Imperva, which sponsored the anti-virus study, has developed Web application and data security software products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

There are number of startups like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack.

McAfee acquired Solidcore, a whitelisting startup, in 2009, and Symantec's products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee's former chief executive, David G. DeWalt, joined FireEye, a startup with a system that isolates a company's applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through.

Seculert, an Israeli startup, has a different approach; it looks at where threats are coming from - the command and control centers used to coordinate attacks - to give governments and businesses an early warning system.

Read: How Well Our Favorite Tech Companies Fared This Year?