https://community.isc2.org/t5/Member-Support/New-Generation-of-AntiVirus-Software-for-Workstation/m-p/3868#M411 <P>Dear Members,</P><P>&nbsp;</P><P>What will be your&nbsp;expected protection feature(s) in New Generation AntiVirus?</P><P>&nbsp;</P><P>Please correct me if I am wrong...&nbsp;</P><P>&nbsp;</P><P>Scanning Object (known Virus Signature) and Sending Object (Potential Malicious) to Sandbox test did not provide a Comfortable&nbsp;Security level for End-Point-Protection.</P><P>&nbsp;</P><P>I would&nbsp;like to have features as below (monitoring&nbsp;the Malware Behaviour and Objective via the Approach from Web Application Protection, Digital Forensic, Malware Analysis):-</P><P>&nbsp;</P><P>Monitor the activities of browser - alert Malicious Traffic, Re-Direct, XSS, Keylogger...(Do not expect Web Application Developers to take all responsibilities to protect their Users); alert access to Malicious Web Site (Should verify the Web Site from blacklist in Cloud); Double check the Digital Signature of the Web Site (avoid MITM - request a product in&nbsp;Cloud to verify one more time)...</P><P>&nbsp;</P><P>Monitor Parent and Child Process - alert any Background task and or Network connection and or storage...</P><P>&nbsp;</P><P>Data Acquisition on potential attack target file and registry - alert on change...</P><P>&nbsp;</P><P>Computer Activity Summary Report</P><P>&nbsp;</P><P>Please share your view and comment (expected feature) on handling the UNKNOWN...</P><P>&nbsp;</P><P>Thanks, Joseph</P> Sun, 26 Nov 2017 07:02:22 GMT sgjoelee 2017-11-26T07:02:22Z https://community.isc2.org/t5/Member-Support/New-Generation-of-AntiVirus-Software-for-Workstation/m-p/3868#M411 <P>Dear Members,</P><P>&nbsp;</P><P>What will be your&nbsp;expected protection feature(s) in New Generation AntiVirus?</P><P>&nbsp;</P><P>Please correct me if I am wrong...&nbsp;</P><P>&nbsp;</P><P>Scanning Object (known Virus Signature) and Sending Object (Potential Malicious) to Sandbox test did not provide a Comfortable&nbsp;Security level for End-Point-Protection.</P><P>&nbsp;</P><P>I would&nbsp;like to have features as below (monitoring&nbsp;the Malware Behaviour and Objective via the Approach from Web Application Protection, Digital Forensic, Malware Analysis):-</P><P>&nbsp;</P><P>Monitor the activities of browser - alert Malicious Traffic, Re-Direct, XSS, Keylogger...(Do not expect Web Application Developers to take all responsibilities to protect their Users); alert access to Malicious Web Site (Should verify the Web Site from blacklist in Cloud); Double check the Digital Signature of the Web Site (avoid MITM - request a product in&nbsp;Cloud to verify one more time)...</P><P>&nbsp;</P><P>Monitor Parent and Child Process - alert any Background task and or Network connection and or storage...</P><P>&nbsp;</P><P>Data Acquisition on potential attack target file and registry - alert on change...</P><P>&nbsp;</P><P>Computer Activity Summary Report</P><P>&nbsp;</P><P>Please share your view and comment (expected feature) on handling the UNKNOWN...</P><P>&nbsp;</P><P>Thanks, Joseph</P> Sun, 26 Nov 2017 07:02:22 GMT https://community.isc2.org/t5/Member-Support/New-Generation-of-AntiVirus-Software-for-Workstation/m-p/3868#M411 sgjoelee 2017-11-26T07:02:22Z https://community.isc2.org/t5/Member-Support/New-Generation-of-AntiVirus-Software-for-Workstation/m-p/4012#M419 <P>Hi Joseph,</P><P>Full disclosure - I work for Cylance (<A href="http://www.cylance.com" target="_blank">www.cylance.com</A>) as a system engineer. the AV/ NGAV space is&nbsp;probably the most congested of all technology solutions out there with at least 60+ vendors fighting for market share. Before I joined Cylance over 1 year ago I worked for security&nbsp;integrators in the UK and reviewed the majority of NGAV offerings and the reason I joined Cylance is because I found&nbsp;Cylance to be using a groundbreaking, revolutionary approach&nbsp;that I feel could change the way AV works going forward.&nbsp;</P><P>&nbsp;</P><P>As you say, you want to know how to protect against unknown... in short, malware has become a big data problem which is why Cylance uses machine learning techniques to predict whether a never seen before file is bad based upon previously learned analysis. In truth, everyone has upped their game in catching something quicker than they would have done with just a signature (known bad) but like sandboxing, almost all have the problem of patient-0.&nbsp;</P><P>&nbsp;</P><P>I'm not a sales guy but I can speak about my experience to help you make an informed choice/ shortlist. Let me know how else I can help.</P><P>&nbsp;</P><P>Patrick Bayle CISSP</P> Thu, 30 Nov 2017 09:30:19 GMT https://community.isc2.org/t5/Member-Support/New-Generation-of-AntiVirus-Software-for-Workstation/m-p/4012#M419 pbayle 2017-11-30T09:30:19Z