NGAV-Based Prevention

Cybereason NGAV protects endpoints against a broad spectrum of malware, ransomware, and fileless attacks, using a variety of detection techniques. While traditional antivirus products analyze signatures only, NGAV automatically detects and prevents malware on the endpoint using:

  • Signature-based analysis

  • Artificial intelligence analysis

  • Fileless PowerShell and .NET protection

  • Anti-Ransomware

NGAV takes traditional NGAV and extends it further using both signature-based analysis and behavioral-based analysis.

You can use any of these types of protection in your environment. NGAV features are optional and are supported on specific operating systems. Windows supports all NGAV features. MacOS supports Signature-based protection only. For a full list of supported operating systems, see Endpoint machine prevention features.

This section describes how to deploy and manage Cybereason NGAV.

Watch this video to learn how NGAV can protect your organization.

What kinds of attacks threaten my organization?

Today’s cyber threats include a wide variety of malware types:

  • Known malware

  • Unknown malware

  • Ransomware

  • Fileless malware using PowerShell and .NET

  • Zero day exploits

  • APTs

  • Other advanced techniques

Some types of malware are file-based, meaning they are delivered in a malicious file. However, many newer types of malware are fileless, piggybacking on other processes or modules to deliver their payload. Malware delivered via PowerShell or web Shells are examples of fileless malware.

The Cybereason platform can prevent and detect file-based malware before the file can be opened. For fileless malware, the Cybereason platform performs detection and prevention while the file is running, by using behavioral detection techniques.

Many endpoint security products focus on protecting against known malware alone, while Cybereason NGAV protects against all the above varieties.

How does NGAV prevent attacks?

NGAV includes several layers of protection to address each type threat.

Layers of protection

NGAV Layer

Description

Anti-Malware (Pre-execution)

The Anti-Malware layer analyzes files as soon as they appear on disk, before they can execute. It uses two types of analysis to determine if a file is malicious:

File signature analysis

NGAV’s file signature analysis receives frequent updates from global threat intel sources, detecting and preventing known malware with very high accuracy.

Signatures analysis prevents file-based, known malware.

Artificial intelligence analysis

NGAV includes machine learning algorithms that analyze files for indicators of malicious content, detecting and preventing unknown malware with a high level of accuracy. Artificial intelligence is able to catch new and unknown malware.

Artificial intelligence prevents file-based, unknown malware.

Fileless PowerShell and .NET protection (Dynamic)

PowerShell is a legitimate Windows module used by attackers to launch advanced, fileless attacks. NGAV’s PowerShell protection detects and prevents PowerShell-based attacks before they can be launched. NGAV has visibility into PowerShell behavior and is capable of preventing sophisticated attacks.

Increasingly, attackers have been exploiting .NET, a powerful framework available on every Windows operating system that is hard to monitor and secure. Standard antivirus tools do not detect fileless .NET-based attacks. NGAV can defend customers against the most recent malicious .NET techniques.

Anti-Ransomware and Predictive Anti-Ransomware (Dynamic)

NGAV detects and prevents both known and new strains of ransomware, using behavioral and predictive detection and proprietary deception techniques.

EDR detection (Post-infection)

The Cybereason platform EDR component can detect advanced attacks that elude endpoint prevention layers. The CMC engine cross-correlates data to provide visibility into advanced attacks. EDR provides analysts with investigation and response capabilities.

Detects: APTs, advanced attack techniques.