Cylance, a global cybersecurity company, is reinventing the way companies think about security. The first to apply mathematical science to security in a scalable way, Cylance announced today the official worldwide release of CylanceV, a new cloud and on-premise solution to find what others miss in detecting advanced malware.
CylanceV delivers a new threat detection model that instantly and mathematically determines what is safe and what is a threat in the broadening “grey list” spectrum of unknown data – without the use of signatures, heuristics, behavioral analysis, sandboxing detonation or micro-virtualization.
“One of the best approaches to security, ‘defense in depth,’ has produced one of the biggest problems in hunting down advanced threats today – an avalanche of information that blinds even the best security teams,” said Stuart McClure, Cylance CEO. “The security industry is handicapped by the notion that we need to see a threat before we can call it one. Cylance is proving that handicap unnecessary. While known white lists and black lists will always have their place to single out the known good and bad, they cannot keep up with the increasing volume of malware, nor the sophisticated nature of the advanced attacks and targeted threats like APTs.”
CylanceV categorizes files, applications, executables, services, drivers, libraries and others as “safe” or “threat” using sophisticated, patent-pending mathematical analysis. Traditional black lists identify only the known bad – attacks that are successful either in the real world or in a virtual sandbox environment. But this reactive approach requires both expert malware analysts and a victim, or “sacrificial lamb” – Cylance needs neither.
Typical white lists attempt to solve the problem the opposite way, by restricting acceptable files to only known good software providers like Microsoft or Adobe, but that is only a fraction of the publishers in the world. The vast majority of files in the world are unknown by the security industry, and therefore must be processed in some fashion to determine their maliciousness. This is the dynamically growing world of the “grey list” CylanceV’s next generation, predictive modeling quickly processes and classifies those unknowns in milliseconds – almost instantly determining “safe” from “threat.”
Cylance’s Infinity fabric of highly intelligent, decision science in the cloud empowers CylanceV to quickly process large volumes of data at scale to improve the effectiveness of identifying modern day malware. By reducing the total amount of information that traditional security misses or cannot classify, CylanceV enables IT departments, incident response and forensics teams to save time, improve accuracy and reduce unnecessary investments required to stop and rectify the threat.
“The average organization gets millions of notices daily from its combined security infrastructure when it identifies malware, attacks and unusual behavior, making once highly valuable information now overwhelming for IT managers to process and impractical for today’s technology to determine,” said Glenn Chisholm, CTO of Cylance. “Finding that needle in the needle stack is what Cylance is all about. Processing the sea of unknowns manually is unsustainably tedious and impossible to stay ahead of, extending the time to discover breach compromise. Existing advanced malware technologies work to discover new threats, but their capability has financial and operational limits.”
CylanceV also makes smart solutions smarter by adding detection intelligence to what is good and what is bad, improving the efficiency and accuracy of security teams by identifying the true threats present in the “grey list.” Complementing existing security infrastructure, 3rd party technologies and home grown tools, like SIEMS, sandboxing and custom code, respectively, the combined solution improves the context surrounding suspicious activity. This helps security teams prioritize threat remediation actions.
In practice, Security Operations Centers (SOC) almost universally require integration with other analysis systems to provide context around the alerts received, as well as additional segmentation from CylanceV to help separate a legitimate incident or attack from a phantom or red herring. CylanceV allows any SOC to harness the power of Cylance’s Infinity to instantly determine whether a case needs to be opened and processed, saving thousands of dollars every year.’
Additionally, with more impactful and time sensitive attacks, forensic and incident response personnel can use CylanceV and the real time connection to Cylance Infinity via a cloud API to send both hashes and/or files, in a secure way, for deep interrogation of what’s safe and what’s a threat.
Infinity is a cloud-based, non-signature, non-heuristic and non-behavioral predictive analytics engine that couples advanced mathematical analysis and machine learning with data science modeling to make highly accurate decisions. Applied to cyber security, Infinity identifies advanced threats through “deep interrogation” of data, allowing true classification of good and bad.
Cylance is the first to apply existing principles of algorithmic science (used today in high frequency trading, insurance and pharmaceuticals) to the world of security. Unlike traditional security infrastructure, Infinity has the intelligence to attribute features of disparate objects and never before seen elements into data that predictably qualifies that element into a threat or non-threat at accuracy far greater than what exists today.
Cylance first released Infinity in June 2013 with its launch of the free, public use beta of PrivateDETECT. This consumer grade endpoint offering uses Infinity as part of a weighted formula to detect and quarantine advanced threats and elements considered “bad” in real time. It supplements existing anti-virus to provide unparalleled security on the endpoint.