“Minds are like parachutes; they work best when open.” – Thomas Dewar
I spent the formative years of my security career on the front line as a help desk engineer. I thrived on solving new challenges every 30 minutes and I felt the pain of technology firsthand – both from a user’s perspective as well as an administrator’s. I quickly learned that if technology wasn’t completely seamless, invisible, and painless, it simply was not used.
To that end, I constantly searched for technology solutions and automation that removed friction and layers for the user. Despite being inundated with the slogan of the day that “nobody ever got fired for buying IBM”, I almost never used the “phone a friend” option or outsourced my decision making. This groupthink mindset was the path of least resistance and would have been much more comfortable, but this strategy rarely, if ever, solved the core of the problem I was fighting. Instead, I forced myself to research, test, and pilot in order to come to my own conclusions. Once I did, people began asking for my advice. This ultimately led to working at InfoWorld Test Center for many years. During my tenure, I wrote countless product comparisons, reviews, and opinion pieces for the Security Watch column.
Challenging Groupthink To “In-Source” Your Decision Making
Independent decision making isn’t new, and certainly isn’t confined to the world of technology or cybersecurity. When my wife, Tusdi Vopat, was diagnosed with Lupus in early 2012, she followed the recommendation of one doctor after another, taking prescription after prescription – all to no avail. Her health deteriorated quickly. She was in constant pain and could barely get out of bed every day. Western medicine’s only suggestion was to add layers – take one NSAID for pain, a steroid for inflammation, and yet another for the side effects of the pain and inflammation medication. Then, you must take different medications for the side effects: weight gain, fluid retention, trouble sleeping, etc. The entire experience was beyond frustrating – it was aggravating and outright absurd.
With her quality of life in the balance, she took it upon herself to #ThinkBeyond. She researched her debilitating and life-threatening auto-immune disease on her own, contrary to her doctors’ advice, and it has ultimately saved her life. She educated herself about the healing power of food, stress reduction and toxins in her environment. We both went on a multi-year journey of a vegan, gluten-free, and a detoxifying lifestyle that included stress reduction and exercise to heal her body from within. Numerous doctors warned her time and time again that she was taking severe risks with her health by not following the recommended drug prescriptions, but she knew that her health would decline quickly following that guidance. She is living proof that solving the problem at the core can heal you. Today, Tusdi is in excellent health and lives a full life because she did not outsource her decision making.
When we started Cylance® in 2012, we wanted the public to be empowered like my wife. We all have been taught the same lesson: that prevention is impossible. The best you can do is detect and respond. But, this model has created a Groundhog’s Day of compromise:
- Ask someone you respect for their technology recommendation
- Choose and implement their solution
- Get hacked
This process is textbook and floods me with memories of Bill Murray desperately trying to escape his misfortune in the movie of the same name.
What we believe – that mathematics can solve the cybersecurity problem at its core, predict attacks, and prevent their execution in real time – was blasphemous in the beginning. We challenged the industry to not trust anyone, but rather test for themselves. In many ways, it created a revolution with thousands of customers who today enjoy the quiet silence of a security solution that prevents cyberattacks without them even knowing about it. We claimed we could increase protection while decreasing layers, clutter, and the detritus of our industry. We dared to remove layers of security and increase the level of protection!
The Economics of Insecurity
We have created a monster here in the cybersecurity industry. We have created countless layers of protection that an entire industry (and countless jobs) are now dependent on. We have created an “Economy of Insecurity”.
The simple proof of this dynamic is to look at what happens to the stock prices of publicly traded cybersecurity companies after a mega breach or cyberattack. They increase. This is counter-intuitive and categorically insane. The very companies that produce the same signature-based, detect and respond technology that allow these attacks to be successful get a bump in their stock price despite your suffering? Their revenues increase and your costs climb. Shouldn’t the opposite effect occur? Their stock price should decrease after a breach as it is proof that they cannot stop new attacks. Remember, every victimized organization has a sizable number of almost every public cyber company’s products deployed throughout their environment, and yet they still get hacked. Why? Because we have been taught that an increase in “detect and respond” layers equals greater security. But do layers really increase security at the rate we once believed? Perhaps layers don’t create better security at all.
Figure 1: The clutter of the Old Industry Model has only increased cost and complexity to the customer, and hacking opportunities for the adversary. The Modern Prevention Model removes the clutter and layers and truly prevents unknown attacks.
Did you know that legacy cybersecurity companies, industry analysts, financial analysts, and independent review houses all benefit financially from these additional layers, but you, the customer, do not? Your costs increase, your complexity increases, your overhead increases exponentially. But, what if you could remove almost all of the layers you employ and prevent more than 99% of all cyberattacks? How could you ignore this potential?
Figure 2: The Old Industry Model increases everything – revenue for the industry, customer cost and complexity, and hacking attempts. The Modern Prevention Model does the opposite.
Prevention *Is* Possible
We’ve proven time and again that you do not need all the layers of security to prevent cyberattacks. Using mathematics in our DNA, we have produced technology that prevents the unknown unknowns in cybersecurity.
Figure 3: Cylance has shown every year since our first product release in 2014 that prevention is possible.
When someone says that Cylance isn’t a leader, how can you go against them? Won’t that jeopardize your credibility and stature at your company? Won’t it be a struggle to follow a small company’s advice? On the contrary, your initiative will only bolster your bravery, vision, and leadership in your company. You will be seen as I was in the first third of my career, as a peer to call for advice, and when someone questions your choice of Cylance, ask them this simple question: “How many vendors in your analysis actually prevented WannaCry or Petya or NotPetya or Bad Rabbit (or any of the latest cyberattacks) before the world saw any of them for the first time?”
There is only one vendor: Cylance.
When we started Cylance, we asked much from our customers: Don’t trust analysts, don’t trust independent testers, and don’t even trust us. Just test for yourself. We created the #TestForYourself campaign in 2016 and empowered thousands of companies to test the existing and new technology solutions themselves and judge for themselves. We created guides like “Next-Generation Anti-Malware Testing for Dummies” and inspired folks like Testmyav.com to help everyone understand that there is a better way. Now, we are saying “Thank You”!
Cylance customers accepted the challenge we put forth and they are now raving, fanatical customers, sleeping soundly at night and never going back to the way it was. You are the true visionaries and leaders in this world. Thank you for believing and showing the world that a decrease in costs and increased security is possible. What’s been created is nothing short of unbelievable. We’ve grown faster than ever thought possible because of your faith, loyalty, and commitment to the vision.
Figure 4: Cylance’s growth rate compared to a selection of other publicly traded technology companies and the time they took to reach $100M in annual revenues, measuring from the time the first product shipped.
For those reading this blog who haven’t tried Cylance yet, we are asking for you to #ThinkBeyond. Don’t rely on others for solutions that only you have to live with. Trust yourself, #TestForYourself, and #ThinkBeyond. Thousands of our customers already have and don’t lose one minute of sleep over the next “XYZ cyberattack”. Will you?
President and CEO, Cylance
For more on why we should all #ThinkBeyond, read The Complexity of Simplicity by Daniel Doimo