SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Anti-virus and anti-malware competition to heat up with new entrant
Sun, 29th May 2016
FYI, this story is more than a year old

Cylance claims to have a fresh approach to anti-virus and anti-malware protection. Instead of relying upon a signature database of known malicious files they operate very differently.

Traditionally manufacturers of anti-virus and anti-malware wait until after the malicious coders have got their payload out into the community. It's collected and studied by security analysts. The new threat then gets added to their database of known threats.

This database of threats is called the signature database. This database then gets distributed to each of the manufacturers software clients, and they actively watch for threats from the list.

Clearly the problem becomes that you're identifying the issue after your computer, and business is infected. Manufacturers have been getting faster and faster at this cycle, reducing from months to just days for new threats to be catalogued.

For enterprise clients with financial, design and other confidential information to protect, this isn't acceptable.

A new concept was coined in recent years, Zero day threat protection. The idea being that security software would be able to identify malicious files and code without them being a known threat.

Cylance is an up and coming security solution which is installed on the endpoint device.

It doesn't scan your computer for virus' or malware nor does it have a database of known threats.

What Cylance does is that they are continually analysing existing and new threats in their labs and looking for common themes and attributes.

These then are boiled down into a lightweight agent that utilises machine learning and artificial intelligence to predict if a file is malicious or not.  This agent is then distributed to all endpoints within the enterprise. This is then used by their clients to identify threats, even if it's a totally new threat never discovered before.

Almost all new threats follow similar patterns to old threats so their endpoint agent doesn't need updating as often as traditional solutions using the signature database approach.

They've taken this a step further with a predictive engine. They claim that their solutions are significantly more effective than leading competitors at discovering brand new threats the first time.

This is a radical departure from a part of the security industry that hasn't been innovating. Their software was released a year ago, and they've now got over a thousand enterprise clients with 4 million nodes under management.

There are plans to bring the product to consumers at a later date, although their current focus is entirely on business and enterprise clients.