下一代防病毒软件 被认为是防病毒(AV)解决方案功能的一个进步, 众所周知的杠杆作用, 基于签名的防御技术与 扩展检测和响应(XDR) 结合人工智能(AI)和/或机器学习(ML)的功能. 通过利用高级分析来关联来自多个遥测源的警报, NGAV quickly identifies actionable 威胁情报 to 预测 和 prevent threats faster.
NGAV is deployed in the form of cloud-based software that has a lighter impact on 系统 和 端点,并且在组织和企业中日益成为更常见的AV类型.
在某种意义上, 当XDR和NGAV一起工作时, they are both protecting the network perimeter 和 extending threat-detection 技术 beyond it. EDR发生在位于安全边界内的端点. 不法分子仍然可以找到方法进入手机或笔记本电脑等终端, 所以一个好的EDR解决方案是最后一道防线.
再一次,这是广义和具体的区别. 如上所述, 现代NGAV解决方案旨在利用先进的分析来确保安全, 预测, 防御网络内外的威胁. 反恶意软件 solutions are primarily designed to scan individual 系统 for 恶意软件 built to bypass security controls.
NGAV的工作原理是检测和防止恶意软件和无文件攻击. 它利用预执行方法来防止战术, 技术, 和 procedures (TTPs) 和 malicious behavior used with purpose by bad actors or unwittingly by someone who is properly credentialed. Let’s take a closer look at how an NGAV solution accomplishes its detection 和 prevention goals:
Providers of NGAV solutions 和 services typically design the technology to be rapidly launched 和 operating in such a way as not to hinder performance of network 系统 or 端点.
当我们谈论NGAV时,这最后两个字母在文化中仍然很突出. 几十年来,“反病毒”这个词一直是使用计算机的社会的一部分, so it bears asking the question: What exactly are the differences between modern NGAV 和 traditional perceptions of AV?
AV primarily focuses on protecting the endpoint 和/or quickly removing an affected device that may be part of a larger critical infrastructure, 因此可能会对未受影响的设备造成更大的干扰. 这可能会导致企业遭受重大的财务和声誉损失.
NGAV超越了这些传统的AV流程, blocking diverse attacks – including fileless 恶意软件 – across the entire endpoint ecosystem. NGAV’s main goal is to detect 和 prevent attacks from reaching critical 端点 all over the network. 不仅如此,通过机器学习和人工智能学习,它还可以帮助阻止逃避行为. 再多的检测技术也解决不了问题 恶意软件 还有其他威胁, rather it’s smarter detection focused on prevention that will put attackers on the defensive.
最后一个关键区别在于之前提到的学习概念. 传统的AV在端点上可能很重, meaning it doesn’t really have the capability to adapt to a system’s unique behaviors – it is what it is, 永远都是这样. NGAV, 另一方面, 能否从端点过去的行为中学习, 系统, 以及安装了它的网络. This is why it’s so adept at detecting evasive actions 和 blocking threats much earlier in the killchain than was heretofore possible.
The benefits of NGAV are numerous compared to traditional AV, 和 can accelerate an organization's 网络检测与响应(NDR) 程序.
为企业和安全组织抵御现代威胁, 他们必须努力超越使用ngav阻挠技术的坏人. 这包括在杀戮链中更快地阻止已知和未知的威胁, 切断终端和深层系统访问, 甚至是预防 网络访问 完全. 传统的AV typically uses signature-based detection methods whereas NGAV leverages a combination of signature-based detection, AI, 和ML来揭示当今攻击者使用的http.
如前所述, ML 和 AI impart NGAV solutions with the ability to adapt to specific behaviors in 系统 they’re tasked with protecting. This helps analysts to gain a deeper underst和ing of their 端点 和 network 系统 so they can defend against threats 和 design better protections based on telemetry that could indicate impending attacks.
NGAV解决方案通常被设计为轻量级的, add-on technology that won’t slow down system operations – 和 therefore security personnel productivity. It typically has a small footprint that can deploy quickly, drive key insights, 和 enable faster mean-time-to-respond (MTTR) 使用自动化资产和流程控制等操作.
具有更低的运营成本、更高的效率 威胁情报 以及检测能力, 全面覆盖, NGAV solutions are typically ideal for security professionals looking to further consolidate across the tech stack. 作为现有检测和响应(D&R)组织可能已经有的解决方案, NGAV可以加速打破安全实践之间的孤岛. 这可以是生产力、效率和增长的驱动力 安全操作中心(soc) 这可能已经捉襟见肘了.
As with any solution – especially shopping for one within a category that has the buzzy phrase “next gen” in its name – there are many options 和 potential vendors. So, it’s best to know how to find one that can tailor an NGAV solution to your unique environment.