What is a next-generation antivirus (NGAV)?

Authors

Gregg Lindemulder

Staff Writer

IBM Think

Amber Forrest

Staff Editor | Senior Inbound, Social & Digital Content Strategist

IBM Think

What is NGAV?

Next-generation antivirus, or NGAV, is a cloud-based technology that uses artificial intelligence, machine learning and behavioral analysis to protect endpoints against malware and other types of cyberthreats.

Unlike traditional antivirus software that uses signature-based detection to identify previously known threats, NGAV can detect unknown malware threats and malicious behavior as they occur in near real-time. In this way, it offers a more effective method for addressing modern threats such as ransomware, scripting attacks, fileless malware and zero-day vulnerabilities.

Think Newsletter

Would your team catch the next zero-day in time?

Join security leaders who rely on the Think Newsletter for curated news on AI, cybersecurity, data and automation. Learn fast from expert tutorials and explainers—delivered directly to your inbox. See the IBM Privacy Statement.

Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.

https://www.ibm.com/us-en/privacy

How NGAV works

Legacy antivirus (AV) solutions use a database of malware signatures and heuristics to detect viruses in endpoint devices such as desktop computers, laptops, tablets and smartphones. These signatures are strings of characters within a file that indicate a virus could be present.

This approach leaves endpoints vulnerable to potential threats that have yet to be identified and cataloged in the signature database. Even with frequent signature updates, a new or unknown malicious file could go undetected.

In contrast, NGAV solutions use behavioral detection to identify the tactics, techniques and procedures (TTPs) associated with cyberattacks. Machine learning algorithms continually monitor events, processes, files and applications for malicious behavior.

If an unknown vulnerability is targeted for the first time in a zero-day attack, NGAV can detect and block the attempt. NGAV can also prevent fileless attacks such as those that exploit Windows PowerShell and document macros, or phishing emails that persuade users to select links that run fileless malware.

As a cloud-based technology, NGAV is also faster, easier and more cost-effective to deploy and manage than their traditional counterparts. With its ability to monitor endpoint activity and provide immediate incident response, NGAV can block many of the attack vectors hackers use to infiltrate systems.

Security Intelligence | 3 December, episode 11

Your weekly news podcast for cybersecurity pros

Whether you're a builder, defender, business leader or simply want to stay secure in a connected world, you'll find timely updates and timeless principles in a lively, accessible format. New episodes on Wednesdays at 6am EST.
Watch the latest podcast episode

NGAV benefits

Rapid deployment

Cloud-based NGAV can be deployed, updated and managed faster, easier and with fewer resources that traditional AV. There is no extra hardware or software to install and configure, no signature updates to continually administer, and has little to no impact on endpoint performance.
Speedy threat detection

Legacy antivirus can detect only known malware signatures that have been previously identified and entered into a database. NGAV monitors and analyzes endpoint behaviors in near real-time to detect and block both known and unknown threats, including zero-day attacks.
Proactive protection

NGAV gives security teams the capability to proactively defend against rapidly evolving and advanced threats. Over time, machine learning algorithms become more adept at identifying typical endpoint behaviors and differentiating them from patterns that indicate a heightened risk of a cyberattack.

NGAV capabilities and limitations

While capabilities differ across vendors, most NGAV solutions offer the following capabilities:

  • Machine learning algorithms: NGAV can examine thousands of file characteristics and endpoint activities in near real-time and identify anomalies and unexpected actions that can help stave off known and unknown threats.

  • Behavioral analysis: NGAV establishes baseline behaviors and identifies suspicious behaviors that indicate malicious activity or cyberattack through analysis of users, devices, applications and systems.

  • Threat intelligence: Many NGAV solutions can integrate the latest threat intelligence on the sources, tactics and impacts of specific malware attacks to help detect and block them faster and more effectively.

  • Predictive analytics: NGAV collects a massive amount of data and feeds it into predictive models that can detect the presence of malware or a potential cyberattack before it occurs. Once a threat is identified, NGAV intervenes to prevent or minimize damage.

Although NGAV is more effective than traditional antivirus software, it is not foolproof. Occasionally, it might return a false positive or fail to detect a virus. Cybercriminals and hackers are still creating and testing new methods of evading the latest antivirus protection technologies.

When NGAV defenses are breached on an endpoint device, organizations often rely on other technologies, such as endpoint detection and response (EDR), unified endpoint management (UEM) or security information and event management (SIEM). These security solutions offer a broader, system-wide approach to the prevention and mitigation of cyberthreats across many different endpoints.

Resources

Secure the post-quantum future: How quantum safety strengthens cyber-resilience for today and tomorrow

Advance your company’s readiness, infused by the findings of the new IBM Institute of Business Value Report on securing the post-quantum future.
IBM® X-Force® threat intelligence index 2025

Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM X-Force threat intelligence index.
IDC MarketScape: Cybersecurity Consulting Services Vendor Assessment 2025

See why IBM has been named a Major Player and gain insights for selecting the Cybersecurity Consulting Services Vendor that best fits your organization’s needs.
Cybersecurity in the era of generative AI

Learn how today’s security landscape is changing and how to navigate the challenges and tap into the resilience of generative AI.
IBM® X-Force® cloud threat landscape report 2024

Understand the latest threats and strengthen your cloud defenses with the IBM X-Force cloud threat landscape report.
What is data security?

Find out how data security helps protect digital information from unauthorized access, corruption or theft throughout its entire lifecycle.
What is a cyberattack?

A cyberattack is an intentional effort to steal, expose, alter, disable or destroy data, applications or other assets through unauthorized access.
Related solutions
Enterprise security solutions

Transform your security program with solutions from the largest enterprise security provider.

 Explore security solutions
Cybersecurity services

Transform your business and manage risk with cybersecurity consulting, cloud and managed security services.

         Explore cybersecurity services
    Artificial intelligence (AI) cybersecurity

    Improve the speed, accuracy and productivity of security teams with AI-powered cybersecurity solutions.

         Explore AI cybersecurity
    Take the next step

    Whether you need data security, endpoint management or identity and access management (IAM) solutions, our experts are ready to work with you to achieve a strong security posture. Transform your business and manage risk with a global industry leader in cybersecurity consulting, cloud and managed security services.

         Explore cybersecurity solutions Discover cybersecurity services