Second wave machine learning from Cylance®: lightweight and effective endpoint protection
Due to the rise in the number and voracity of cyberattacks, there is a widening security talent gap, with many organizations needing to either recruit in a hurry or look to third-party providers to protect systems.
However, Cylance, a company based in California, has a solution for endpoint security which uses artificial intelligence (AI) methods to effectively protect organizations without massive overheads; either for network traffic or human resources.
Many readers of the tech press will be rightfully wary of the AI label – the whole machine-learning / artificial intelligence / deep-learning / intelligent-machine paradigm is being faithfully trotted out by marketing departments desperate to get on the latest tech bandwagon. Last week, it was an order of blockchain on the side, this week, it’s AI to go.
Cylance’s solutions for endpoint protection, however, do bear serious scrutiny.
In fact, its ML model is in line with DARPA‘s definition of second wave machine-learning algorithm – this article contains a full description of the DARPA ML wave definitions and what constituent parts make up the second wave.
Cylance’s solution for endpoints is dual layer, prevention-first solution: CylancePROTECT® reduces the attack surface available to hackers and even on its own, has the AI power to ameliorate most attacks.
But as a second layer, CylanceOPTICSTM (recently with upgraded routines showcased at the San Francisco RSA Conference April 16 this year) uses machine learning modules to identify file-less attacks, unknown zero-days, and malicious application behaviors.
Data is stored and analyzed on the endpoint, meaning that those nodes unable to connect even to a LAN (or cloud, or in-house deployment/definition servers) retain their protection. Of course, the software does need occasional updates – but only when the machine model has been improved.
The endpoint-based client (less than 60MB, typically) contains a model of how software should work and so can prevent anything which behaves anomalously from running.
A document with executable code and no GUI? A hardware driver that can run independently? What data presents itself as and what it actually is are two quite separate things, and with a reasonable model of what’s normal, even the isolated endpoint can function trouble-free.
In traditional systems, there’s usually a database of virus/malware signatures which needs to be checked, and definitions require dissemination to endpoints in some form – either pushed for use en situ or available as a networked resource. Either option depends on precious processor cycles and network availability.
Alternatively, first-wave ML-powered cybersecurity applications require the endpoint’s power to process new signature detection algorithms, and even then, will miss any new threats which are simply not detectable by known malware signature comparisons.
But with no updates required for independent operation, nor any use of serious chunks of local processor capability, the Cylance solution functions with a light touch, even when offline from the enterprise’s protection.
Another alternative for cybersecurity teams not required with a Cylance deployment is the installation of expensive hardware in-house. The problem is neatly stepped around by the Cylance solution, which provides constant visibility, root cause analysis, and total automation of threat detection, plus speedy on-device response.
For more information visit www.cyclance.com or call to speak to a representative local to you. The most advanced machine learning protection is now available for the most susceptible elements of your network, and deployment is as easy as it is powerful.