The significant growth in frequency and severity of cyber-attacks has highlighted the failure of traditional security systems in combatting the threat of modern and advanced cyber adversaries. Organizations are increasingly recognizing the need for improved cybersecurity systems to combat cyber-attacks and this is driving significant growth in the already large cyber security industry which is predicted by market analysists to represent a US$170B global market opportunity by 2020. Endpoint security is a specific problem within the cyber security industry and currently represents a US$20.9B global market opportunity.
The Problem: Cyber Security—Growth in Frequency and Severity of Cyber Attacks
Modern attackers have adopted new tactics, techniques and procedures to circumvent the traditional security controls of organizations, leading to a significant increase in the incidence and severity of cyber-attacks. FIG. 1a shows bar graphs demonstrating the increase in the number of global security incidents 102 between 2009 and 2015. Overall, this indicates a 61% CAGR in the number of security incidents over that time. FIG. 1b shows bar graphs indicative of the average total cost 104 of a single data breach for an organization in the USA between 2013 and 2015. Note that this rising cost has close to a 10% CAGR producing a $6.53 million average cost 106 in 2015 for just one data breach at a typical organization.
Although organizations have recognized the importance of preventing cyber attacks, their reliance on traditional security systems have left them vulnerable. Legacy security systems are ineffective at identifying legitimate threats and often produce large volumes of alerts which lead to false positives (normal or expected behaviors that are identified as anomalous or malicious). As such, IT administrators within organizations do not have the necessary resource (personnel) or computational bandwidth to assess all alerts which often leads to legitimate threats going undetected. As a result of ineffective flagging and detection systems, organizations at the present time are taking an average of 146 days to detect a data breach. Whilst an initial breach on day 1 can result in a minor security incident, the longer a breach remains undetected the higher the chance of a major data breach.
A Specific and Major Problem: Endpoint Security Risk—Breaches at the Endpoint are a Significant Challenge for Organizations
The implementation of strong endpoint security is critical as endpoints (e.g. computers and mobile devices such as smartphones and tablets) provide the gateways through which users (and potential attackers) can gain access to highly sensitive corporate or government data. Most of the biggest data breaches, judged by the number of records beached or importance of data stolen, have involved attackers leveraging stolen employee credentials to gain access to secured networks via endpoints. The significant growth in Bring Your Own Device (‘BYOD’) and Internet of Things (‘IoT’) have further compromised the endpoint security of organizations as they no longer have control over the type or number of endpoints devices available to an end user.
An organization's approach to endpoint security, and cyber security threats generally, can be broken down into two categories: a) prevention, and b) detection and response (comparable to a strong preventative gate vs. an alarm system on a house). Traditional endpoint prevention, detection and response systems rely on pre-determined threat indicators to block and detect specific threats, whereas modern cyber attacks are using advanced techniques to circumvent these pre-determined criteria. Despite the growing endpoint security threat, there remains a fundamental difference between the way in which a hacker or an employee would operate a particular endpoint.
Thus, there is a need for a behavioral based endpoint security solution that can detect anomalies in user behavior to accurately identify all threats and breaches (regardless of the cause or effect) at endpoints without the limitations of specific pre-determined criteria.