Fire Eye, Sentinel One, Crowdstrike, HackerOne, Cylance, Cyphort, Trustlook, Venafi, Clavister, Invincea,  Code42,  just to name a few,  are so called NG Cybersecurity startups. NG comes from “New Generation” or “Next Generation”… (Yeah, just like in StarTrek. 🙂 )   What exactly are these “NG” products and services? There is no single definition that fits them all. Here are the common features: All of them have a cloud backend. Some install an agent on each machine, some install an appliance that acts as a sniffer in the network. Some others must be installed on the default gateway where they take control of the more important entry and exit points in the network. All of them analyze events in the network and send them in a form or another for analysis to the backend Some filter just DNS traffic, some filter just web traffic, some filter everything Combinations of above are definitely the case. None of them is installing a classical AV engine to end customers (GW or End-point) My guess (not able to prove it, though) is that they have a form of classical antivirus in the backend which is used as a “second” opinion scanner. The list can be…