Cylance claims to be able to revolutionise endpoint security with its new Artificial Intelligence approach to endpoint device protection.
Managing Endpoint Security is a serious challenge for many organisations especially as users continue to take advantage of Bring Your Own Device (BYOD) policies. US security vendors Cylance believes that it has the perfect solution for enterprise customers and has signed UK distributor Ignition to help it expand into the UK market.
Redefining Endpoint Security
Cylance describes their CylancePROTECT product as Next-Generation Antivirus Technology (NGAV). Its goal is to provide a proactive solution for endpoint security rather than what Nick Warner, VP of Global Sales, Cylance describes as:
“The failed and broken promises of the anti-virus industry.”
Warner’s words are perhaps deliberately provocative as he seeks to establish clear water between Cylance and the rest of the endpoint security market. He goes on to clarify his claim saying: “The existing providers are trying to detect malware and viruses using signature based solutions. It’s about detect and respond. What we want to do is detect and prevent.”
To achieve their goal Cylance decided that they would do away with all the usual technology such as updates, whitelists, blacklists, heuristics and most of the sandboxing. Their challenge will be in persuading security teams that they are still able to provide a secure environment. One of the biggest hurdles will be overcoming concern from the “no updates” statement.
Using machine learning as the AI
According to Warner the solution making the whole thing work was to: “Use machine learning.” Interestingly Warner claims that no other vendor has gone down this route before. Given the money spent by Microsoft and especially IBM this is a real surprise.
Cylance started by feeding its security AI hundreds of thousands of known good and bad files allowing the AI to determine its own attributes to detect the difference. “This is similar to the way Face Recognition works” said Warner. Over a period of 18-24 months the number of good and bad files of all types that that the AI ingested increased to hundreds of millions.
“By using a range of files and mixing up good and bad we were able to overcome the label bias problem” said Warner. Label Bias occurs when you have too small a number of some files and conditions which leads to the machine learning algorithm effectively ignoring them. To get a wide enough set of source material Cylance has deals with other security vendors such as Blue Coat who also embed the Cylance engine inside their CAS system.
Other files have come from their current customer base of over 300 companies and more than 500,000 endpoints. It is also expected that they will announce a range of vendor deals in the next few weeks where they have their engine embedded inside other security appliances. This is a significant step for a company that within 15 months of launch is already cash positive and looking to IPO sometime next year or in 2017.