Over the past few weeks, I’ve spoken to a number of security vendors including Bit9, Bromium, CounterTack, Invincea, Malwarebytes, and Sourcefire. Each of these firms is offering some type of new security technology for detecting/blocking advanced malware that circumvents traditional defenses like firewalls, IDS/IPS, and antivirus software.
To their credit, all of these vendors are pitching their products as an added layer of defense rather than a replacement for traditional antivirus software. A wise decision since many enterprises view antivirus software as a proverbial “check-box” and antivirus is often a specific regulatory compliance requirement. The vendors I spoke with understand this and are saying the right things. Something like, “AV is an important signature-based technology for known threats. Our product provides additional protection against APTs and other types of sophisticated, targeted malware attacks.”