A ‘zero day’ exploit is something that has been developed to take advantage of a security hole but has not been applied to other companies… yet. It is natural to think that these ‘zero days’ are so rare, that attackers would only use them on the largest, juiciest targets (like banks and other governments), but that just is not the case.
These NextGen tools do not rely on what happened yesterday, the way old school antivirus does. They are behavior based. They consider the characteristics of each file and what it is doing. Things like:
and thousands of other parameters are what these Next Gen AV products consider.
We recently completed another review of several major Next Gen protection tools and the results are below.
Keep in mind that these companies frequently update their software and so these features and functions will change. The intent of this grid is to simply give you a solid starting point to work from.
Also note that:
Product | CarbonBlack Defense – Confer | Crowdstrike Falcon w/Overwatch | Cylance (Blackberry) | Sophos Intercept X | Malware Bytes 3.0 |
URTech’s Initial Rating | A | A | C | A | B |
Magic Quadrant / Wave | B | B+ | B- | B+ | B- |
Behavior or File Chrctrstcs | Behavior | Behavior | File | Behavior | |
24×7 Phone Support | Y | Y | Y | Y | Y – Optional |
Win 10 1903 Support | Y | Y | Y | Y | Y |
Server 2019 Support | Y | Y | Y | Y | Y |
Web Admin (SaaS) | Y | Y | Y | Y | Y |
Path White-listing | Y | Y | Y | Y | Y |
Dual Wildcard White list Path | Y | Y – but check | No | Y | Y |
Remote Delete Files | Y | Partial | Y | No – Need EDR | Y |
Virus Total Linkage | Y | Y | Y | Y & Internal | No |
Can Disable Windows Action Center AV Registration | Gen | Y but with Quarantine | Y | Y | Checking |
MD5 / SHA White-listing | Y | Y | Y | Y | Y |
Filename White-listing | Y | Checking | N | Y | Y |
Email Alert Bundling | Y | Y | Y | Y | … |
Block Access To Web Mail Attachments | N | N | N | ADDITIONAL | N |
Agent Update Frequency / Year | 2 | Every 2 Weeks | 2 | > 4 / year | Constant |
Agent Update Require Reboot | / | Never | N | Rarely 1/yr? | Rarely 1/yr? |
Agent Update Process | Console | Console | Console | Console | PDQ/SCCM |
Mobile OS | N | Fall 2019 | N | Additional | Separate Product |
Disk Encryption | N | N | N | Y – Additional | N |
Agent Alerts | / | Y | Y | Y – Customization | Y |
Sand-boxing | N | N | N | Y | Y |
Must Replace AV | N | N | N | N | N |
PreExecution Scan | / | N | Y | Y | Y |
Performance Hit | Low | Low | Low | Low | 20mb – .5% CPU |
Kernel Mode | Y | Y | Y | Y | Y |
Server Agent | Y | Y | N | Separate | Y – Policy |
AD Password Reuse Block | N | N | N | N | N |
Keyboard Encryption | N | N | N | Checking | N |
Malicious Com Block | N | Partial | N | Partial | Blacklist |
AV File Inspection | N | N | Just at Install | N | Y |
Misc | USB Tracking for data theft – Never had a single client data breach – Falcon Complete = Contract Workers inc AIG Insurance Up To $1M For Breaches $100K+ | File Inspection Only – not behavior Blackberry’s acquisition of Cylance brings future into question | Acquired Hitman Pro Just signed large contract with Microsoft | Very positive – Solid progress in last 2 years |
This website uses cookies.
View Comments