It's that time again when we take a look at the innovators in our industry. Over the years, we've tracked new developments and there have been good years and some not so good ones. When we started this feature around four years ago, we were in a creative drought. Things got steadily better, and 2011's selection was pretty good on balance. We initiated a Hall of Fame and things looked as if they might be on the mend. That brings us to this year and we are pleased to report that the industry is holding its own. There are several reasons for this.
First, the bad guys are getting better at being bad. That always stimulates the game of “leapfrog” that we always seem to be playing. We can't even give you a credible estimate of the number of new strains of malware that are appearing on a day-to-day basis. The stats are so muddled that it is difficult to tell whether we are talking about actual new malware or just new variants of existing bugs. We suggest, however, that it does not really matter. Bad is bad, and at some point quantity ceases to be as big an issue as the impact.
| “Small companies are relatively free to innovate because they are small and need to evolve to survive.” – Peter Stephenson, technology editor |
With that in mind, the Holy Grail of anti-malware – signature-less detection – becomes more and more important. Zero-day has evolved to zero-hour and there needs to be a new way to detect and destroy malware. Some products are taking the approach that detecting and clearing certain types of malware just is not necessary. Rather than doing such a difficult task, these products attempt to do one of several things.
First, don't let the bugs get into the system in the first place. That sounds a lot easier than it is. But there are some pretty clever approaches to that problem appearing on the market. Second, assume that you're infected – whether you see any direct indication or not – and take measures to prevent damage. That means stop the payload whether it is destructive to the host or exfiltrates data out of the system. The third approach is to quarantine the entire process that allows the infection – a browsing session, for example.
Another area of innovation is in the test and analysis group. These include the products that assume that one has lost the battle. Their purpose is to allow users to determine what happened and take action to avoid losing the war. Some others are proactive. These solutions let one test the mettle of a system before it gets whacked, and then take appropriate action to clear the faults they find.
At the end of the day, though, as we've said many times before, it's all about the data. We only bother with the network and the platforms because that is where the data lives. So we need to focus on protecting the data and the access to it. Sometimes that means protecting the network or platform and sometimes it means protecting the data itself. Realistically, this is a defense-in-depth issue. One needs to protect it all. That means that access control is a very high priority. There are, of course, variants on that theme, including perimeter defense and policy management.
Finally, we visit the companies that have shown sustained innovation and performance and have contributed materially to the growth of our industry.
Further, we noticed this year that an odd thing seems to be happening. Typically we do not see many of the larger companies in this market. Big companies, arguably, have pretty much ceased to innovate. They may gobble up small innovators, but that has mixed results. Sometimes the company, product and the people who created them just disappear. The technology is subsumed into some other product of the acquirer. Occasionally the product becomes the flagship of one of the acquirer's product lines. That's a good thing whereas the former really isn't.
However, this year, we started to see companies that have excelled at innovation. Small companies are relatively free to innovate because they are small and need to evolve to survive. Big companies are not, as a rule, nimble, and they often can exist just fine continuing doing business off of stored fat. Those times may be changing. We'll need to wait to see if this is the start of a trend or just a blip.
