51% of attacks last year did not include any files or file fragments being written to disk, so antivirus would never be able to catch them. This is why antivirus alone is not a good strategy. It takes more. EDR, aka Endpoint Detection and Response products are going to be replacing antivirus products this year. There are a lot of companies getting into that business space.
Do we have one? No, but I have a few on my list to look at. Crowdstrike and CarbonBlack are a couple of them. I would consider the space volatile right now with a lot of startups and mature players pivoting into it. It’s hard to say who the winners will be right now.
Daniel Weatherly
