2017 proved the necessity of endpoint security perhaps more than ever. Major malware and ransomware attacks changed the global conversation about the safety of our data and servers, and we learned more concretely that traditional, signature-based antivirus are insufficient to protect us. This revelation emphasized the need for more comprehensive and adaptive antivirus and firewall solutions to combat the constantly evolving threats.
To address this mounting crisis—and perhaps to help reassure enterprises of all sizes—some endpoint solutions providers are taking the initiative to step up their innovations. They’re designing and upgrading their security solutions to work more holistically, to better identify diverse threats and respond to them. In other words, they’re moving from traditional antivirus to Next Generation Antivirus (NGAV).
NGAV can mean many things to different people, but for our purposes, we define NGAV as being capable of:
- Better detecting, preventing and responding to new versions of malware, including signatureless malware
- Allowing for threat data collection to reduce false positives and categorize threats
- Automating remediation capabilities
- Providing for a simple user experience and simplifies event interpretation
NGAV is an interesting subsection of the endpoint security market, as it is still developing as a field of its own in cybersecurity and as the solutions evolve and mature. As endpoint security companies jockey for position in the market and as greater security threats loom in 2018, NGAV providers seem poised to meet the challenge with more innovations to keep attackers at bay and detect threats in real-time. That detection capability might be the most important aspect of NGAV solutions—preventative measures are essential but cannot possibly protect against all incoming threats. Eventually, a malware or fileless malware code will slip past your defenses. Without detection capabilities, you’ll deal with a dwell time in the months or possibly years…and the proportional damages.
With that in mind, here are six NGAV vendors we’ll be watching, presented in alphabetical order.
Barkly is a young Boston-based NGAV startup already turning heads, and December proved to be an excellent month for the vendor. December marked Barkly Endpoint Protection Platform’s validation to assist healthcare organizations with compliance of HIPAA. Early December also saw the announcement of the industry’s first mobile incident response capability for endpoint protection, allowing enterprises to respond to incidents from their iOS or Android device regardless of location. Their interface and comprehensiveness compared to traditional antivirus are also receiving more industry and customer attention and praise. Is 2018 the year they truly take off in the NGAV market?
On the corporate side of things Carbon Black has made some boardroom moves in recent months that imply a planned expansion into the global marketplace, especially in Asia. There have also been rumors of an IPO in the coming year, mitigated by similar claims attached to the company last year.
On the technical side, the Massachusetts-based vendor offers NGAV through CB Defense, which is designed to take a system-centric approach to malware and malwareless attacks and improve visibility. Their solution consistently records all endpoint activity making it easy to track potential security threats and determine root causes, simplifying threat management and detection. 2018 might prove a particularly bountiful year for Carbon Black.
Endpoint and NGAV provider Crowdstrike made even more of a name for itself after investigating the DNC data breach, and they placed as a Visionary in the 2017 Magic Quadrant for Endpoint Protection Platforms. But the vendor doesn’t appear to be resting on its laurels. CEO George Kurtz is reportedly pushing for customers to install lightweight software that can monitor for incoming threats and relay their findings back to Crowdstrike to create real-time protection solutions and upped their NGAV detection capabilities. In May they upgraded their platform’s cloud protection capabilities. In November they announced the Crowdstrike Falcon Spotlight, centralized vulnerability management module for easier use.
Rumors persist of a possible acquisition of Crowdstrike by VMware, but so far neither company will confirm. Either way, Crowdstrike looks to be making bold strides forward as an NGAV solutions provider for 2018.
2017 might have proven rough for the Moscow-based endpoint and NGAV solutions provider, yet it cannot be denied that Kaspersky Lab maintains a reputation for in-house innovation and thorough protection. Kaspersky Lab received the Gartner 2017 Endpoint Security Customer Choice Awards Platinum for their easy deployment and trusted protection earlier in the year. They’ve been one of the most prominent and vocal proponents of NGAV in the endpoint security market, and 2018 might yet be the year that their theories and innovations are proven correct—and perhaps necessary.
The Israeli cybersecurity startup Morphisec only entered the U.S. market in December of 2016, but they are already starting to make waves here. In August of 2017 they released the Morphisec Endpoint Threat Prevention 2.0, upgrading their usability and threat intelligence and expanding their protection scenario—all bolstering their NGAV capabilities. Then in November, they announced that their solution blocked 100% of exploits and evasive malware in SE Labs’ independent Advanced Endpoint Protection Test, which is quite the achievement. And they’re addressing the severe cybersecurity staffing issue by launching the Women in Cybersecurity Scholarship Program in the US.
Morphisec’s NGAV solution utilizes a honeypot-esque security model, utilizing specifically unmodified systems resources as a dummy to trap and expose malicious activity while the real databases remain untouched. It’s a deceptive defense that can prove effective against non-traditional threats. 2018 will see if Morphisec can capitalize on their successes this year.
The California-based SentinelOne made quite a lot of announcements in late 2017. In September, they launched Vigilance—a turn-key solution to accelerate cyber threat detection, prioritization, and response. They also partnered and combined solutions with network security vendor SonicWall to improve data breach detection and prevention. In November they hired experienced Country Manager Fiaaz Walji to help them expand their market presence in Canada. Then they released endpoint deep visibility nodes and lateral movement detection solutions to their security portfolio, improving their NGAV capabilities.
In other words, they seem to be making calculated moves, positioning themselves to become more global and more recognized. 2018 might prove a windfall year for them.
We here at Solutions Review do wish to note that our definition of NGAV is not a universal one: it’s a maturing market that is still innovating and exploring within the field. As such, the capabilities and focuses of different NGAV solutions will radically differ from one to another. It also remains to be seen how NGAV will fair against endpoint detection and response (EDR) solutions—it too is a maturing market but with a much tighter definition and more consistent capabilities.