Skip Navigation
BlackBerry Blog

AI vs. AV - Gorillas and Germans and Gartner, oh my…

FEATURE / 02.03.16 / Stuart McClure

Since my childhood days of wearing mustard yellow corduroy shorts growing up on Guam in the 70s, I have been really good at recognizing bullies. I was this skinny, short, blue-eyed haole kid, which instantly promoted me to the target of many creative curse words, taunts, insults and ultimately fist fights. After so many years, I actually got very comfortable being bullied. It was really hard at first until I learned one essential trick: knowing when to run and when to defend myself. After all, there is a time for both and the trick is to know when to do one or the other.

When we decided to build a brand new and revolutionary security technology to solve the almost 30-year endpoint protection problem at its core, we knew we would be to our peers about as popular as a fly in a glass of wine. Why? Because we only seek the truth. Plain and simple. And we seek that truth for the world to know. We have been calling some competitors out (more like “exposing” them) on the truth and not everyone is comfortable with it. So when we saw some competitors having a go at us these past couple of weeks, we weren’t surprised – just disappointed. The good news is this kind of behavior is rather predictable. And predicting is what our technology, which uses artificial intelligence (AI), is all about.

We released our ground-breaking endpoint protection technology CylancePROTECT® just 1.5 years ago in 2014 and already we have hundreds of customers who are not just supporters of our approach, but now true fans, fanatics and in some cases apostles. Why do they believe in us? Because we do what very few in our industry do: we do what we say we do. We stop attacks that no one else cana lot of them.

Our mission is simple and pure: to protect customers, friends, family, analysts and everyone in the world that we can against hackers, cyberattacks, and known and unknown threats, using something completely different: pure mathematics and algorithms – all without signatures, the cloud or a drag on your system. And our mission is what drives us.



In May of 2014, Symantec declared antivirus “dead.” Krebs even covered the emerging problems of traditional signature-based AV keeping up with the hackers in his blog. And we at Cylance are proving almost every day the industry’s inadequacy to be true with hundreds of customers (and growing) ripping out their traditional antivirus to install Cylance. Symantec must be seeing the same thing, as they recently released a blog post directly targeting Cylance, stating in effect that “Symantec beat Cylance” in their testing. Unfortunately, they’re using the same 20-year-old calculator that has gotten us in this mess. Why else would their customers be responding to countless infections every year? So when we see such protest from them, and they make such fantastic and unsubstantiated claims of greater efficacy, it actually tells a much bigger story.

In the end, we are honored that Symantec would pay us this much attention. We must be doing something right to deserve these wonderful callouts from Symantec. When 800-pound-gorilla competitors start claiming superior protection in blogs based on internal tests performed by non-technical employees and provide zero details of the tests (sample sourcing, testing methodology and even real results), you begin to think that maybe we are getting to them a bit. A Gandhi quote comes quickly to mind here:

“First they ignore you, then they laugh at you, then they fight you. Then you win.”

And fighting is what they’re doing. But we can’t blame them. What we’re doing at Cylance is revolutionizing the way we protect ourselves by simply exposing the truth about our industry and at the same time, educating the world. By doing so, we are replacing traditional antivirus around the globe with next-generation technology and AI. This must be extremely frustrating for them, as it clearly signals the end of an era is near.

For Cylance customers, what we have developed is nothing short of amazing. And that’s who we’re doing this for, the customers and the victims of poor security protection. We have grown from a tiny, two-person company in 2012 to hiring 10-15 new employees every week because the world is starting to learn just how well we protect them from advanced and everyday cyber threats, and they desperately need better protection. With Cylance, this real protection has finally come, and it is for these customers that we suffer the slings and arrows—and the occasional sniper’s rifle—from competitors.

But make no mistake, if you knew us or walked the halls of Cylance you would see that our success humbles us more every day. We know how lucky we all are to have created such groundbreaking technology with out-of-this world employees. At the same time, we understand, too, that unprecedented growth like this is difficult to accept for many. So we expect more, much more criticism, false claims, and fighting with broad, sweeping, unjustified critiques. Not dissimilar from my days on Guam.

I have but one request for our competitors: please, please fight fair. Make your claims data-driven and disclose them to the world. Your and our customers deserve that much. Customers are never served by unjustified claims and baseless allegations of inadequacy. What they need is the truth. They need help in understanding the security landscape and how to best evaluate technologies and ultimately protect themselves. They don’t need more FUD. This truth method is one I used quite successfully as the founding author of the “Hacking Exposed” series of books, now in its 7th edition. And there will be more exposing to be done here.



AV-TEST, an AV testing company based in Germany (and super nice guys), released the results of their first public test of us this week. Unfortunately, some of our competitors took this release opportunity to declare us dead and that, somehow, the overall AV-TEST results were proof of our failure. In truth, they could not be more categorically incorrect.

Despite Symantec’s claim that they “crushed” us and their implication (if not outright statement) that this test is somehow final proof that what we have doesn’t work, they’ve just shown the world that they, along with Goofy, live in Fantasyland. Please just take the time yourself to look at the details of the AV-TEST report and our detailed breakdown here.

We did what no one else in the world has ever attempted. We threw a brand new approach and technology into the ring of a 20+-year-old broken industry held together with duct tape, baling wire and bubble gum (I should know, as I spent six years at a tier-1 antivirus vendor, leaving as their Global CTO in 2012). And despite AV-TEST’s traditional AV testing methodology, we used only artificial intelligence to stop almost everything they threw at us! The AV-TEST results were amazing and will only get better as we learn more!

Here’s a quick breakdown. AV-TEST looks at three core categories for the “Business User” tests: Protection, Performance and Usability. Our Protection was nearly perfect stopping 99.818% (all but 27 out of 14,798) against a sample set that we HAD NEVER SEEN BEFORE (so effectively they were zero-days to us) and again all with only AI and mathematics—no signatures, no URL filters, etc. Can you imagine no more updates!? No more network saturation?!

Usability was amazing except for one non-business type installer called VLC by VideoLAN (a media player), whose slowness to install we could not reproduce in our labs. And Usability was out of this world with only 28 out of 1,301,225 files called abnormal—for a false positive rate of only 0.00215%. On top of it all, the files our math hit on were such supremely sketchy PUPs that you would never want them running in your company, anyway. Add to all this the fact that we are pure mathematics at our core - this is nothing short of astonishing.

So hate if you want, competitors, but our customers know the truth – because they’ve tested it themselves with the same samples that have bypassed your protection for decades. They know what we do for them. And they are replacing traditional AV almost every day with our AI.


Finally, Gartner just released their new Endpoint Protection Platform (EPP) Magic Quadrant (MQ) and we are the first and only signature-less, artificial-intelligence (AI)-based endpoint protection solution ever accepted into the MQ. We believe the results are nothing short of astonishing and provide validation of everything we’ve worked so hard to achieve. When it comes to being named a visionary, we’re in a league of our own. And with our expanding partnerships with Dell and Blue Coat and many others, we feel our “Ability to Execute” will only improve—so look for movement up and to the right for future years.


Figure 1:  Gartner’s Magic Quadrant for Endpoint Protection Platform (EPP) February 2016 with Cylance leading the pack with our visionary, new approach to endpoint security. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Cylance.*

We believe Gartner’s recognition of our vision, combined with our strong and growing ability to execute broadly and globally now, comes from the technology and the people who have built it – our employees and customers. To them I give my heartfelt gratitude and thanks. We feel Gartner’s MQ placement of us is validation of why we crush ourselves every day to do what we do: Protect those who cannot protect themselves. From the bottom of my heart, thank you to everyone! Now help us spread the word! See the Gartner report and our press release for yourself.

Test It Yourself (TIY)

Finally, as an InfoWorld “Real World Labs” manager, tester and writer for over three years, I am keenly aware of what it takes to build real world environments to test complex software in the lab. It is hard. And despite InfoWorld having some of the best technical talent available at the time, and an editor-in-chief that would rather lose millions in advertising dollars than see our content be influenced by a vendor, the harsh reality is that the closest way to deliver “independent” tests of technology are the ones you carry out yourselves. Install us alongside whatever endpoint protection solution you have today, then try to detonate samples you’ve been hit with before or ones you download from your favorite virus download site (Viruswatch, Virusshare, Malshare, or others, etc.) and compare us yourself. Don’t believe us. Don’t believe our competitors. Believe in yourself, and Test It Yourself.

We are NOT perfect. We’ve never said we were. And we never will be. But we will always pursue the unattainable “perfection.” The rest of the industry has just given up. We never will. To get CylancePROTECT in your environment, contact Cylance.

*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Stuart McClure

About Stuart McClure

CEO, President, and Founder of Cylance

Stuart leads Cylance® as its CEO for the first math based approach to threat detection, protection and response. Prior to Cylance, Stuart was EVP, Global CTO and General Manager at McAfee/Intel. Stuart is the creator and lead-author of the most successful security book of all time, Hacking Exposed. He is widely recognized for his extensive and in-depth knowledge of security, and is one of the industry's leading authorities in information security today.