3 min read

Why LAN3 Adopted Cylance

February 02, 2016


As has been Lincolnshire County Council have recently experienced, ransomware attacks are more than just a nuisance.

In the case of Lincolnshire County Council all IT systems were taken down, negatively affecting the productivity of a large proportion of staff. Whilst operationally the council was ‘only’ affected for a matter of days, the damage to its reputation will last far longer.

Is it fair for an organisation's reputation to be damaged by a ‘zero-day’ attack? Many would say not.

The good news is that technologies exist today to prevent attacks of this nature causing such disruption. ‘Next Generation’ end-point malware detection and prevention has been available for over two years, but is only now rising to prominence in the UK.

Making significant headway in this market is Cylance. Cylance have proved that adoption of their modern day endpoint malware solution would have prevented all new and historical ransomware attacks.

With many predicting that ransomware attacks will grow in 2016, early adoption of technologies capable of preventing establishments being held hostage is vital.

So…How does Cylance work?

Cylance’s patented artificial intelligence and machine learning based platform has a highly scalable, cloud-based data processing system capable of generating extremely accurate mathematical models for data evaluation.

Cylance automates the mathematical model processing with machine learning. This enables artificial intelligence decisions to solve the extremely challenging security problem of determining which files are safe, and which are a threat. It provides highly accurate results at exceptionally rapid rates.

To achieve this, the Cylance cloud platform performs the following steps:

  1. It continuously collects vast amounts of data from every conceivable source.
  2. It extracts DNA-level features that the machine learning platform itself has determined to be unique characteristics of good and bad files. This is automating and amplifying the job that a human threat researcher could do, to discover if a file is a threat.
  3. It constantly adjusts to the real-time threat-scape, and trains the machine learning system for higher conformity decisions.

Finally, for each file, Cylance assigns a ‘threat score’ that is used to automate policy-based protection decisions — ignore, alert, block, or terminate file/process execution.

The artificial intelligence is manifested by extracting a powerful mathematical model approximately every six months. This becomes Cylance’s flagship endpoint security product, PROTECT, the local endpoint agent.

The following are key elements of the PROTECT solution:

  1. Automated code ‘DNA’ analysis: Analyses every file on your endpoints to find executable elements, it then extracts the core DNA of those files to find malware using the artificial intelligence engine.
  2. Memory protection: Detects memory-based exploits that prevent privilege escalations in addition to system attacks, enabling protection from both direct and ‘drive by’ attacks.
  3. Execution control: Provides policy-based, real-time controls to take a variety of response actions – ignore, alert, block and terminate – when objects are classified as suspicious.
  4. No signature updates: Operates 100% autonomously without a persistent Internet connection, classifying and taking action on threats using an entirely disconnected engine.
  5. Non-disruptive, low-impact agent: The agent is small and typically uses less than 1% of CPU. It is easy to deploy with common software distribution tools.
  6. Centralised management with contextual visibility: Management console provides pre-execution insight and threat intelligence for dynamic analysis. MSI packages and open APIs enable easy deployment and integration into existing infrastructure management.

  • With over 100,000 new threat signatures published daily, mitigating targeted attacks with legacy signature-based defences is an exercise in futility. Using technologies that permit malware to execute in order to detect and respond is an unnecessary approach.
  • New threats require new thinking. Cylance PROTECT is the only endpoint threat prevention solution on the market that leverages the power of algorithmic science and artificial intelligence to detect known and customised malware plus zero-day threats — all without signatures and IP/URL blacklists.
  • Cylance PROTECT can be deployed as a secondary agent to detect and block threats missed by current endpoint security or as a replacement for the current product altogether. In either case, enterprises can rest assured Cylance never sleeps.
  • Cylance PROTECT is a highly-reliable last layer of defence against today’s advanced threats and targeted attacks

Subscribe to the LAN3 Blog

Topics: Security

Written by Martin Jones @ LAN3