The focus here is on monitoring and analytics. We have arbitrarily designated products that use advanced algorithms, machine learning or other form of AI (such as neural nets), pull in external threat feeds as part of their data gathering and often use cloud technology to aggregate and correlate data from a large number of global sensors.
The innovators in this group certainly meet those criteria. There are four and each one has a somewhat different focus. What we found interesting is just how disparate the focus was at first glance. Deeper inspection showed us that, besides the next generation criteria, each tool had a clear strength in common: threat hunting. However, simple as that sounds, the nature of the threat hunt was different in some cases.
For example, one innovator focuses on the enterprise while other focus on what is coming at the enterprise and leaving the enterprise. For all of that, all four of these products are very competent threat hunters, each in its own way.
Returning to the next generation criteria, here is where we saw a lot of innovation. On the surface, each of these tools uses machine learning, for example. However, if that is as far as you want to take it, you'll just be touching the tip of the iceberg. More and more we are seeing PhD data scientists in these fast-moving innovators. And that is no surprise. Developing the algorithms that can handle big data - and we mean really big – is the focus here. This isn't drinking from a firehose… it's drinking from Niagara Falls as you go over with a big hole in your barrel.
We saw an increasing emphasis on Bro, the security monitoring language and, as an aside, learning a bit of Bro can be a big help to threat hunters. Bro is a well-thought-out scripting language that focuses completely on security monitoring and logging. Part of its attractiveness is that it is open source so we see variants of Bro popping up in very sophisticated next generation monitoring tools.
The bottom line here is that this is an emerging category that may end up subsuming several other categories over time as the focus for network security pros turns more and more to threat hunting. The products we see from these innovators already are calling the tune for what we should be expecting from next generation monitoring tools.