Protecting the perimeter is usually about dealing with threats and this year's Innovators do a great job of addressing that. One of our picks offers a creative approach to a straightforward and well-worn tool: the IDS/IPS. This tool focuses on malware, a pretty good approach given that malware is a major attack vector. Those applications that we vulnerability tested will surely succumb to the right kind of malware if a hole exists and the bug can get into our enterprise.
Add in a dash of the cloud and we have an even more difficult environment to secure. Taking advantage of really useful types of data that occur in every network, this Innovator gets a solid view of the enterprise, whether it is in a data center or in the cloud, and uses that view to provide comprehensive protection.
Focusing still on the threat landscape, our other Innovator in this group addresses our biggest security nightmare: zero day. Zero-day malware and attacks pose an increasingly huge threat, and dealing with that threat probably is our biggest challenge. This really is a case of not only knowing that we don't know something, but also not knowing what we don't know. Over the years, there have been lots of attempts to address this problem – from behavior analysis to anomaly detection.
Behavior analysis seems to be the most promising because there is only a limited number of ways that an attack – whether human or automated – can progress once it passes a certain point. That behavior can be categorized and its source analyzed. If there is enough data collected, the ongoing analysis of zero-day events becomes more reliable.
Using these two approaches to perimeter protection offers a solid safeguard. The tools are creative and the companies that build them are true thinkers and innovators. We think that you will pick up on the routes that the companies take to protect the data by addressing the perimeter. But, of course, this is just part of the whole defense-in-depth challenge. Like the rest of the tools in this year's issue, these two are meant to be part of a total solution to the challenge of protecting the data on several levels.