Since the malware itself is simply a tool for the collection and exfiltration of data, sophisticated attackers are using different pieces of code for each phase of the offensive, making the detection of advanced attacks much more difficult.
To defend against these specialized threats, a new segment of products has emerged that leverage a variety of technologies above and beyond signature-based defenses. Recognizing this, IDC has defined a new competitive security market segment dubbed Specialized Threat Analysis and Protection (STAP).
STAP products must use a predominantly signature-less technology (i.e., sandboxing, emulation, big data analytics, containerization) to detect malicious activity. These solutions can be based at the network level, on the endpoint, or both, and scan both inbound and outbound traffic for anomalies including botnet and command and control traffic.
The market also includes products that allow for the reverse engineering and forensic analysis of discovered malware. The worldwide market for STAP solutions is forecast to have a compound annual growth rate (CAGR) of 42.2% from 2012 through 2017 with revenues reaching $1.17 billion in 2017.
"Organizations have quickly begun to realize that they need improved protection against targeted attacks," said John Grady, Research Manager with IDC's Security Products group. "IDC has seen these solutions become a strategic necessity for many organizations, especially in the financial services and government sectors, with budget being quickly allocated to prioritize deployment."
Products in the STAP market remain incredibly varied, though they all tackle the same fundamental issue of bringing visibility and protection against threats that legacy security products are unable to address.
Additional findings from IDC's research include the following:
- Many STAP solutions today are deployed in a layered fashion (e.g. endpoint and network-based solutions), meaning that not all vendors in this market compete against one another.
- In many cases, there remains a gap between detection and remediation, although vendors are moving quickly to address this.
- Ultimately, many STAP functions will be incorporated into traditional security products, although IDC believes this will be towards the end of the forecast period.