In the past couple of years, everything new is described as being “next gen”. Whether it’s cars, hotels, firewalls, or software, we’ve seen the emergence of the latest buzz word to define products that surpass the previous version. For information technology professionals, many have already adopted next-generation firewalling and are now focused on the endpoint. Many though, have gotten to a point where they are trying to decide whether to replace or supplement their antivirus software with something new. But what exactly does next-generation endpoint protection mean, and how can IT and security professionals make sense of the plethora of next-generation endpoint protection products available on the market?
As is often the case, the name next-generation endpoint protection emerged independently of any broad agreement on a definition. What is clear is that the name was perpetuated by vendors looking to distinguish their products from the ineffective crop of endpoint protection solutions on the market.
Cough cough, signature-based antivirus, cough cough.
The unifying theme for next-generation endpoint protection products is the rejection of “signature-based” technology. Even that, though, is a bit vague. After all, hash lookups – querying a database to identify known malware – are part of nearly every next-generation endpoint protection product. Some draw a distinction between hash lookups and pattern matching, where the “signature” is a specific pattern that security software looks for to convict a file as malicious.
In any case, next-generation endpoint protection solutions seem to be those that reject types of signatures and incorporate new technologies. Which technologies are used varies from product to product, so we’ve added in a list of features many solutions currently offer:
Must have next generation endpoint features
- Sandbox analysis
- Pre-execution analysis based on machine learning
- Exploit prevention or mitigation
- Centralized event collection & analysis (e.g., root cause analysis)
- Endpoint isolation in event of a detection or suspicious event
- Detection based on behavior analysis
- Ransomware behavior detection and blocking
- Rollback of changes after detection of an event
- Retrospective detection
Some of these features have begun to appear in traditional AV products which make one question, does software that uses both signatures and machine learning count as next-generation endpoint protection? What about a product that has innovative exploit prevention but does nothing to stop social engineering attacks?
Is that next-generation endpoint protection?
In a world where both the threats and the defenses are constantly evolving, a better question is, “what’s the right solution for my business?” Answering that requires a broader understanding of how all aspects of the product – features, usability, integration, value, and more – fits into your overall security strategy. This is where the value of a VAR (value-added reseller) shines. Most VARs will evaluate multiple products and compare one against the other to determine what makes the most sense of a customer’s environment and strategy.