Math vs. Malware, Signatures vs. AI
According to a Gartner study, security products that do not effectively incorporate advanced predictive and prescriptive analytics, will lose their leadership positions by 2019. This statistic was revealed during a recent product briefing of next-generation antivirus (AV) solution, Cylance.
Cylance Regonal Sales Director, who used to be McAfee’s regional director in Southeast Asia, said, “It’s painful to watch the industry not do a good job. Ransomware is such a simple problem, and yet it creates so much trouble.”
The industry mood right now, is that artificial intelligence (AI) can help, and Ang shared that client enquiries about AI have tripled currently. Another good news is that security has become a board issue now, and there is potential that budgets would increase, as a result.
Ang opined however, that organisations needs to relook where they are currently putting their security budget at, and where they should be spending it on.
For Cylance at least, they have identified via earlier consultation services that attackers get into systems via three main ways – execution of bad codes, compromised accounts and distributed denial of service attacks.
Where the money is at
From the VC perspective, a lot of money is going into companies that provide endpoint solutions.
Traditional antivirus (AV) solutions haven’t been receiving very encouraging press lately. Bad IT hygiene practices and AV have been receiving almost equal blame, whenever ransomware, and especially high-profile ransomware, rears its ugly head.
Ang described, “Antivirus has been commoditised as a product, and isn’t as treasured (as other security solutions). On top of that, it is not working to your advantage and operationally, it is a nightmare.”
Cylance’s endpoint solution, is different as it seeks to proactively protect using a combination of machine learning and artificial intelligence.
Ang shared that the solutions sits on endpoints, as a lightweight agent that doesn’t take up much bandwidth like most AV solutions do.
He described simply that Cylance does not allow bad codes to run, thanks to a combination of almost 8 petabytes of malware data, and a mathematical model, that ensures 99.7-percent accurate knowledge about all that’s been done by these malware.
Math versus Malware
Cylance’s Sales Engineer, Kelvin Wee, explained, “Cylance has the technology to extract up to 2 million attributes of a file. This info is then vectorised into a math model, or in other words, it is converted into something that artificial intelligence can understand.”
Traditional AV on the other hand, use signature-based detection. Wee said, “AV follows a cycle, it needs to ‘touch’ and ‘feel’ malware before it can create a signature.
“Signature-based detection is too slow, and AI is another dimension to protect endpoints with.”
There is a bit of a paradigm shift, from using signatures to a mathematical model now.
With so much hinging on this math model, what does Cylance do to make it robust and sustainable?
Ang had claimed that Cylance is one of few cybersecurity vendors using the artificial intelligence, algorithmic science and machine learning approach, to have so much data about malware.
And, there needs to be continuous collection of malware data, as well as analysis and machine learning of it, in the cloud. This leads to the agent needing to be updated every 6 months,
Wee said, “The end result from all the machine learning will be a lightweight agent consisting of a mathematical model. The agent on the endpoint device will use the mathematical model to determine whether a program is safe to execute or not through static analysis.”
Lightweight updates, in the form of something Cylance calls centroids, can happen after a month or two, to address the 0.3% of malware out there, that Cylance initially missed.
Wee shared that more than one technology has gone into the product, for example “Recurrent Neural Network for Malware Analysis”, which is used within the artificial intelligence learning portion of Cylance’s solution.
“To the best of his knowledge, Cylance is the only vendor with published patents in the field of artificial intelligence and machine learning for cybersecurity.” he said, adding that it demonstrated Cylance’s confidence in their technology.
Cylance had introduced a consumer version of their popular solution, last August. Ang said, “Cylance addresses the consumer and enterprise market now. Now our total addressable market, has doubled.”
They also recognise that beesides applying machine learning to defend against malware, there are more applications for it in more areas of cybersecurity, for example threat hunting, and continuous authentication.
Besides focusing on expanding the business internationally at the moment, Cylance has another machine-learning based solution, slated to arrive by the end of 2017.