When the king of antivirus says it’s time for a burial, there’s a problem. Last year, John McAfee of the eponymous antivirus solution penned a piece for SiliconANGLE and argued that the time had come — it was no longer possible for antivirus tools to keep up with emerging attack vectors and offer reliable defense of corporate systems. But what takes their place?

Next-gen endpoint security tools are the new kids on the block. As noted by Network World, this market doubled last year and the year before, and it is on track for 67 percent compound annual growth rate over the next half decade. But are these next-gen tools really up to the challenge of pulling the plug on antivirus?

Changing of the Guard?

So what has to happen for endpoint tools to surpass the still-alive-and-kicking antivirus industry? Market growth is critical. Network World reported that the antivirus market comes in at around $9 billion, while the next-gen market sits at just $500 million this year. Growth can be misleading, however, since many endpoint vendors are startups with minimal overhead and limited staff — meaning even small revenue increases translate to big growth percentages.

Beyond investment and product deployment, however, endpoint tools can also get ahead if they’re certified as antivirus replacements. Right now, these new tools are novelties; they might provide ironclad protection or merely stop a few odd bits of code from cracking enterprise networks. But certification from vendors licensed to evaluate compliance with standards such as PCI DSS could give these next-gen solutions the boost they need to close the revenue gap or drastically lower investment in traditional antivirus solutions.

The Next Generation of Endpoint Security

But what does a next-gen solution do, exactly? Some offerings look at kernel-level processes to identify suspicious behavior, while others rely on application white-listing to keep company servers clean. Dark Reading suggested other approaches such as containerization, binary runtime inspection and a combination of traditional antivirus offerings to handle known malicious vectors with application control using a default-deny approach to ensure only good software is deployed.

According to McAfee, however, this won’t be enough in isolation. Endpoint security-makers, IT admins and app developers must all acknowledge the one area where advancements in technology have little to no impact: human behavior.

Oh, Behave

Despite more intelligent antivirus tools and the addition of real-time monitoring solutions, socially engineered attack efforts consistently make it through corporate endpoints. Why? Because users are hardwired to act in ways that undermine IT security. McAfee cited the emergence of a culture where each tech pro is assigned a partnered hacker who attempts to break code before it goes live.

But this is just the beginning. For endpoint tools to truly usurp their antivirus cousins, they need to account for the human condition — the predisposition to be nice or social instead of being safe. Think of it like building in support for unstructured big data. It’s no easy task to reconcile this massive, ever-changing resource, but it is absolutely worth the potential insight.

For endpoint security tools, it’s the same challenge: Getting certified is the first step. Managing the human condition puts them on the road to long-term success.