Industry Innovators 2016: Data protection
At the risk of sounding like a stuck record, it's all about the data. Job one of the security stack at any enterprise, whether hardware- or software-defined, is to protect the data. A big piece of that happens at the endpoint. This can take a couple of forms: traditional – or traditional-like – endpoint protection and anti-malware protection.
Traditional endpoint protection is a sort of superset of anti-malware. All attacks don't involve malware. There are varying estimates of what percentage of attacks are malware-based and which are not. However, regardless of the method of ingress, it is likely that malware will, at some point, play a role in a major data breach. And there are issues – such as those related exclusively to malware, such as ransomware – and those that may or may not use malware as the delivery mechanism, such as denial of service.
So, the bottom line is that all endpoint protection products need to address malware in some form or other. We are of the opinion that signature-based anti-malware is nearly useless by itself. First, there are so many strains of malware – families – that building signatures for all of them is nearly impossible. Even if it were possible, it is a daunting job for such a product to scan an enterprise efficiently. So, that argues for some additional horsepower. Often, that comes in the form of heuristics. Heuristics learn so the families become the focus at some point, rather than the million-plus individual kinds of malware.
In our view, in order to stay ahead of the adversary, even heuristics is not sufficient. Some form of advanced machine learning and advanced detection algorithms are the order of the day. Both of our Innovators in this space take advantage of next-generation techniques such as these.
One of our Innovators is focused on malware. However, recognising the roles that other forms of attack play in the threatscape these folks are beginning to apply their sophistication to identifying and interdicting those types of attacks. Our other Innovator is so sure of itself that it offers a form of insurance against certain kinds of malware infestations that they don't, for some reason, catch.