The evolution of modern technology is creating another boom for information security products and vendors. At the most recent RSA Conference in San Francisco we witnessed further record breaking numbers with nearly 48,000 attendees. As you traversed the expo floor, it was hard not to notice the year-over-year increase of new security vendors. The innovation of these new companies is not a bad thing. But the billion dollar question is, how many of these vendors will still be standing 12-18 months from now? Innovation in the security space is happening at a speed never seen before, as the industry responds to the even faster evolution of malicious capabilities.

With innovation comes the need to manage, test, evaluate, implement, and most importantly, understand functionality and how new products fit into existing layers of defense. Protection throughout the stack is out there. Integration is maturing as more vendors and products are opening up to integration between themselves, in the best interest of their customers. However, that understanding can sometimes be confusing. Let’s take malware defense as an example.

Anti-Virus (AV) tools are a mainstay, and the approaches to detecting, isolating, and removing threats are similar and rely on differences to provide competitive advantage and best pharmacies online fit for consumers and organizations. In the past (and even today) AV companies would rely on signatures, and other “known” identifiers to detect and block malware variants. We now have a new way to approach the issue that makes sense, but does not replace the ongoing need to block more general, unknown malicious functions: looking inter and intra system at behaviors of all objects.

In the “Kill Chain,” depicted above and developed by Lockheed Martin, this detection capability can move to the left of the process. Malware does not have to initially be identified for an update to be sent down to other clients. With a solution that looks cross-system, the behaviors themselves, such as escalation of privileges, lateral movement, and other known processes can be identified and managed. This innovation allows for detection at the first instance of a new variant because bad things do bad things.

Bad actors can just as easily (as seen in every malware UI) determine which AV solutions will not detect their code. Now that game has changed. If products like Cybereason, which are bringing this new type of capability to market are implemented, those malware configuration UI’s can’t save the bad guys some time and money because they are now obsolete (tongue in cheek). Meaning, whether an AV can detect a variant or not no longer matters. With the ever-evolving threat of malware, AV detection alone will just not be as effective.

It is important to understand the innovation and function these new solutions offer. Do you know where they fit into your stack and what they do and do not replace? Do you know how to evaluate, test and compare when the functionality is different compared to the “2.0” versions of security? When faced with evolved technology, comparing it to the last generation is like comparing apples to, well, newer apples and maybe a pear. When a newer product comes to market it takes more than an automated peer test. It takes a different thought pattern and a new methodology.

Companies, and security practitioners, should ask themselves these questions and continue to adapt and evolve so that they make more informed security decisions. It is important to make clear and informed information and cybersecurity decisions as malicious functionality continues to evolve. Remember we are in an “arms race” and with every new evolution of cyber weaponry, a new evolution of defense is needed. And more importantly, a new vision in understanding how that defense works.