A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.
This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.
To put it plainly, when it comes to networks being breached, it is not a case of if, but when.
Given this threat landscape, the topic has been a focus for vendors, meaning analysts—most recently Bloor Research—have analyzed these vendors by the robustness of capabilities and levels of innovation, resulting in vendor landscapes like the one below from Bloor Research. We are pleased that Cisco (Sourcefire) is the clear leader here:
In addition to mapping how vendor technology stacks up, they share a few reminders of vital importance:
- “Many traditional controls are no longer up to the task of defending against complex, sophisticated attacks, which are using custom-developed malware in many cases.”
- “No matter how good the front-end controls are, some exploits will always get through. It is not a case of if, but when, an organization’s network will be breached.”
- “The ability to uncover threats lurking on networks is therefore a key consideration in protecting networks, and the valuable information that they contain, against advanced targeted attacks so that actions can be taken to remediate and recover from incidents as quickly as possible before serious damage can be done.”
Bloor also includes a Market Map, looking at different market segments that range from specialized vendors up to the most robust segment of companies providing “fully automated advanced threat protection and response capabilities.” AMP placed as a leader as a “a one-stop shop for advanced threat protection and remediation.”
What is interesting is that we are a clear leader in Bloor’s assessment based on our advanced threat protection and response capabilities, and our leadership only grows wider when factoring in our true differentiator that nobody else offers – Retrospective Security.
We need to not only block threats during attacks, but also account for what to do after attacks—as invariably a threat will evade a point-in-time technology. For this reason, our AMP product forcefully confronts advanced malware with a unique approach, combining leading security effectiveness and detection rates with continuous capability to address an important gap that exists in all point-in-time products. This means, unlike other products, we never lose sight of files and can “go back in time” at any point to retrospectively identify and instantly remediate any file that initially evaded point-in-time defenses.
We also believe Advanced Malware Protection (AMP) must be everywhere—as pervasive as the threats themselves. We offer AMP for all enforcement points and vectors in the extended network: on networks, endpoints, mobile devices, virtual systems, web, and email gateways—wherever threats can manifest.
What is more, with AMP deployed, when a threat is seen in one vector, the rest of the infrastructure is instantly aware and automatically updates against it for instant remediation. Only Advanced Malware Protection offers this.
We must also do this across the full attack continuum with protection before, during, and after an attack.
For more details please see our Advanced Malware Protection page or for an additional analyst view, download a free copy of the 2014 NSS Labs Breach Detection Systems SVM and PAR for Advanced Malware Protection.