CylanceV delivers a new threat detection model that instantly and mathematically determines what is safe and what is a threat in the broadening “grey list” spectrum of unknown data – without the use of signatures, heuristics, behavioral analysis, sandboxing detonation or micro-virtualization.
It categorizes files, applications, executables, services, drivers, libraries and others as “safe” or “threat” using sophisticated mathematical analysis. Traditional black lists identify only the known bad – attacks that are successful either in the real world or in a virtual sandbox environment. But this reactive approach requires both expert malware analysts and a victim, or “sacrificial lamb” – Cylance needs neither.
Typical white lists attempt to solve the problem the opposite way, by restricting acceptable files to only known good software providers like Microsoft or Adobe, but that is only a fraction of the publishers in the world. The vast majority of files in the world are unknown by the security industry, and therefore must be processed in some fashion to determine their maliciousness. This is the dynamically growing world of the “grey list” CylanceV’s next generation, predictive modeling quickly processes and classifies those unknowns in milliseconds – almost instantly determining “safe” from “threat.”
Cylance’s Infinity fabric in the cloud empowers CylanceV to quickly process large volumes of data at scale to improve the effectiveness of identifying modern day malware. By reducing the total amount of information that traditional security misses or cannot classify, it enables IT departments, incident response and forensics teams to save time, improve accuracy and reduce unnecessary investments required to stop and rectify the threat.
Infinity is a cloud-based, non-signature, non-heuristic and non-behavioral predictive analytics engine that couples advanced mathematical analysis and machine learning with data science modeling to make highly accurate decisions.
“The average organization gets millions of notices daily from its combined security infrastructure when it identifies malware, attacks and unusual behavior, making once highly valuable information now overwhelming for IT managers to process and impractical for today’s technology to determine,” said Glenn Chisholm, CTO of Cylance. “Finding that needle in the needle stack is what Cylance is all about. Processing the sea of unknowns manually is unsustainably tedious and impossible to stay ahead of, extending the time to discover breach compromise. Existing advanced malware technologies work to discover new threats, but their capability has financial and operational limits.”
CylanceV also makes smart solutions smarter by adding detection intelligence to what is good and what is bad, improving the efficiency and accuracy of security teams by identifying the true threats present in the “grey list.” Complementing existing security infrastructure, 3rd party technologies and home grown tools, like SIEMS, sandboxing and custom code, respectively, the combined solution improves the context surrounding suspicious activity. This helps security teams prioritize threat remediation actions.
In practice, Security Operations Centers (SOC) almost universally require integration with other analysis systems to provide context around the alerts received, as well as additional segmentation from CylanceV to help separate a legitimate incident or attack from a phantom or red herring. CylanceV allows any SOC to harness the power of Cylance’s Infinity to instantly determine whether a case needs to be opened and processed, saving thousands of dollars every year.’
Additionally, with more impactful and time sensitive attacks, forensic and incident response personnel can use CylanceV and the real time connection to Cylance Infinity via a cloud API to send both hashes and/or files, in a secure way, for deep interrogation of what’s safe and what’s a threat.
Cylance is the first to apply existing principles of algorithmic science (used today in high frequency trading, insurance and pharmaceuticals) to the world of security. Unlike traditional security infrastructure, Infinity has the intelligence to attribute features of disparate objects and never before seen elements into data that predictably qualifies that element into a threat or non-threat at accuracy far greater than what exists today.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.