Security in 2016 and how to lead further the end-point security market

Companies will invest more in security solutions, driving overall Enterprise Security market growth. 

In 2015 and the beginning of 2016 we witnessed a rise in security incidents and breaches, with significant more visibility of documented APT (Advance Persistent Threat) type of attacks targeting top corporations or governmental entities (such as APT-28, analyzed by my colleagues in Bitdefender here), but also with ransomware attacks emerging fast (an interesting article here) and targeting individuals, small companies but also public sector or even healthcare organizations.

In this context, we see concerns for security rising to the top levels, with decisions taken at the board level in most companies. CEOs are concerned about security not only because of the cost of a breach (unavailable resources and/or money being lost), but also because the reputation of their companies is at risk when customer data is lost or exposed to criminals (here is a recent example - 200 million of Yahoo account details on sale on the Dark Web). 

As a consequence, security is less a question of absolute protection or if it will happen (the probability of being a target is higher than ever before for most of individuals and companies), and is beginning to be a matter of preparing for when it will happen – i.e. improve prevention levels, detect faster the breaches (in many cases it takes many months or even years to detect such breaches), and creating a response plan (ideally including some level of automatization where possible) to isolate the breach, contain harmful effects and remediate the operations.

For addressing customer needs, the players of the security industry took 2 approaches, competing directly against each other. The first was fast development of an offer addressing the need for detection of breaches and response technologies (detect and response solutions, targeting mainly large and very large companies). The second was the answer of the traditional anti-virus and anti-malware solutions, under high pressure following bold public statement such “Antivirus is dead” (Symantec official, 2014), taking an improvement strategy for the classic End-Point Protection agents, accelerating deployment of new technologies such as Active Threat Control or ATC, patented by Bitdefender.

Initially, targeting their customers with aggressive marketing messages such as “You can click on Anything” or “See Every Attack in less than 5 seconds,” the vendors providing detection and remediation solutions climbing up the hype cycle of expectations managed to grab fast some market share, especially among Fortune 500 companies, with some traditional vendors losing market share fast (according to Gartner, 2015 security market data).

However, the visionary End-Point protection solutions such as the one provided by Bitdefender were getting better by deploying artificial intelligence solutions to automate and speed up detection of malware, consolidating their threat analysis at a global scale and becoming more effective than ever. For example you can see here an article on how algorithms developed and deployed by Bitdefender will identify unknown new threats with 99.99% accuracy, this being only one of the explanations for Bitdefender’s premium detection rate and awards for many years (2012-2016 awards here), followed by double-digit enterprise market share growth in main markets such as the EU and US.

So what’s next? As the threat landscape develops, with IoT bringing in new challenges and facing a shortage of security skills facing the rampant demand, the security industry will have to further adapt and develop to accomplish its mission: protect our modern way of life, including our social media accounts, medical records, bank accounts, personal information stored with our smaller or global suppliers.

Visionary vendors continue to develop technology addressing Detection and Response needs.

As all the End-Points such as mobile, notebooks, desktops but also billions of new intelligent devices work all only interconnected in a global pool supported by billions of virtual servers and virtualized networks, producing and consuming data which needs to be available, the future leaders of digital defense will have to provide solutions even when there is only a blurry line between personal and enterprise space, or public, home and corporate networks. In such conditions, the initial divergent vendors focusing on detection and remediation, as well as End-Point Protection vendors, will converge back into the same direction, all developing the new End-Point Detection and Response solutions.

First of all, vendors will increasingly collaborate, at a global scale, with 3^rd party threat intelligence feeds integrated into the new Vulnerability Assessment modules and Security Analytics modules aimed at improving Prediction of attacks. For improved Prevention capabilities, the leading vendors are developing today application control capabilities. The Detection capacity is also playing an important role, with artificial intelligence and technologies such as ATC developed by Bitdefender (whitepaper download here) being determinant in staying ahead of threats. To Respond when the attacks are uncovered, improved reporting and analytics including correlations at the whole enterprise level and introspection techniques (paper on HVI technology developed by Bitdefender and Citrix here) are prepared to be deployed, as well as remediation capabilities and procedures.         

We would recommend customers looking to refresh their End-Point protection solutions to run the solutions first in their environments (click here to apply for a Bitdefender Gravity Zone Enterprise Security solution POC). For further references, Gartner’s Adaptive Security Architecture (more details here) or Forrester’s Adaptive Intelligence models can also be used, but for sure the innovative vendors are already working with such consultants to improve their solutions’ response to the development of the threat environment.