IDC Sees Growth In Market For Advanced Threat Protection

To defend against specialised threats such as financial and intellectual property theft through malware, a new segment of products has emerged that leverage a variety of technologies above and beyond signature-based defenses, which research firm IDC has dubbed Specialised Threat Analysis and Protection (STAP).

The worldwide market for STAP solutions is forecast to have a compound annual growth rate (CAGR) of 42.2 percent from 2012 through 2017 with revenues reaching $1.17 billion (£88bn) in 2017, according to IDC’s study “Worldwide Specialised Threat Analysis and Protection 2013-2017 Forecast and 2012 Vendor Shares”, which examines the STAP market and provides a market size for 2011, vendor shares for 2012 and a forecast for 2013–2017. The market also includes products that allow for the reverse engineering and forensic analysis of discovered malware.

Advanced attacks

Since the malware used in these types of advanced attacks is simply a tool for the collection and exfiltration of data, sophisticated hackers are using different pieces of code for each phase of the offensive, making the detection of advanced attacks much more difficult.

“Organisations have quickly begun to realise that they need improved protection against targeted attacks,” John Grady, research manager with IDC’s Security Products group, said in a statement. “IDC has seen these solutions become a strategic necessity for many organisations, especially in the financial services and government sectors, with budget being quickly allocated to prioritise deployment.”

The STAP competitive security products, which use a predominantly signature-less technology like sandboxing, emulation, big data analytics and containerisation to detect malicious activity, can be based at the network level, on the endpoint or both, and scan both inbound and outbound traffic for anomalies including botnet and command and control traffic.

Many STAP solutions today are deployed in a layered fashion, such as endpoint and network-based solutions, suggesting that not all vendors in this market compete against one another. The report noted that in many cases, there remains a gap between detection and remediation, although vendors are moving quickly to address this.

Major threat

The report projected that ultimately many STAP functions would be incorporated into traditional security products, although IDC researchers said they believe this would occur toward the end of the forecast period. For the short term, products in the STAP market remain incredibly varied, though they all tackle the same fundamental issue of bringing visibility and protection against threats that legacy security products are unable to address.

Businesses are beginning to rank cyber-security risks as greater than natural disasters and other major business risks, and while only 31 percent of companies are insured against data breaches, a growing number of companies are exploring policies, according to the findings of a survey conducted earlier this month by Experian Data Breach Resolution and the Ponemon Institute.

The study found that the likelihood of a company considering a policy increases after it experiences an incident. Just under a third (31 percent) of companies reported current cyber-insurance coverage, and survey results suggested growth on the horizon, with 39 percent of respondents saying their organisation plans to purchase a policy.

Are you a security pro? Try our quiz!

Originally published on eWeek.