What is the Difference Between Traditional and Next-Generation Anti-Virus?

What is the Difference Between Traditional and Next-Generation Anti-Virus?


APRIL 12th, 2018 BY Andy James


One of the lessons learned by many businesses over the past three years of the ransomware age is that traditional signature-based anti-virus solutions are lacking the power to combat today’s flood of evasive malware.

This is why Custodian360 is excited to offer our Managed Security Services, a client security solution that leverages not only the SentinelOne Endpoint Protection engine but also Lookouts Mobile Threat Protection, powered by static and behavioural artificial intelligence, to deliver next-generation anti-virus (NGAV) capabilities.

So, what exactly is a NGAV solution, and why does it matter?

No signatures

Traditionally, anti-virus solutions (AV’s) have required frequent (daily or weekly) updates of their signature databases to protect against the latest threats. Custodian360 uses a static artificial intelligence (AI) engine to determine if new files are threats before they can execute. In addition, it has a behavioural AI engine to protect against file-less threats (e.g., PowerShell scripts, macros within documents, lateral movement, etc.).

No weekly updates

These AI engines do not require daily/weekly updates, as they “degrade” very gracefully over time. This is because the behavioural analysis engines do the work instead of matching files to an ever-aging database of file ID’s and signatures.

Even if customers upgrade their agents only once a year, they will have much greater protection than what traditional AV is able to provide. With the power of SentinelOne’s AI models, today’s zero-day attacks are instantly convicted by models developed in the past. This is the benefit of a mathematical approach to malware prevention, detection and response versus legacy, signature-based approaches.

No recurring scans

Apart from the management overhead of updating signatures, traditional AV’s also recommend recurring disk scans to make sure threats did not get in. These recurring scans are a big source of frustration for the end users, as their productivity is impacted during the scans. With Custodian360, these recurring scans are not required at all. End-users get much better performance and, in many cases, do not even know that the solution is installed.

No performance overhead

Another reason for the poor performance of traditional AV’s is that they became bloated by implementing many features, such as endpoint firewall, full-disk encryption, etc. Many of these features are now available on modern operating systems. Custodian360 was designed to orchestrate OS functionality instead of replicating it. This also translates into a much better end-user experience.

No cloud dependence

Another limitation of traditional AV’s is their reliance on cloud connectivity for best protection. Signature databases have grown so large that it is no longer possible to push the entire database down to the device. So, they keep the vast majority of signatures in the cloud, and only push the most prevalent signatures down to the agent.

Furthermore, end users frequently work in cafés, airports, hotels and other commercial facilities. In most of these cases, the Wi-Fi provider is supported by ad revenues, and encourage users to download the host’s tools (i.e., adware) to get free connectivity. These tools or the Wi-Fi access point can easily block access to the AV cloud, which poses a huge security risk. Custodian360 is fully autonomous and protects the user in these situations. The efficacy of the agent isn’t impacted by its connection to the internet.

NGAV for endpoints

I invite you to learn more about Custodian360, which not only provides NGAV capabilities, but also cloud-based reporting and real-time forensics.

To learn more, download the “Custodian360 powered by SentinelOne” data sheet.