The Channel logo

News

By | John Leyden 12th November 2015 11:31

Got to be better than human protection: New firm using machine learning anti-malware

Last stand against infection in UK biz drive

RotM Security firm Cylance is using machine learning to fight what many firms regard as the already lost battle of keeping computers free of malware.

While mainstream thinking in the industry has moved towards acceptance that malware infections are inevitable and the focus has to be on detection and response, the US startup isn’t ready to throw in the towel. It claims its rule-based engine is far more effective than conventional antivirus software from the likes of Symantec and Intel Security (McAfee).

“Prevention is better than detection after the fact and the only way you can do that is with a machine,” said Grant Moerschel, sales engineering director at Cylance.

The firm is applying a stats-based approach to threat detection that it claims offers 99 per cent detection rates in comparison to the 40 per cent figures of conventional antivirus. Its technology has been trained using a sample of 300 million known good files and 300 million known bad files to understand the markers of malware that do not change even as crooks repackage their wares or make minor changes. The technology is not based on either sandboxing, signatures or conventional signatures.

“Our technology is extracting the DNA of malware before making a run-time judgment call, based on what’s statistically relevant,” Moerschel explained.

Some of the rules the technology follows is based on the experience of Cylance staff with a background in incident response.

Limited testing through VirusBulletin has been carried out but nothing conclusive to validate Cylance’s machine learning and deep learning approaches. However two clear advantages are apparent.

Firstly Cylance’s technology doesn’t need to hook into every process running on a desktop and therefore has a lower footprint. Secondly its agent can run effectively on air-gapped machines. This is important in industry sectors as diverse as oil and gas production, retail (point of sale terminals) and healthcare.

Cylance named Ignition as the first channel provider of CylancePROTECT endpoint protection products for the UK earlier this week. The announcement follows a $42m equity investment from investors, including DFJ, Dell Ventures, Capital One Ventures, and KKR, funds the three year-old startup plans to plough into sales and marketing. The technology is being marketed as a replacement for traditional antivirus packages.

Anti-malware firms such as Cylance and Romanian firm BitDefender are starting to talk up “artificial intelligence” as a form of defence. this terminology is perhaps a bit of a misnomer because the software is not actually writing new code for itself and simply following human-defined programming instructions. ®

comment icon Read 18 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'