Today Cylance announces our first step towards a revolutionary new way of thinking about security. The biggest problem the security industry faces today is stopping the bad guys from gaining unauthorized access into systems and networks. And the #1 way those actors gain access into those assets is by quickly modifying their techniques and code to bypass the known preventative security technologies, to ultimately get you, the user, to open or execute a file. Being able to predict what is bad or good in the sea of unknowns today is what we call Greylist prediction. The Greylist is everything that is not on the blacklist and not on the whitelist. In other words, it is grey – we don’t know if it is good or bad with any real confidence or justification. To make truly safe computing decisions about what to open or execute we need this knowledge in real-time!
How Black is your Grey?
The historical problem with determining the bad inside the grey is that it is really, really hard work. If you’ve ever tried to reverse engineer a file to look for malicious fragments then you know. It is so difficult that the largest security vendors in the world cannot keep up with the steady stream of unknowns, or greys. They hire literally 1000s of analysts and reverse engineers with the intent of peering into each and every single file to understand its behavior and mark it either good or bad. And smart reversers don’t exactly grow on trees. I used to joke with my old boss that he could have written me a blank check to hire as many of these talented individuals as I wanted and I would not have been able to do it because that many analysts simply don’t exist in the world.
So we have a problem, the ability to crack open an unknown executable file today and discover its intent or purpose (whether manually or semi-manually with sandboxing technology) is incredibly expensive and time exhaustive. And time is a precious commodity that we simply do not have. So how can we combat this problem? How can we process the 100,000s of unknown samples that get submitted everyday into our world, quickly and accurately?
Cylance V determines good from bad without any signatures, without ever having to see the file before, and without an Internet connection. This is the magic and elegant beauty of the Cylance product released today. Cylance V is the debut technology of our most advanced mathematical models – definitively determining the good and bad in the world.
We’ve made the operating requirements for Cylance V simple on purpose. We simply can’t be successful preventing the bad guys without making security brain dead simple. Cylance V comes in three forms:
- CylanceV Local
- CylanceV API
Beyond the above, the only thing you need is stockpile of unknown samples - ideally ones that both your blacklist and whitelist providers show as “unknown” or “safe”. Here’s an example of the Cylance V GUI scanning Carberp botnet source code:
As you can see above in the Cylance V console, the traditional security industry only found 371 files as malicious, where Cylance V detected 509 files as malicious, despite the Carberp source code being available for many months now. What does this mean? Our signature based security industry cannot keep up with all the threats, they need help and Cylance V is designed to do just that. Also, look closely at the highlighted file above, Cylance V even detects the executable designed to bypass IBM’s Trusteer product Rapport as malicious!
Leveraging Cylance Infinity, we constantly evaluate harvested binaries for hundreds of thousands of features native to the static file. Our collection and extraction phase allows us to train our mathematical models to determine the most probabilistic features of bad and good. With the mathematical model in hand, Cylance V can detect a malicious file before execution, before detonation, and before it produces the sacrificial lamb – a.k.a. YOU.
I highly encourage you to register for a demo of CylanceV today!