Cylance is a new vendor in the end point protection space. They caught my attention with a completely new way to discover malware on Windows devices. In addition to launching their CylancePROTECT product this week they just announced a $20 million funding round from BlackstoneKhosla VenturesFairhaven Capital and private investors.

There are now four ways to identify malware. The first of course was signatures which is getting harder and harder to do as the number of new pieces of malware is over 300K each day according to Kaspersky Labs.

Another approach is behavior-based heuristics. Look for activity that is known to be malicious and block it.

And then there is white listing, which became viable when the cost of researching and fingerprinting known good applications became less than the cost of analyzing known bad software. Lumension (who also acquired CoreTrace) and Bit9 are the best-known white listing apps although many of the AV vendors now do this too.

And now Cylance is introducing a fourth method based on math, or as they call it, algorithmic science. Instead of doing a look-up in a DAT file for a signature, Cylance scans every file on a disk and in memory, runs some math magic on it delivers a good or bad result. They claim a 99.7% success rate, which is great considering the low overhead the scan needs. Banking clients reportedly can even push a small agent to customers as they login to check their machines in seconds.

That math magic is based on machine learning. By feeding their analysis engine over a million data points for each of millions of malware samples they end up with terabytes of data that requires petaflops of compute cycles to process. At the end of all that you have a machines that can tell the difference between good and bad files.

Stuart McClure, Cylance’s founder and CEO, told securitycurrent that they ran 50 million malware samples through their analysis engine and derived over 100 thousand factors to look for with their algorithms.

CylancePROTECT is built for the enterprise and integrates with existing management platforms for distribution.

Now comes the uphill battle to get enterprises to look at a technology that challenges the entrenched AV products they have lived with for almost 20 years.

Leave a Reply