NGAV: What is Next-Generation Antivirus? Explaining the difference from Antivirus

Traditional antivirus (AV) software is widely used as a virus countermeasure. However, are you aware that antivirus is reaching its limits due to recent changes in cyberattacks? “Next-Generation Antivirus (NGAV)” is gaining attention as a countermeasure to replace antivirus.

This article explains the functions of next-generation antivirus and the differences from antivirus.

Table of Contents

1. What is Next-Generation Antivirus (NGAV)?
2. What are the functions and mechanisms of Next-Generation Antivirus (NGAV)?
   1. Pattern Matching/Behavior Detection
   2. Sandbox
   3. Machine Learning
3. Differences between Next-Generation Antivirus (NGAV) and Antivirus (AV)
4. Necessity and Background of Next-Generation Antivirus (NGAV)
5. Points to note when introducing Next-Generation Antivirus (NGAV)
6. If you want to further strengthen security, introduce “EDR”
7. Summary

1. What is Next-Generation Antivirus (NGAV)?

Next-generation antivirus is security software that prevents the intrusion of malicious programs such as malware. It is an abbreviation for “Next Generation Anti-Virus” and is also called “NGAV”. It is one of the “endpoint security” measures that protect devices and data such as PCs and smartphones.

Generally, it is introduced as a preventive or proactive measure against malicious attacks. On the other hand, “EDR (Endpoint Detection and Response)”, which is also endpoint security, is a representative example of what is introduced for post-incident measures.

Now that the role of antivirus (AV) is coming to an end, the demand for next-generation antivirus is increasing as an alternative product. The reason for the increasing demand is that it can deal with “unknown malware”, which is impossible with conventional antivirus. Let’s take a look at the specific mechanism of why it is possible to deal with it.

2. Functions and Mechanism of Next-Generation Antivirus (NGAV)

The main functions of next-generation antivirus (NGAV) can be divided into the following three:

1. Pattern Matching/Behavior Detection
2. Sandbox
3. Machine Learning/AI

I will explain each mechanism together.

2-1. Pattern Matching/Behavior Detection

“Pattern Matching” and “Behavior Detection” are functions that detect malware such as computer viruses. The pattern matching method compares the database (pattern file) that records the code of the malware with the inspection file. If the characteristics match, it is determined to be a malicious program, so it is possible to reliably detect known malware.

On the other hand, behavior detection monitors the behavior of the program and detects suspicious movements. Since it judges from the way the program moves, it can prevent the intrusion of new types of malware that are not in the database.

2-2. Sandbox

A sandbox is a function that separates suspicious files into isolated areas and monitors their behavior. The isolated file executes the program in the sandbox. Even if it is a malicious program, it will not affect the area outside the sandbox. By virtually executing and observing the program in a closed environment, you can safely analyze whether it is unknown malware.

2-3. Machine Learning

Constantly inspect activities at endpoints and have machine learning/AI learn data about cyberattacks. Machine learning algorithms enable highly accurate prediction and detection of unknown malware. In addition, it is an effective technology for blocking so-called “fileless attacks”, which are non-malware attacks, because it comprehensively learns data such as tools and methods used for cyberattacks, and characteristic movements of malware.

3. Differences between Next-Generation Antivirus (NGAV) and Antivirus (AV)

The biggest difference between next-generation antivirus (NGAV) and AV (antivirus) is whether it can handle unknown malware. Traditional antivirus can only detect known malware. This is because it only has the “pattern matching” technology that compares with the database to determine whether it is malware.

Next-generation antivirus can also detect unknown malware. This is because it is equipped with “behavior detection” that judges from the behavior of the program, in addition to pattern matching. In addition, it has machine learning and sandbox technology, and the accuracy of behavior detection is improving day by day.

It can be said that traditional antivirus, which can only deal with known malware, is no longer suitable for the modern IT environment. Next-generation antivirus is attracting attention as a substitute, but why is traditional antivirus unsuitable for the modern IT environment in the first place? I will explain it along with the necessity of next-generation antivirus.

4. Necessity and Background of Next-Generation Antivirus (NGAV)

Antivirus was born in the late 1980s. More than 30 years after the birth of antivirus, current IT technology has developed significantly, and cyberattacks have also evolved in a complex and sophisticated manner. A typical example of a complex cyberattack is a “targeted attack”.

Targeted attacks target specific companies and organizations in order to steal personal information and intellectual property and obtain money. It is a malicious attack that may investigate the target’s security holes to launch a cyberattack and develop an original malicious program.

Other examples include “ransomware” that encrypts data and demands a ransom, and “zero-day attacks” that are launched before vulnerabilities are fixed. Furthermore, the methods of infecting malware themselves are becoming more sophisticated.

However, antivirus that only prevents known malware cannot cope with complex attacks. Therefore, the need for next-generation antivirus that can detect unknown threats is increasing.

5. Points to note when introducing Next-Generation Antivirus (NGAV)

When introducing next-generation antivirus (NGAV), pay attention to the functional differences between products. NGAV does not have a clear definition, and the detailed functions differ depending on the vendor. Please check if the necessary functions are installed.

Also, alerts may increase compared to traditional antivirus (AV). This is because “programs that perform suspicious movements” are all detected by behavior detection. Therefore, false positives may increase. There is a risk that existing applications in the company will be judged as malicious programs.

Since there tend to be many excessive alerts at the beginning of the introduction, the burden on the administrator will also increase. It is important to tune the detection policy to an appropriate setting and reduce unnecessary alerts.

6. If you want to further strengthen security, introduce “EDR”

What I would like to recommend along with the introduction of next-generation antivirus (NGAV) is “EDR“, which is good at post-incident measures. In recent years, the idea that “it is impossible to completely prevent complex cyberattacks” is becoming mainstream. Therefore, post-incident measures in the event of a security incident are also being emphasized.

The purpose of EDR is to monitor all endpoints and detect abnormal behavior such as unauthorized access in real time. Malicious programs are immediately isolated, preventing damage from spreading. In addition, it collects logs from endpoints on a regular basis, making it possible to streamline investigations such as “identification of intrusion routes” and “scope of internal activities”. Quick investigation makes recovery work smoother.

The role of next-generation antivirus is “prevention” against cyberattacks. It does not provide countermeasures in the event that a cyberattack cannot be prevented. By introducing EDR as well, you can build a strong security system through proactive and reactive measures.

Summary

Next-generation antivirus (NGAV) is a security product that can detect known and unknown threats. Behavior detection and machine learning algorithms accurately prevent the intrusion of fileless attacks. Traditional antivirus is difficult to deal with advanced cyberattacks. If you are using traditional antivirus, consider migrating to NGAV.

If you have any questions, please contact globalsupport@jiran.com.