Have you ever heard of a Next-Generation Anti-Virus? If you haven’t, that’s okay. They are the next/current ‘big thing’ in cybersecurity, so we wanted to help you learn about the new and more modern way you can protect your business from cyber-attacks. As we’ve all heard time and time again, cyber-attacks are becoming more sophisticated, more expensive, and more commonplace, with ransomware attacks occurring every 11 seconds in 2021. To stay protected, we need to incorporate new and more advanced levels of data security into our businesses. That’s where Next Generation Anti-Virus comes in.
What Is It and Is It Really Good Enough?
Next-Generation Anti-Virus (NGAV) works with End Point Detection and Response (EDR), like ink works with a pen – they are a combo that has the impact and without one, the other is ineffective. NGAV is the tool, but EDR is the system by which they communicate. If we compare it to traditional anti-virus, which is reactive, NGAV + EDR is proactive. The older anti-virus methods reference a database of known threats and then send alerts to the IT department to take action if a threat is encountered. NGAV + EDR recognizes, alerts, and takes action on unknown threats before they cause damage.
To get into the nuts and bolts, NGAV + EDR detect anomalous behavior (this is key) holistically and then analyzes that behavior within the entire environment, not just computer by computer. The beauty in this is the same day the threat is discovered, it becomes known, even if the malicious code has never been seen before. This greatly reduces the chances of zero-day attacks, which have been increasing each year and becoming a bigger threat for businesses worldwide. A report by MIT Technology Review, said at least 66 zero-days have occurred in 2021, which is almost double the number of such attacks recorded last year.
NGAV + EDR looks for anomalous behavior automatically, without requiring input from your IT department or database updates of new known threats. The value is in the prevention of ransomware attacks which are essentially weird and one-off coding. It is significantly more effective at stopping ransomware attacks from happening before they happen.
Where Did NGAV Originate and What’s In It for Me?
NGAV grew out of the industry needing a different way to deal with malware. The traditional tools we’ve all seen before and have probably used ourselves are becoming less and less effective. To stay afloat, we need to stay one step ahead. The big pioneers in the field have been Carbon Black and CrowdStrike, who have been visionaries, and a newer one making a name for themselves is SentinelOne.
What should matter to you is the real value NGAV + EDR offers for your business. NGAV + EDR is so much more effective at detecting and stopping ransomware attacks because of how it detects threats, through behavior using artificial intelligence (AI). For example, Server A might say, “This weird code is running. Server B, are you detecting anything?” Server B then replies, “No, but Workstation A and B are detecting this weird code.”This back and forth between the servers sends a triggered alert and halts the attack instantly. NGAV + EDR is the future of cybersecurity, and it is a critical component in protecting your system environment from ransomware.
Implications with Insurance Companies
Businesses should always look for appropriate insurance coverage for unexpected data loss and cybersecurity events. This is nothing new, and we talked about it in a past blog post. Austin Germaine, BT Partner’s Technical Account Manager, has noticed a massive shift with insurance company’s requirements, “Six months ago, insurance companies considered next-generation anti-virus software as a ‘nice to have’, but now it’s a requirement for many. A requirement I anticipate will become more and more commonplace as we move into the future.”
If insurance companies are requiring them, they must be having a significant impact.
Nothing is Perfect….
As with any new software, there are some downsides. NGAV + EDR is a powerful tool, which makes the onboarding process more complicated, mostly in terms of setting up the software to run on your environment. This will likely interrupt business operations initially. The AI tool also generally has a lot of false positives at first, and especially during the first month while the system is settling in and learning how your system operates. Once it gets to know what behavior is normal though, then it really starts bringing value. Publishers of NGAV + EDR are open about this and provide support for helping you through this ambitious, and sometimes challenging, implementation phase.
In addition, because NGAV + EDR is so new, it’s understandably more expensive – at around 3x the cost per license. However, it should be noted that this cost is still considerably less than the cost of an actual ransomware attack hitting your business, or even the deductible your insurance company offers on a $1 million policy for a ransomware attack.
It all depends on your comfort level. Will your business be okay if they can’t get adequate cyber insurance? When it comes to cybersecurity, how will your business adapt to changes both now and in the future? Find a knowledgeable and reputable advisor, like BT Partners, so we can help walk you through answering these tough questions and figuring out your options keeping you secure both now and in the future.
