AntiMalware: NextGen Defense

Defense-In-Depth Architecture:

NextGen Endpoint Defense

Signature-based antivirus agents for endpoints (e.g. desktops, laptops, servers) are near their end because malware signatures to search for are changing rapidly; this means the AV agent on your endpoints are likely to miss an attack. Replace your AV tool with a NextGen AV (NGAV) tool for about the same cost. Broadband enables threats to attack at any time, from unknown places, using a variety of methods.

malware iconTraditional vs. NGAV defense. The traditional means of defending endpoints is a signature-based scanner; the scan engine looks for malware signatures to block, delete or quarantine. If the signatures are not current, the AV agent will not find new malware. A NGAV tool learns normal activity of each machine, then looks for unusual behavior caused by a file (executable), script embedded in a file (trojan), a link to malicious website or an attachment to an email (spear phishing); threats are blocked or removed.

NGAV process (within 20 milliseconds, from feature extraction to quarantine). 1. Unique file features of program and capabilities are extracted. 2. These attributes are scanned by a multi-stage deep learning algorithm to determine file similarities to other malware families. 3. Similarity score is returned for evaluation by the agent. Scores exceeding a risk threshold are quarantined or deleted, then matched to a similar malware family (variant).

home-wirelessNGAV uses machine learning to identify unusual behavior to detect/block malware, prevents weaponized Office docs from executing (file-less attacks), avoids spear-phishing attacks by scanning email links and attachments before the user opens them, harmful ones are blocked. NGAV gives your cybersecurity analysts visibility of your network: detects existing compromises, captures forensic data, integrates with SIEM. Choose from three different versions to defend your network. Detect, Prevent, Complete (spear-phishing feature).

biz-meetingThe best defense of your network comes from layers that force your attacker to overcome (that includes NGAV), slowing them down (to identify them) or deterring them from attacking. If you’d like to learn more or have your network assessed for NGAV defense, please click “Request A Consultation” at the base of riseit.net, write “NGAV” in the subject line, paste the email signature of your office manager in the message body; I reply within 24 hours to schedule a call within your calendar. ###

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s