Cylance®: Future-Proofing Endpoint Security

Cylance®: Future-Proofing Endpoint Security

CIO VendorStuart McClure, Founder, President & CEO In the age of advanced cyber espionage, the capital markets industry is one of the most sought after targets for hackers. Over half of the world’s securities exchanges today have experienced large-scale corporate hacks. Take for instance the recent infiltration of the financial messaging service SWIFT—widely considered one of the most secure. It served as a launch pad for a cyber attack on a bank to transfer funds by submitting fraudulent SWIFT messages. With cybercriminals becoming more technically sophisticated, a global survey by PNC Bank reports that 79 percent of banking and capital markets administrators pegged internet fraud as the greatest threat.

Why? The interconnected nature of modern financial services. Cylance® founder and CEO, Stuart McClure recently remarked, “The emergence of global interconnectivity and modern day technologies such as cloud and IoT make the capital markets industry susceptible to malware or phishing attacks more than ever before.” To make matters worse, while cybercriminals are devising new and improved means to wreak havoc, most financial institutions still rely on traditional antivirus solutions that are inadequate and offer zero preventive capability. Using a breakthrough mathematical process, Cylance is forging a new path in cybersecurity, as the first company to apply artificial intelligence (AI), machine learning, and algorithmic science to detect and prevent attacks.

The Next Generation of Endpoint Security

By unlocking the DNA of malware, Cylance abjures old solution foundations and proactively prevents threats. While reactive solutions rely on a constant stream of signature updates or behavioral analysis for threat detection, vendors cannot block an unknown threat before the damage is inflicted. With CylancePROTECT®, a next-generation antivirus product, threats are identified and blocked in real time, before malware runs. Using AI and algorithmic risk modeling, CylancePROTECT detects good files from the bad and offers true future-proof protection against the most malicious threats in the world—whether they are everyday viruses, worms, trojans, or spyware. Designed to work like a human brain, CylancePROTECT is programmed to continuously learn, employing logic and predictive analytics to determine a file’s intent. “While algorithmic approaches are not unheard of in insurance, pharmaceuticals or genome sequencing, we are the first company to apply it to cybersecurity,” McClure noted.

CylancePROTECT is a generation beyond other security solutions in the market as it does not require a network connection to protect against threats.

When a customer gets hacked we quickly identify the attack method, put steps in place to gauge the exposure of the attack and block that attack from ever succeeding

The solution's architecture consists of an agent that runs continually in a computer memory and through the use of tested mathematical models, detects and prevents malware— independent of a cloud or internet connection. To top it all, CylancePROTECT has a lightweight footprint and uses 0-2 percent of CPU, delivers 99 percent efficacy against attacks, and occupies only 30MB in memory as opposed to other solutions that consume almost 300MB. “We also reduce the network traffic by 1/40th to traditional antivirus solutions, which significantly lowers the cost of network bandwidth,” points out McClure. In addition, the solution works across Microsoft Windows, LINUX, and Mac OS X; easily integrates into existing security information and event management (SIEM) platforms, and is available in embedded versions for technology partners.

Recently a multi-national investment banking and financial services corporation wanted to determine whether their systems had been infected with undetected malware. Although the corporation had a team of resources and multiple products in place to identify and stop any executed threats, they had no way of discerning dormant threats or hazards beyond a particular scope of measures. “Each time a potential threat was detected, their solutions required a vast amount of manual review by incident responders to determine whether or not a threat actually existed,” reveals McClure. Cylance was asked to perform an assessment on all servers, desktops, and laptops across 3,000 global hosts, and in just a matter of days, the company was able to attain insightful data using a signature-less approach.

Cylance discovered that penetration testers left tools and open vulnerabilities during a standard penetration test and malware had entered the company’s systems more than three years prior. As a preventative measure, CylancePROTECT was rolled out to all of the company’s systems to contain potentially unwanted programs. The new solution not only helped detect advanced attacks but also reduced the total cost for antivirus protection. “With running on the company’s endpoints, three security analysts who once spent nine hours a day each weeding out false positives now spend only one hour on the same task,” McClure reported.

Powering Consulting with Artificial Intelligence

Having worked with a multitude of financial institutions over the years, Cylance exhibits a wealth of knowledge, deep expertise, and refined operational efficiency. For the maximum benefit of their clients, the company offers consulting services that help achieve unrivaled level of protection.

“Our services are broadly categorized into two parts: pre-incident and post-incident,” says McClure. Pre-incident services include custom consulting and compromise assessment, where Cylance searches every single piece of corporate data that resides in a computer for digital artifacts or reminiscences of an attack. On encountering a probable threat, it is reported and cleaned up immediately. This is followed by attack and penetration testing, where a company’s system is hacked with consent, to identify and rectify the weak points in its defense system.

"We reduce the network traffic by 1/40th to traditional antivirus solutions, which significantly lowers the cost of network bandwidth"

The post-incident services, on the other hand, involve emergency incident response and forensic analysis. “When a customer is hacked, we come in and identify the attacker, provide a step-by-step process that gauges the exposure of the attack and then block that attacker from coming back,” notes McClure. After this, a complete forensic investigation is applied on all the drives that were impacted to determine the root cause of the attack and the potential scope of damage.

Not long ago, an international retailer engaged Cylance consulting to identify the origin of a breach and its remediation. In a few hours, Cylance deployed their compromise assessment tool on over 5,000 nodes across the enterprise. The consulting team quickly identified that an employee’s laptop infected with malware from the ZeroAccess family was the initial source of the breach. Following this discovery, CylancePROTECT was implemented enterprise-wide to permanently block not only the variants of malware discovered during incident response, but also protect the endpoints from all malware threats moving forward.

To Protect Every Computer Under the Sun

In the days to come, Cylance plans on advancing their malware detection and attack prevention technology for improved client benefit. Currently safeguarding millions of computers around the globe, McClure is driven by only one vision—to get better and stronger with time. The CEO’s love for the sport of endurance cycling plays a direct role in steering his goals and McClure says, “Endurance cycling is similar to what we face in the world of cybersecurity because there is no finish line. We have to constantly maintain a defensive posture and try to prevent attackers by never giving up and putting up a fight every single day.” While revolutionizing the cybersecurity landscape with their unique technology today, the day is not far away when Cylance’s mission to secure every endpoint under the sun will indeed stand achieved.

- Sandeepa Majumdar
    June 16, 2016