The end of Daylight Saving Time in the Northern Hemisphere signals the lateness of another year, and that means it\u2019s budget time again at my company. I\u2019m looking to fund some new ideas about how to keep us safe in an increasingly dangerous online world.Now that I\u2019ve been at my current job for a few years, I\u2019ve had the opportunity to build a solid security infrastructure on my company\u2019s network. My security information and event management (SIEM) system is running fine, and generating actionable alerts nearly every day. Patch management, which used to be something I had to struggle with, is now routine. The IT system administrators have the tools they need to deploy not only Windows updates, but software updates as well. Everything is being patched regularly. My staff have good tools for managing our data security technologies. Our malware detection and blocking tools are effective both on the network and on our computers, including the virtual machines. And our website and email filters are doing a good job of blocking unwanted content.What more could I want?In my last column, I mentioned that the bad guys have become much more sophisticated in their efforts to break into networks, using techniques like malvertising combined with advanced techniques to remain invisible to modern signature-based intrusion and malware detection technologies. These techniques include encryption of malicious payloads and traffic, the use of zero-day vulnerabilities ahead of antivirus product signature releases, and malware that runs in memory instead of the hard drive, all of which were effective at flying under the radar of my antivirus tools. As I mentioned in that column, this really worries me, more than anything has in a long time. I\u2019ve been fortunate to have state-of-the-art technologies like my application firewall, which alerted me to these very stealthy threats. But I don\u2019t think that\u2019s enough.A few years ago, a \u201csecurity appliance\u201d emerged\u00a0that was supposed to be the next generation of malware detection. I have that product on my network, and you probably do too. It\u2019s pretty good at what it does, which is to inspect network traffic, identify malicious behaviors, and open up file attachments and active data inside virtual machines to recognize the signs of malware. But it didn\u2019t catch the malvertising attacks I experienced, and I\u2019m no longer sure that one product is sophisticated enough to detect today\u2019s malicious code.As the criminals get more wily and skillful, I don\u2019t think I\u2019ll be able to rely on my current security technologies, as good as they are. I think I\u2019m going to need something much more advanced \u2014 and I think network security technologies yet to be invented will have to keep pace with modern threats.So I\u2019m looking for something new to spend my budget dollars on, and that has led me to a couple of cutting-edge products that I would not otherwise have looked at. See, I usually prefer to buy tried-and-true products that other companies are using successfully, so I know I\u2019m getting something reliable. I\u2019m not one to be a guinea pig for startup companies that are looking for beta testers, because I need to have 100% confidence in my systems. But given the state of the current threat landscape, I\u2019m starting to feel like I no longer have a choice. In order to keep up with the hackers, it\u2019s starting to look like we will all have to move a little faster.This has led me to evaluate some emerging products that aren\u2019t yet fully established, but are truly behavior-based. I looked at four products that use heuristic analysis to observe the behavior of software to decide whether it is malicious. Two of them use a \u201cprofiling\u201d approach, keeping a history of activity on each computer as a baseline of what\u2019s normal. This is not new, by any means, but because today\u2019s computers are very dynamic, with constant software updates and new applications, I\u2019ve never had much success with this type of product in the past. But these new products claim to have a better, more reliable approach to deciding what constitutes normal behavior, and they look promising.The other two products monitor system resources like memory and disk, and block \u201cunwanted\u201d activities like attempts to overwrite another program\u2019s memory space, or privilege escalation. They use broad definitions of what\u2019s considered \u201cbad behavior\u201d to stop malicious code. This is also not a very new approach, but again, today\u2019s products look like they strike a good balance, so they shouldn\u2019t interfere with normal software. At least I hope that\u2019s the case.I\u2019ll be test-driving these products over the next month or two to see how they perform in the real world. But for now, I\u2019m optimistically including them in my 2016 budget. After all, security has always been a game of one-upmanship. As the hackers continue to escalate their malicious capabilities, so must we improve our defenses.This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at email@example.com. Join inClick here for more security articles.