Next-Gen, a marketing term that implies new, no longer is. Yet a decade after its introduction it’s still being used in sentences right after some variations of “AV is not enough.” And it makes less and less sense as the years go by. It was hard to find an AV vendor ten years ago, they are rarer now. It was 2003 when Symantec added a firewall and network-based detection engine to supplement AV protection. By now there may be vendors who only offer a file-scanning (AV) only solution. I don’t know them.
That is not to say that AV as a technology no longer exists. It’s a small but important part of endpoint protection. Take Sunburst and Solar Winds. Once this became known, AV signatures were quickly deployed to detect it. AV is fast, effective and not false positive prone. We didn’t need a roomful of data scientists trying to retrain an algorithm. In fact, there’s a lot of known malware out there that AV is a pretty good choice for protection against. It still has its place in a robust protection stack.
While Next-Gen may still be effective as a marketing term, it's well past its expiration date.
But Machine Learning (ML) was a huge improvement to proactive protection. It became associated with Next-Gen products. One marketing department in the industry, strangely implied that by using ML their engineers had discovered math. Unfortunately for Next-Gen vendors, ML was not their discovery, it had been around for a while. In fact, Symantec had been using ML for years before Next-Gen became a thing. We had heard of math.
Which brings us to today. While Next-Gen may still be effective as a marketing term, it's well past its expiration date. Every vendor uses ML today. It is a part, not the whole, of endpoint protection. And there is a Next-Next. What’s next today is adding technology that helps customers harden their endpoints, prevents the abuse of Active Directory (AD) and integrating human threat hunters into the products themselves. That is the generational change in protecting endpoint in 2021. Next-Gen, that’s a generation behind.
In the first of a series of follow-up analysis on the SolarWinds attacks, we take a look at how the attackers disabled security software and avoided detection
We encourage you to share your thoughts on your favorite social platform.