In my previous post, I talked about how Cylance is pioneering the use of math and machine learning to detect malware BEFORE it executes on an endpoint. Our detection rates are off the charts and we frequently win over our prospects as soon as the first full scan is completed, because we find stuff that bypassed whatever endpoint security they had deployed. We also score highly for ease of use and in this post, I'll share some details about what makes us tick.
We realized early on that the established vendors lacked a coherent console strategy. They simply acquired multiple products and stitched them together to form a piecemeal "endpoint solution." In most cases, these products have different consoles and don't interoperate well with each other. In the rare cases in which they do, the management of policies and devices is very complex. It's little wonder that the 2014 Gartner Endpoint Protection Platoforms (EPP) Magic Quandrant report lists the lack of concrete console strategy as the Achilles heel of most vendors.
From the outset, our vision has been to improve on every aspect of security–not just detection. We are fanatical about User Experience (UX), interoperability (APIs and connectors), and building features on a solid foundation of math. For example, when customers request a new feature, we look at all of our competitor's products in order to build something that is more effective than what they offer. I cannot reveal too much here, but will just state that we are working on increasing our platform footprint. The next O/S that we support doesn't have a solution like what we are building, and hopefully we'll revolutionize how these endpoints are secured.
But vision is cheap, and everyone wants to be a monopoly, right? Executing on this vision is a different story. Luckily, we started building products around the time that new agile processes were getting mature. We have operated with extremely short development sprints, and here is a list of features we've added in the last 6 months:
May 2014 – Syslog and SIEM support
June 2014 – Threat priority and criticality
July 2014 – New dashboard and new protection tab with single-pane visibility into all threat info
Aug 2014 – Audit Logging
Sep 2014 – Agent update control, 2 Factor Authentication and SSO support
Oct 2014 - Threat Indicators, Threat Icons in console, configurable columns for device grids
By releasing at least once a month, we are able to implement customer feedback and roll out new and versions that meets their needs. We conduct design briefings for customers to make sure we are building truly future-proof products. When you do this on a monthly basis, you develop a deeper understanding of your customer's needs and requirements.
Wastage occurs in every Engineering project. For early stage products, it is estimated that the half-life of code is the age of the product/startup. This happens because the requirements are not very clear early on or when you have to change course. To minimize wastage, we try to build on robust frameworks and services. For example we chose to use the Telerik Kendo framework for our UI. Kendo is similar to the more popular extJS library that I had some experience with, but has the advantage of a newer, lighter codebase. It has reduced the effort required to implement many features. A great example is touch compatibility–we got it almost for free. We still had to tweak our design to make sure that the user experience is optimal. For another feature, we wanted to let users rearrange certain panels using drag and drop capabilities and Kendo made it easy for us.
Much like how PageRank helped Google rewrite the search industry, we believe machine learning is going to be a step function upgrade for the security industry. We have some of the best data scientists with security backgrounds and a two year head start. And we all feel that this type of change happens once every 20-30 years, which is a VERY long time in the software sector. But data science by itself will not determine how this transformation occurs. Change at this scale happens when every employee feels an emotional connection that transcends logic. I frequently sense this in a good number of our people who are motivated to make the world a safer place.
One of our newest features illustrates this. I started this post by mentioning how our detection rates were stellar. This would typically result in customers wanting to know more about the files we were detecting, which we solved by providing a report created by our malware researchers. The researchers had to reverse the malware to prepare the report, which was time-consuming and not scalable. So, we decided to automate this report in the product. Once we decided to automate, the research team spent a week giving us the list of attributes they typically find, our chief scientist burned the midnight oil to implement the code in our cloud service and the product team integrated into the product in a 3 week span. The result is pretty amazing.
All our detections are still done by math, but we have borrowed many concepts of signatures and sandboxing to implement these reports. And, that brings us back to Cylance's product vision. We just embraced our competitors' technologies to build on top of our math foundation to deliver what customers need and to further differentiate ourselves. And, we did it in 3 weeks. Game on!
VP of Product
P.S. Want to see all the latest and greatest that CylancePROTECT has to offer including our new Threat Indicators? Join our next webcast on November 7th @ 1:00 PM PST!