Skip Navigation
BlackBerry Blog

What it Really Means to Be Next-Gen

NEWS / 11.30.16 / Ryan Permeh

Legacy security vendors, who seek to perpetually confuse the marketplace in an effort to maintain their ever-dwindling share of sales, repeatedly claim that innovative solutions are only considered “next generation” as a function of time. They also falsely assert that “next generation” is nothing more than a marketing vehicle startups use as an immeasurable differentiator.

These notions couldn't be further from the truth. A true next-gen solution emerges from a necessary reimagining of what proactive prevention and protection should actually look like in the face of modern threats.

We were already there, and could see that the antivirus (AV) industry was utterly failing, so we felt the need to develop a more effective alternative for our customers.

Why Add More of What is Already Failing?

Legacy endpoint security suites predictably rely on layer after layer of functionality piled upon one another. This is because for the better part of three decades, as attackers refined and advanced their techniques, the AV industry believed the answer was to just add another layer of resistance. Each of these extra layers comes at a cost to the end-user in terms of reduced system performance, expansion of the attack surface, and an increased number of potential points of failure in the tool itself.

In this way, legacy antivirus tools became much like a medieval knight with ever more inflexible armor. Instead of adapting to the more sophisticated threat landscape over time through innovation, legacy AV companies simply added more and more layers of useless metal. As our adversaries continuously adapt and grow in numbers, ‘Big AV’ continues to add more cumbersome junk armor rather than planning new tactics and strategies to repel the invaders for good.

This lack of investment in innovation may have served them and their shareholders well in an era where they dominated the marketplace and consumers had little choice, but it left their customers to pay the ultimate price in headline-grabbing security compromise after compromise.

In recent years, we’ve found ourselves facing adversaries operating as agile advanced tactical units armed with modern armaments rapidly advancing on high value targets. Still, legacy AV companies just continue to add ever more reactive performance-crushing functions that do almost nothing to counter the adversary’s advance, all the while never considering that maintaining this approach – while less expensive than true innovation - is a delaying tactic at best.

Testing Companies and Analysts Remain Complacent

Testing companies and analysts have also fallen into the same ‘More is Better!’ trap as the legacy AV companies in their desire to cling to what they know. They have designed their testing standards to simply be the measure of how many layers of reactive junk a tool can offer, despite the overwhelming evidence that this reactive approach is not in any way effective.

Despite the rash of breaches afflicting companies ‘protected’ by these legacy products, analysts and testing houses continue to add more checklists and metrics that have been proven to be meaningless in real-world scenarios, all the while applauding and encouraging legacy AV to continue to make user's systems more overburdened, while still failing miserably at preventing attacks. 

In considering what it means to truly be a next-generation endpoint security solution, we looked at the past, present, and likely future for both the attackers and the defenders. In doing so, we soon realized that to overcome the problem presented by archaic AV bloatware, we needed to design an entirely unique solution from the ground up, effectively reimagining what a proactive malware prevention solution should be.

Freeing our minds from the status quo provided us the luxury of being able to think holistically without decades of inertia holding us to a doomed path.

After studying our attackers and their attack methodologies in extraordinary depth and detail, we designed an artificially intelligent ‘immune system’ that predicts an attacker’s likely trajectory. Using the power of artificial intelligence and machine learning, our product knows the difference between a ‘good’ file and a ‘bad’ file because we have taught it exactly where past attackers have come from, where they are today, and leveraged that knowledge to predict with great accuracy where they might be going tomorrow.

By using this unique approach that focuses on pre-execution prediction, our endpoint protection product, CylancePROTECT®, has been reliably demonstrated to stop malware (including zero-days) dead, with an unprecedented real-world efficacy rating of over 99%. With over three million networks protected by Cylance to date, we are proud to be listed as one of the Top 30 US companies on the Inc. 5000 list for 2016, which tracks the revenue growth of America’s fastest-growing private companies.

Says Cylance Founder and CEO Stuart McClure, in a recent interview with

"There is no such thing as 100 percent security. There is always some way in. But now, as artificial intelligence and machine learning have improved, you can prevent the hackers of today and tomorrow, because hackers use the same techniques."

Next-Gen is a Function of Innovation

We can unapologetically say that trying to force a rapidly evolving industry into the broken mold of the past is more than counter-productive; it is essentially the road to ruin.

You don't need endless layers weighing you down if the solution you employ is designed to deal with attackers in an adaptable, intelligent way, evolving as they do, blocking every intrusion attempt in real time. It is time for industry analysts and testing companies to embrace the paradigm shift that is fundamentally changing how we must approach the persistence of malicious code.

The only way forward in this conflict against an ever-more-sophisticated adversary is to maintain a relentless focus on doing what is required to stop the attacks of today and tomorrow by learning from the attacks of yesterday. Every other alternative is simply a sideshow distraction, and comes at a dire cost to the user.

We will not succumb to the incumbents’ complacency. That is why we are next-generation.

Ryan Permeh
Chief Scientist and Co-Founder at Cylance

Ryan Permeh

About Ryan Permeh

Senior Vice President and Chief Security Architect

Ryan works within the office of the CTO to define technology strategy and architecture, that will help integrate technology across BlackBerry and focus it towards reducing customer risk. Ryan has been in the security industry for over 20 years and has a long history in both offensive and defensive security. Ryan came to BlackBerry as part of the Cylance acquisition. He was co-founder and Chief Scientist of Cylance and led the architecture behind Cylance’s mathematical engine and groundbreaking approach to security. Prior to co-founding Cylance, he previously served as Chief Scientist for McAfee focused on technology strategy, and as a Distinguished Engineer at eEye Digital Security focused on building security assessment tools.

He has published numerous articles, papers, and books, and is a frequent speaker at conferences around the world on the topics of security, privacy, machine learning, and entrepreneurship. His research has led to numerous innovations in both offensive and defensive security technology and he has published over 20 patents in the security and data science fields. He is known as the discoverer and primary analyst of the “Code Red” computer worm and contributed to many other analyses of significant threats over his career.