sb-nz logo
Story image

Anti-virus and anti-malware competition to heat up with new entrant

29 May 2016

Cylance claims to have a fresh approach to anti-virus and anti-malware protection. Instead of relying upon a signature database of known malicious files they operate very differently. 

Traditionally manufacturers of anti-virus and anti-malware wait until after the malicious coders have got their payload out into the community. It's collected and studied by security analysts. The new threat then gets added to their database of known threats.

This database of threats is called the signature database. This database then gets distributed to each of the manufacturers software clients, and they actively watch for threats from the list.

Clearly the problem becomes that you're identifying the issue after your computer, and business is infected. Manufacturers have been getting faster and faster at this cycle, reducing from months to just days for new threats to be catalogued.

For enterprise clients with financial, design and other confidential information to protect, this isn't acceptable.

A new concept was coined in recent years, Zero day threat protection. The idea being that security software would be able to identify malicious files and code without them being a known threat.

Cylance is an up and coming security solution which is installed on the endpoint device.

It doesn't scan your computer for virus' or malware nor does it have a database of known threats.

What Cylance does is that they are continually analysing existing and new threats in their labs and looking for common themes and attributes.

These then are boiled down into a lightweight agent that utilises machine learning and artificial intelligence to predict if a file is malicious or not.  This agent is then distributed to all endpoints within the enterprise. This is then used by their clients to identify threats, even if it's a totally new threat never discovered before.

Almost all new threats follow similar patterns to old threats so their endpoint agent doesn't need updating as often as traditional solutions using the signature database approach.

They've taken this a step further with a predictive engine. They claim that their solutions are significantly more effective than leading competitors at discovering brand new threats the first time.

This is a radical departure from a part of the security industry that hasn't been innovating. Their software was released a year ago, and they've now got over a thousand enterprise clients with 4 million nodes under management.

There are plans to bring the product to consumers at a later date, although their current focus is entirely on business and enterprise clients.

Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Link image
Catch Huawei's FSI Data Storage Summit on demand
Missed the action? Catch the Summit on-demand & learn more about the latest trends in data storage.Watch Now
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More