Skip Navigation
BlackBerry ThreatVector Blog

The Groundhog is Dead

FEATURE / 07.22.16 / John McClurg

For years, one of my favorite movies has been Groundhog Day, which chronicles the tale of a narcissistic weatherman doomed to live the same day over and over again. This maddening process makes him feel none too different from the way I’ve felt professionally when, over the years, I’ve found myself time and again battling the same threats and vulnerabilities over and over, as though stuck in a cycle from which I could never break free.

Well, I’ve got great news for you: the groundhog is dead! Impaled by the prowess now brought to the battle space by Cylance® and its ground-breaking technology that combines the powerful application of mathematical modeling with artificial intelligence and machine learning. I’m so impressed by what Cylance is bringing to the endpoint protection battle space that I’m excited to announce that as of today, I’m joining their ranks as their new VP and Ambassador-at-Large.

Moving Further Down the Kill Chain

Cylance has, for a number of months, been a critical partner of Dell, with their endpoint security products made available as a ‘top shelf’ option one could choose when purchasing the Dell Data Protection/Encryption solution. So this transition for me is less of a move away from Dell, where I’ve served these last five years as its CSO, as it is a logical next step, moving further along Dell’s “kill chain” to what I consider to be the pointed end of the spear, where (true to my philosophical roots) I believe I can now bring what will be the “greatest good - to the greatest number - in the shortest period of time.”

I believe that CylancePROTECT® is truly disruptive—unlike anything I’ve seen in the last two decades of my security career. As Cylance’s co-founder and CEO Stuart McClure once observed, “The fundamental flaw in today’s cybersecurity infrastructure is that detection happens BEFORE prevention. Human-generated signatures, based primarily on previously discovered samples, have failed to solve the problem as zero-day malware continues to operate silently and unimpeded.” 

Wielding the strength and speed that comes from having mapped the genomic structure of computer files, Cylance can detect in less than 100 milliseconds any deviation by an adversary from the pure file characteristics of the hundreds of thousands of files continually analyzed and classified by Cylance. Files are broken down to an atomic level in real time, constricting the battle space and enabling Cylance’s artificially-intelligent agent to discern whether an object is “good” or “bad”. Cylance’s endpoint protection products are capable of detecting and quarantining malware in both open and isolated networks, and all without the need for an Internet connection or continual signature updates - a practice that has in the past proven so problematic in large and even small corporate environments.

Cylance’s mathematical approach stops the execution of harmful code, regardless of whether the cybersecurity community as a whole has prior knowledge of it, or whether an adversary is employing a novel or otherwise unknown obfuscation technique.

Cylance: Cybersecurity for an Insecure World

What really sold me on Cylance, however, was an independent test we ran at my former employer after a particularly painful and costly advanced persistent threat (APT) attack. Replicating the attack sequence after the fact in our lab, we determined that if we’d had CylancePROTECT up and running at the time of the attack, the adversary would not have gained entrance.

While I have been grateful over the years for the threat capture rate of 20% offered by some of my historic industry partners, those rates of capture or deflection just don’t cut it in comparison to Cylance, whose success rates I’ve seen personally validated in the realm of six sigma (99.9%).

The proactively predictive capabilities of Cylance’s mathematical modeling and continuous machine learning have infused new life into my professional aspirations. Given my limited cognitive capabilities and physical endurance to keep up with the cadence, volume, and sophistication of modern threats, I do not know how much longer I could have persisted in the groundhog’s ever-repeating, head-in-the-sand world of the reactive, particularly in today’s interconnected cyber-landscape, characterized by ever-growing physical connectivity and resource constraints.

Cylance changes and redefines all that, and heartens me with the knowledge that there is one pure form of the “continuous” that I welcome - that of continuous learning and training based on new data and new techniques. To that end, I believe that the Cylance engine is truly “future-proof” and will not lose efficiency over time, even as attackers morph their strategies as we fully know they will.

In that battle, I look forward now to “locking shields” with all of you.

John McClurg
Cylance VP and Ambassador-at-Large

John McClurg

About John McClurg

Sr. Vice President and CISO at BlackBerry.

John McClurg serves as Sr. Vice President and CISO at BlackBerry. McClurg engages the industry around the globe on the risk challenges today and how BlackBerry uniquely mitigates them with the application of machine learning and other AI supported solutions. He champions a move from a historically reactive security posture, to one focused on proactively predicting and mitigating future risks.

Before BlackBerry, McClurg served as the Ambassador-At-Large of Cylance and as Dell's CSO, where his responsibilities included the strategic focus and tactical operations of Dell’s internal global security service. He was also charged with the advocacy of business resilience and security prowess, the seamless integration of Dell’s security offerings, and with improving the effectiveness and efficiency of security initiatives.

Before Dell, McClurg served as the VP of Global Security at Honeywell International; Lucent/Bell Laboratories; and in the U.S. Intel Community, as a twice-decorated member of the FBI, where he held an assignment with the U.S. Dept of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence.

Prior to that, McClurg served as an FBI Supervisory Special Agent, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center, or what is today known as the National Infrastructure Protection Center within the Dept of Homeland Security.

McClurg also served on assignment as a Deputy Branch Chief with the CIA, helping to establish the new Counterespionage Group, and was responsible for the management of complex counterespionage investigations. He additionally served as a Special Agent for the FBI in the Los Angeles Field Office, where he implemented plans to protect critical U.S. technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces.