your search engine settings, for example. While a step better than the formers, it still depends on an infection already happening in your PC and being able to detect it by a predefined and updated set of policies.
The main feature of next-gen antivirus is that it is not dependent on a database that may or may not be up to date. While it includes the above in most cases (some use real-time cloud access for their definitions), it takes it all a step further.
This is a process for controlling and validating everything a process is permitted to do on your device. It is sometimes referred to as “ring-fencing.” Basically, it looks at all of the applications on your machine and through AI and machine learning, as well as input from you, it decides whether application “X” should be able to do a certain function.
For example, should that new game you installed be allowed to access the internet? Should your Office programs be allowed to run Power shell scripts on demand?
Many new Next-Gen products recommend you to install a “detect mode” so that you can see what your applications are doing. Adjustments can then be made and you move to a “protect mode” after examining what your device is doing. Instead of trusting and verifying, it works on the principle of don’t trust and still verify.
What this does is learn how a person would work and not a script or a machine. It learns your habits and can adapt to changes in blocking or detecting–same as a person would. It isn’t defined by a set of policies or rules, and can make your protection much more effective.
This one is kind of in-between. It is the base part of getting the signatures for your typical antivirus. It uses a process called “sandboxing” where potential malicious files can be analyzed in a controlled environment and mitigations can be defined.
That part is not next-gen, however, is it then uses this information to not only provide a vaccine for the infection, but it looks at how the virus or malware actually behaves. What processes does it interact with? What does it try to do? This data lets the antivirus software know, while an infected file wasn’t detected, behaviors are happening that have a possible indication of something malicious.
Today’s Next-Gen antivirus use all of the above methods to try and protect us in today’s ever-changing technology landscape.
PEI Security Solutions
PEI works with vendors across the IT landscape to provide a breadth of potential solutions for just about any area of operations. Partnering with Cisco and Mimecast means we present the overhead necessary to fend off various security threats ongoing to your current activities.
Furthermore, Microsoft continues to invest in five main pillars for security—Data, Could & Datacenter, Applications, Endpoints, and Identity–and staying current with the offerings can be challenging.
Take the load off and contact PEI for a security consultation to keep your business safe and secure.
Myke | PEI