Story image

Anti-virus and anti-malware competition to heat up with new entrant

29 May 2016

Cylance claims to have a fresh approach to anti-virus and anti-malware protection. Instead of relying upon a signature database of known malicious files they operate very differently. 

Traditionally manufacturers of anti-virus and anti-malware wait until after the malicious coders have got their payload out into the community. It's collected and studied by security analysts. The new threat then gets added to their database of known threats.

This database of threats is called the signature database. This database then gets distributed to each of the manufacturers software clients, and they actively watch for threats from the list.

Clearly the problem becomes that you're identifying the issue after your computer, and business is infected. Manufacturers have been getting faster and faster at this cycle, reducing from months to just days for new threats to be catalogued.

For enterprise clients with financial, design and other confidential information to protect, this isn't acceptable.

A new concept was coined in recent years, Zero day threat protection. The idea being that security software would be able to identify malicious files and code without them being a known threat.

Cylance is an up and coming security solution which is installed on the endpoint device.

It doesn't scan your computer for virus' or malware nor does it have a database of known threats.

What Cylance does is that they are continually analysing existing and new threats in their labs and looking for common themes and attributes.

These then are boiled down into a lightweight agent that utilises machine learning and artificial intelligence to predict if a file is malicious or not.  This agent is then distributed to all endpoints within the enterprise. This is then used by their clients to identify threats, even if it's a totally new threat never discovered before.

Almost all new threats follow similar patterns to old threats so their endpoint agent doesn't need updating as often as traditional solutions using the signature database approach.

They've taken this a step further with a predictive engine. They claim that their solutions are significantly more effective than leading competitors at discovering brand new threats the first time.

This is a radical departure from a part of the security industry that hasn't been innovating. Their software was released a year ago, and they've now got over a thousand enterprise clients with 4 million nodes under management.

There are plans to bring the product to consumers at a later date, although their current focus is entirely on business and enterprise clients.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.