sb-as logo
Story image

And then there was Cylance: In discussion about machine learning & cybersecurity

06 Sep 2016

Cylance is an innovator, and they realise one thing most cybersecurity providers don't - most new malware is just a variant of everything currently on the scene. With that in mind, and with so many different combinations of the same thing, the question becomes: how do you manage this massive amount of data?

Andy Solterbeck, Cylance regional director, talks to Techday about how the system works, and why organisations should not rely purely on traditional anti-malware approaches.

Cylance has been well-established globally, and just over five months in Australia. In that time, it has gained forty customers already. So what do they do and how do they do it? Cylance uses a substantial database that uses predictive engines to actively analyse threats in the Cylance labs, looking for common attributes. Machine learning then takes control as it sorts out which files are malicious and which ones aren't.

The company's technology is such a disruptive way of thinking that Solterbeck says works for Cylance and has made it the "fastest-growing company in the world. In the Fast 5000 that they have in the US, we're number 26".

So it's a grand achievement for the company, who now has more than 1100 customers globally in the space of just two years.

"What we've done is actually apply approaches and techniques that are really common in other industries, but haven't been applied in security. So concepts of big data, large datasets, massive cloud compute, algorithmic mathematics to drive insight out of large amounts of data," he says.

Cylance was a very early adopter of those techniques. The company has 11 petabytes of storage in the cloud that holds billions of files. The files are classified as 'good' and 'bad'.

The company uses supervised machine learning to first tell the system what the malware is. The machine then uses feature extraction to analyse the files.

The features and combinations of features of any one file can equates to 30 million. Through a filtering process, the machine narrows it down to 5 million to whether it's good/bad and what type of bad, he explains.

"This stuff is all done in the cloud. Then what we do is create mathematic algorithms that can allow you to interrogate that file for those features. It's basically a scoring algorithm. With what level of confidence do you believe this is a bad file or not and also what kind of bad or good it is."

"The big so-what in all of this is traditional signature and heuristics-based approaches we know are not effective anymore. We're 99% effective in terms of detection and hence prevention of the execution of malware," he explains.

This approach works well in virtual systems because it is so light. The company also uses proof-of-concept selling to show enterprises just how vulnerable they are.

"We know you're running something and we say 'put us over the top of it' and we'll see what we can find. And we always find something, and usually some pretty bad stuff."

The whole intent is to allow end users to not worry about their own actions. Cylance blocks that from ever running in the first place.

While Australians might be just starting to adopt this disruptive approach to cybersecurity, there is something of a contradiction afoot. Australians were very early adopters of cloud security, and it was the banks that went first.

"For whatever reason in the security space, we've been pretty conservative in terms of adoption of new tech. I think our market is probably the most significantly two-tiered."

These tiers are the top few, the very large organisations who need to be conservative in technology adoption, and the next tier comprised of large incumbents who have been on the scene for a long time.

He believes that it's a timing issue - disruption in the industry is only happening now in Australia. While customers may be just experiencing the disruption, Cylance has decided to use the channel as its selling avenue.

Solterbeck says that Cylance is 100% pure channel. "Right now we're building a channel of solution partners which are evaluative resellers, but also I'm a huge fan of the MSSP model for Australia. So we're going to aggressively push towards that MSSP model - because in the end they're the ones that are going to be able to provide solution sets for organisations," he explains.

He explains that from a skills, budgetary and visibility perspective, it is difficult for SMBs in particular to maintain a risk profile. This means that MSSP models will be a growth area both in Australia and internationally.

As for ransomware, Solterbeck says that organisations should accept that it's a higher-risk environment than it used to be.

"Take appropriate mitigation. That to me means either directly applying new tools or getting those tools from somebody who can provide them."

Cylance is well-positioned to cover all sets of malware in a rapidly changing landscape, and one in which cybersecurity should by all means be predictive in nature through the power of machine learning.

Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More