An obvious goal in the world of real-world cyber-security is the ability to identify and prevent unknown threats to systems before they reveal themselves and compromise systems.
A new way of achieving this, which claims a more-than 95 percent detection rate, has come from US-based Cylance, with what it claims is the first math-based threat detection and prevention tool, known as CylancePROTECT.
This takes a mathematical and machine learning approach to stop advanced threats on endpoint computers. Without the traditional use of signatures, rules, behaviour, heuristics, whitelists or sandboxing, it can identify and render new malware, viruses, bots, zero-days and unknown future attacks useless.
“Attacks keep evolving, bypassing all kinds of traditional security technologies”
“The fundamental flaw in today’s cybersecurity infrastructure is that protection requires detection, and detection requires a patient zero,” said Stuart McClure, Cylance founder and CEO. “Human-generated signatures, based primarily on previously discovered samples, have failed to solve the problem as zero-day threats continue to operate silently and unimpeded.”
Claiming to be the first company to apply algorithmic science to security in a scalable way, Cylance is delivering a new threat detection model based on patent-pending technology that instantly determines what is safe and what is a threat without ever having to have seen the threat before.
The company has deep security domain experience, allowing it to combine the understanding of a hacker's mentality with algorithmic intelligence and best practices. This enables CylancePROTECT to be truly predictive and preventive against advanced threats.
“Attacks keep evolving, bypassing all kinds of traditional security technologies," said Richard Stiennon, chief research analyst at IT-Harvest. "The market is ripe for a revolutionary new solution to securing the endpoint. Cylance’s approach is the most exciting innovation in endpoint security I have seen."
The Cylance approach has produced the most accurate, efficient and effective solution for preventing advanced malware and persistent threats from executing on endpoints. Internal testing versus third parties discovered a 500X improvement in detection of all data, good and bad, with the ability to stop 100 percent of what is found. The company claims that other solutions miss what has not already been previously identified and often can’t block the majority of what it does see.
As an example, CylancePROTECT can protect against nested malware delivered in a legitimate application.
It is designed to complement existing endpoint security and be non-impactful to administrators and end users. Its value is to eliminate the concern for unknown and advanced threats, often missed by the other solutions.
CylancePROTECT uses a small agent that sits on top of current solutions and integrates with existing management software for ease of distribution and management. Most importantly, it is not required to be continually updated, and gives the administrator complete control over configurability from the management console.
“Current endpoint technologies claim high detection rate, but in actuality the real rate is often much lower, sometimes under 50 percent,” McClure added. “No other endpoint protection product compares to the accuracy, ease of management and effectiveness of CylancePROTECT, which has more than a 95 percent detection rate.”
It is equipped with a web-based management console and can be integrated with third-party management systems, group policies and structures. It can work with whitelists and blacklists for administrative granularity and provides social threat awareness of what else is infected.
The detection mode works through passive auditing and provides self-protection against user or attacker tampering. It also uses memory protection and execution control to prevent injection and hijacking techniques, overflows and in-memory execution techniques.