This IDC study discusses the market for STAP solutions, which are categorized by their lack of reliance on signatures to filter out known threats. They also typically (but not always) feature the use of analytics tools, possibly in conjunction with threat intelligence, to understand what "normal" behavior looks like. From this understanding, activity that deviates from the norm can be marked for further analysis. If it turns out that they are unusual but innocent, they can be allowed back into the mainstream. However, if they do turn out to be malicious or perhaps even deemed to have a sufficiently detrimental impact on performance, they can be blocked.
"Western European enterprises increasingly realize that traditional approaches to security are unsustainable. This is particularly so given the backdrop of an escalating threat landscape, targeted attacks, and mounting digital transformation. Consequently, there is an appetite for offerings that go beyond traditional, reactive approaches and offer more proactive solutions. The ability to understand context and behavior to identify unwanted, suspicious, and malicious activity through STAP solutions opens a new front for enterprises in the battle against threat actors. While remaining a small segment, the rapid pace of growth means that the STAP market's time to shine is upon us," said Dominic Trott, research manager, IDC's European Security Research practice.