cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sgjoelee
Viewer

New Generation of AntiVirus Software for Workstation

Dear Members,

 

What will be your expected protection feature(s) in New Generation AntiVirus?

 

Please correct me if I am wrong... 

 

Scanning Object (known Virus Signature) and Sending Object (Potential Malicious) to Sandbox test did not provide a Comfortable Security level for End-Point-Protection.

 

I would like to have features as below (monitoring the Malware Behaviour and Objective via the Approach from Web Application Protection, Digital Forensic, Malware Analysis):-

 

Monitor the activities of browser - alert Malicious Traffic, Re-Direct, XSS, Keylogger...(Do not expect Web Application Developers to take all responsibilities to protect their Users); alert access to Malicious Web Site (Should verify the Web Site from blacklist in Cloud); Double check the Digital Signature of the Web Site (avoid MITM - request a product in Cloud to verify one more time)...

 

Monitor Parent and Child Process - alert any Background task and or Network connection and or storage...

 

Data Acquisition on potential attack target file and registry - alert on change...

 

Computer Activity Summary Report

 

Please share your view and comment (expected feature) on handling the UNKNOWN...

 

Thanks, Joseph

1 Reply
pbayle
Viewer II

Hi Joseph,

Full disclosure - I work for Cylance (www.cylance.com) as a system engineer. the AV/ NGAV space is probably the most congested of all technology solutions out there with at least 60+ vendors fighting for market share. Before I joined Cylance over 1 year ago I worked for security integrators in the UK and reviewed the majority of NGAV offerings and the reason I joined Cylance is because I found Cylance to be using a groundbreaking, revolutionary approach that I feel could change the way AV works going forward. 

 

As you say, you want to know how to protect against unknown... in short, malware has become a big data problem which is why Cylance uses machine learning techniques to predict whether a never seen before file is bad based upon previously learned analysis. In truth, everyone has upped their game in catching something quicker than they would have done with just a signature (known bad) but like sandboxing, almost all have the problem of patient-0. 

 

I'm not a sales guy but I can speak about my experience to help you make an informed choice/ shortlist. Let me know how else I can help.

 

Patrick Bayle CISSP