Networks and personal computers all over the world have long relied on antivirus software to keep information, software and hardware safe from attack. Our reliance on it can’t be underestimated and the companies that offer the most popular and most up-to-date solutions work tirelessly to make sure users are protected from the very latest threats.
However, there is a problem; a new threat that traditional antivirus software and methods struggle to deal with and it’s changing the antivirus landscape very quickly indeed.
Currently, all antivirus software relies on the use of pre-defined information on the current threats out there, or ‘definitions’ as the industry call them. This means that much of the security offered to users is based on the knowledge of current threats and only using certain algorithms, can a measure of prevention from new threats be offered. This means that antivirus that is poorly maintained is often cause for problems.
There are now new threats that have emerged into the industry consciousness over the last couple of years known as ‘fileless malware’ and remain in the system memory without leaving any kind of footprint on the hard drive, thus avoiding detection. There are also increasing incidences of malware that uses tools like PowerShell and macros to gain access to systems.
The definitions mentioned previously are all reliant on security threats containing files or being collated by name and type. These which are then listed and included into the definitions. Without any discernible files, these particularly tricky viruses and malware are undetectable using most common anti-virus solutions, so the industry is having to step up to the plate once more.
So, what is the solution?
Thankfully, the antivirus industry is huge, profitable and highly skilled. They are aware of these newer risks and have been investing heavily in next generation anti-virus or NGAV, to give it its industry moniker. NGAV uses cloud-based analytics to more actively and intelligently detect a virus or malware attack by predetermining an attackers tactics, techniques and procedures (TTPs).
They can identify patterns of malicious activity by analysing and correlating files and their behaviour. The information gathered can then be used to recognise a chain of events or even reconstruct a previous files behaviour to intelligently assess the possibility of an attack.
These TTPs can be saved and collated for future reference and a pattern of attack and modus-operandi of attacks are then used as a profiling technique to assess and intercept pick off future attacks.
This technique will work better over time, as more information is gathered and all the virus and malware behaviours are recorded. In the meantime, antivirus producers are confident that most attacks will still be flagged by current software and NGAV will soon be able to take care of many more.