Dear Members,
What will be your expected protection feature(s) in New Generation AntiVirus?
Please correct me if I am wrong...
Scanning Object (known Virus Signature) and Sending Object (Potential Malicious) to Sandbox test did not provide a Comfortable Security level for End-Point-Protection.
I would like to have features as below (monitoring the Malware Behaviour and Objective via the Approach from Web Application Protection, Digital Forensic, Malware Analysis):-
Monitor the activities of browser - alert Malicious Traffic, Re-Direct, XSS, Keylogger...(Do not expect Web Application Developers to take all responsibilities to protect their Users); alert access to Malicious Web Site (Should verify the Web Site from blacklist in Cloud); Double check the Digital Signature of the Web Site (avoid MITM - request a product in Cloud to verify one more time)...
Monitor Parent and Child Process - alert any Background task and or Network connection and or storage...
Data Acquisition on potential attack target file and registry - alert on change...
Computer Activity Summary Report
Please share your view and comment (expected feature) on handling the UNKNOWN...
Thanks, Joseph
Hi Joseph,
Full disclosure - I work for Cylance (www.cylance.com) as a system engineer. the AV/ NGAV space is probably the most congested of all technology solutions out there with at least 60+ vendors fighting for market share. Before I joined Cylance over 1 year ago I worked for security integrators in the UK and reviewed the majority of NGAV offerings and the reason I joined Cylance is because I found Cylance to be using a groundbreaking, revolutionary approach that I feel could change the way AV works going forward.
As you say, you want to know how to protect against unknown... in short, malware has become a big data problem which is why Cylance uses machine learning techniques to predict whether a never seen before file is bad based upon previously learned analysis. In truth, everyone has upped their game in catching something quicker than they would have done with just a signature (known bad) but like sandboxing, almost all have the problem of patient-0.
I'm not a sales guy but I can speak about my experience to help you make an informed choice/ shortlist. Let me know how else I can help.
Patrick Bayle CISSP