Machine Learning in Cybersecurity Solutions: How One Expert Makes Smarter AI Choices
If you want to know the best cybersecurity tools on the market, ask a hacker.
That’s what GDEX Chief Information Officer Melvin Foong did, back when he worked in digital forensics, investigating suspected cybercrimes. As his career progressed, he maintained contact with multiple ethical hackers, including some of the best in the field. Frustrated with the limitations of most antivirus software at the time, he reached out to one of those contacts.
“I asked him which solution gave him the most trouble when he was trying to install malware onto a system,” Foong recalls. “He told me that after a million trials, Cylance stood out. It was very new at the time, but somehow it was still a huge roadblock for them.”
Foong went on to become the first enterprise IT professional to bring Cylance® technology to Malaysia, even before distributors were aware it existed. Five years later, he still trusts BlackBerry® technology, recently deploying CylancePROTECT® to replace GDEX’s existing signature-based antivirus. For Foong, what stands out about the solution is its unique “prevention-first” approach.
“A detection and response mindset to me means that you expect something to have already exploded, and you’re cleaning up the mess,” says Foong. “It’s all post-execution stuff—looking at frameworks, finding the point of entry, identifying the attack path, and so on. Cylance started with the idea of prevention-first, so it doesn’t rely on execution, behaviors, or attack frameworks.”
The AI Edge
AI-based cybersecurity solutions are much more common now than they were in Cylance’s early days. While this means there’s now no shortage of security platforms that apply machine learning, the quality of the algorithms and how they are applied vary greatly from one solution to the next, according to Foong. Relying on vendor claims is not sufficient to tell the difference. Again, he falls back on his background as an investigator to root out the truth.
One of the first things he does when he learns about a new AI-based malware prevention solution is to perform a USPTO search on patents. He looks at each patent related to the solution and reads what it does. Does the solution truly use AI for preventative security, or does it use AI to write malware signatures?
“Signature-based malware protection isn’t good enough; it doesn’t work,” Foong explains. “I’ve seen many cases where malware still resides in a machine after being found by a signature-based solution, waiting for the right time to resurface.”
For Foong, CylancePROTECT represents the culmination of these characteristics—and it stands at the top of the market for AI-based malware prevention.
“People often ask me why I trust Cylance,” Foong notes. “I don’t do so blindly. I regularly evaluate the effectiveness of CylancePROTECT, and it’s never failed me."
“I also know that not a single Malaysian client using it has experienced a successful cyberattack,” he concludes. “The AI is mature enough to be very, very good at what it does. And I’ve read BlackBerry’s patents, so I know that it does what it’s supposed to.”
Read the full case study