RotM Security firm Cylance is using machine learning to fight what many firms regard as the already lost battle of keeping computers free of malware.
While mainstream thinking in the industry has moved towards acceptance that malware infections are inevitable and the focus has to be on detection and response, the US startup isn’t ready to throw in the towel. It claims its rule-based engine is far more effective than conventional antivirus software from the likes of Symantec and Intel Security (McAfee).
More ReadingAlibaba says 'open sesame' to AI, 1,000 new jobs in $1bn cash splashMcAfee Security Manager lets anybody bypass managers' securityCryptowall 4.0: Update makes world's worst ransomware worse stillStuxnet-style code signing of malware becomes darknet cottage industryVXers eyeing 'undetectable' codeless code-injection technique
“Prevention is better than detection after the fact and the only way you can do that is with a machine,” said Grant Moerschel, sales engineering director at Cylance.
The firm is applying a stats-based approach to threat detection that it claims offers 99 per cent detection rates in comparison to the 40 per cent figures of conventional antivirus. Its technology has been trained using a sample of 300 million known good files and 300 million known bad files to understand the markers of malware that do not change even as crooks repackage their wares or make minor changes. The technology is not based on either sandboxing, signatures or conventional signatures.
“Our technology is extracting the DNA of malware before making a run-time judgment call, based on what’s statistically relevant,” Moerschel explained.
Some of the rules the technology follows is based on the experience of Cylance staff with a background in incident response.
Limited testing through VirusBulletin has been carried out but nothing conclusive to validate Cylance’s machine learning and deep learning approaches. However two clear advantages are apparent.
Firstly Cylance’s technology doesn’t need to hook into every process running on a desktop and therefore has a lower footprint. Secondly its agent can run effectively on air-gapped machines. This is important in industry sectors as diverse as oil and gas production, retail (point of sale terminals) and healthcare.
Cylance named Ignition as the first channel provider of CylancePROTECT endpoint protection products for the UK earlier this week. The announcement follows a $42m equity investment from investors, including DFJ, Dell Ventures, Capital One Ventures, and KKR, funds the three year-old startup plans to plough into sales and marketing. The technology is being marketed as a replacement for traditional antivirus packages.
Anti-malware firms such as Cylance and Romanian firm BitDefender are starting to talk up “artificial intelligence” as a form of defence. this terminology is perhaps a bit of a misnomer because the software is not actually writing new code for itself and simply following human-defined programming instructions. ®