These newer detection markets can be compared to a much larger but older detection technology market called security information and event management (SIEM), which Gartner said reached about $1.6 billion in U.S. revenues in 2016. The major distinction between SIEM and the newer technologies is that SIEM is rules based, while newer detection systems rely on advanced analytics which typically, but not always, include machine learning software, Litan said.
Advice to security teams
A combination of newer detection tools with older prevention tools is how large enterprises are typically addressing their security needs.
"With security, there's always room for improvement, and you'll never solve all security problems," Litan said. "You can't only have prevention. You have to have detection, but there's no silver bullet."
Jack Gold, an analyst at J. Gold Associates, agreed. "It's not really one or the other," Gold said. "If you can find a hack quickly and shut it down, then you've essentially prevented a breach. The best approach is one that's layered with both prevent and detect. Just to have one or the other isn't as secure as deploying both. Many vendors are moving in that direction as well."
Juniper's Moar said it is "vital" for enterprises to have a detection tool that works well with their prevention and mediation software.
"Having a tool that shows threats is useless if you can't counter those threats," Moar said. "Software that seeks out new connections on the company network, making them visible to security detection and remediation, eliminates this problem."
Before a company buys detection products, Litan said there are a series simple steps that can be taken to tighten up systems. That includes what may seem obvious: remove administrator privileges from end user accounts so that malware can't be distributed throughout a system.
"There's a lot you can do before spending more on detection as you wait for vendors to get smarter. My main piece of advice is you make sure you work closely with the vendors and make sure you have their current version," Litan said.
Litan said vendors are working on developing automated detection tools that may eventually reduce a company's heavy reliance on security analysts to track attacks.
Even so, Ayoub said security remains an ever-expanding field that will continue to rely on people power. "If a security event happens, a company will start collecting data around it, which still requires certain skill sets that aren't generally available. We still need security analysts to track this stuff down."
Sign up for CIO Asia eNewsletters.