SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cylance puts security solutions to the ransomware test at Auckland roadshow
Fri, 7th Apr 2017
FYI, this story is more than a year old

AI/machine learning security provider Cylance addressed a small but focused crowd at the Cylance Roadshow in Auckland yesterday afternoon.

Cylance sales engineer Vlado Vajdic said, “It's all about protecting the endpoints from attacks. Malware is the biggest threat to the endpoint, but we've also seen a number of other attacks.

The company launched in 2012, and has seen phenomenal growth. It has experienced more than 50% growth in the past three years. It now has more than 2000 customers and covers 7 million endpoints.

The malware at the heart of the show was ransomware, one of the most damaging forms of malware.

“Every form of ransomware uses executables at some stage of the attack,” Vajdic said.

He mentioned that when John McAfee invented the AV, it was always about signatures. Signature matching might have worked then, but it doesn't work now.

“Anybody can see this is a losing battle. This has been a losing battle for at least the last five years.

Cylance has attacked security in a different way - while endpoint security is the focus, data science and machine learning are what drives its expertise. 99% of malware can be detected by Cylance machine learning.

“After a year working with data scientists, our CEO Stuart McClure said the company finally had a product,” he explained.

When explaining why machine learning must be how endpoint solutions work in future, he explained that human knowledge cannot match the algorithms and prevention that machines can now do.

“Humans have been beaten by machines in chess. We must admit that we've been beaten by many, many more things.

CylanceProtect is the company's flagship solution, which is sold exclusively through the channel. It can run alongside other AV solutions. It works by sitting behind executable files.

It uses machine learning to determine whether files are good or bad. Those files can then be monitored or blocked.

While the internet is the main source of threats, they can also be brought in through devices such as mobiles and USB sticks. The solution also works across airgapped networks that are not connected to the internet.

An audience member put forth questions about how Cylance deals with false positives - Vajdic said that the rate is 1/50,000, far better than the industry rate. Customers do report these false positives. The company will also be launching a new detection and response software soon to grab details about files that do get in.

Another question from the audience asked what will hackers will do in five years time to beat the advanced made in prevention.

Vajdic said most common malware would cease to exist, but they may end up using machine learning too. But it does take a long time for machine learning to get to a viable stage.

He also performed a live demo on a virtual machine that showed how the solution performs online and offline - a direct comparison with McAfee.

Cylance blocked files and quarantined all 100 incidents of live, fresh ransomware files almost instantaneously.

McAfee analysed files in real time, slowing the system down. It also had a 17% detection rate and let a malicious ransomware through.

Vajdic then launched the remaining ransomware files all at once. This hogged CPU to the point of non-response. It also removed the files after they ran, which Vajdic said wasn't useful in preventing attacks.

“The traditional AV vendors don't encourage testing. They've known about low detection rates for many years now. There's a lot of misinformation,” Vajdic said.

He also added that rapid AES encryption is a double-edged sword, it also has a downside - they can help ransomware encrypt files incredibly fast.

The Cylance Roadshow was presented in conjunction with Arrow Electronics, its ANZ distributor.  The company signed a deal with Arrow late last year.