Join Our Breach Prevention Program 

Start with a Free Dark Web Scan and Baseline Security Assessment. Your Protection is on Us!

Tech Insights


Contributor Columns on Information Technology and Security

Cybersecurity Startup Cylance Protects Critical Infrastructure from a Cyber 9/11 Style Attack

As anyone who has been watching the cybersecurity area has noticed, the threat level from cyberattacks has risen dramatically. Not only do we have to worry about cybercrime or theft of corporate secrets, but we are now beginning to understand that a determined enemy could take down our basic infrastructure – utility grids, water treatment facilities, chemical plants and even air traffic control systems.

As anyone who has been watching the cybersecurity area has noticed, the threat level from cyberattacks has risen dramatically. Not only do we have to worry about cybercrime or theft of corporate secrets, but we are now beginning to understand that a determined enemy could take down our basic infrastructure – utility grids, water treatment facilities, chemical plants and even air traffic control systems.

To defend against the rapidly evolving cyber threat environment, new, more pro-active approaches to cybersecurity are required. One company is taking an aggressive proactive approach to cybersecurity – one that confronts the worst threats imaginable – is an innovative startup called Cylance.

Joining us today is Greg Fitzgerald, the Chief Marketing Officer of Cylance.

IT Specialist:  Thank you for joining us today Greg. To start with, can you provide our readers and overview of the background of Cylance founders, and your team's inspiration for launching Cylance? 

Greg: Over a decade ago, Stuart McClure realized that cyber security requirements were accelerating faster than IT departments could keep up.   Preventive technologies, skilled people and processes were behind the curve. So, in a fundamental belief that prevention is possible, he focused on understanding the mentality and tactics of the bad guys. In 1998, he published the world’s preeminent book, Hacking Exposed.  This book is now the guiding authority empowering IT departments to protect themselves.  He created Foundstone to enable vulnerability management for the masses and sold it to McAfee where he became GM and Global CTO.

Ryan Permeh was a founder of eEye, an early successful vulnerability management vendor that was bought and then became McAfee Chief Scientist. He ran the infamous McAfee TRACE research team that detected, identified and protected McAfee customers.  In concert with Stuart, he too realized that the threats were leapfrogging the detection/prevention technologies and a new model was needed.  As part of the technology evaluation team for McAfee merger and acquisition group he also recognized that there was no innovation in prevention technologies.

After realizing that the big security companies were not innovating fast enough to keep up with the threats, Stuart and Ryan founded Cylance to change the way companies, governments, and end users proactively prevent advanced cyber threats.   Recognizing that algorithmic science and advanced mathematics combined with machine learning was proving to be a valid and highly accurate form of data processing in other industries like insurance, trading, pharmaceuticals, and ecommerce they worked to build a model that can be applied to cyber security. Cylance is proving this is a more accurate and differentiated approach that is truly predictive and preventative against cyber threats than anything being worked on today.

IT Specialist: What is your assessment of the overall cybersecurity environment today? From my perspective, it's extremely threatening. First off, we see attacks by foreign governments such as the Chinese military, which seems to be able penetrate the defenses of pretty much any American organization they choose to. On top of that, what is truly terrifying is how vulnerable our basic infrastructure - utilities, pipelines, water supplies, financial institutions - seems to be. If what's out there in the media is true, we are talking about attacks that could make something like 9-11 look like child's play - is the security environment as bad as it appears, or is some of this over-hyping by the media?

Greg: Cylance’s overall belief is that existing security infrastructure is necessary, but not sufficient to detect and prevent today's threats. A few things have occurred over the past decade to make our situation today more hostile. 

First, attacks are now more sophisticated.  The volume of unique malware has not necessarily grown. Rather the derivatives of the same models have morphed to be undetectable by today's technologies while still achieving the same objective. Today, countless techniques exist to bypass these once stalwart protection technologies including packers, mutation engines, obfuscators, encryption and virtualization bypass techniques. Within milliseconds, a once easily detected malicious file can be altered to be completely invisible to even the best detection technologies while remaining functionally identical to its original. This allows the bad guys to easily bypass security infrastructure that once detected them with ease.

Second, the 'bad guy's infrastructure for initiating harmful activity is now mature. Easy "black market" access to botnets, millions of machines, pre-existing code, and pre-identified vulnerable targets is readily available. What was once a black art, is now as simple as visiting a single URL.  Rules, regulations, laws and prosecutions have not kept up with the pace or cross jurisdiction cooperation.  All this increases the number of potential people behaving badly.

Third, while people like to attribute attacks to a specific nation-state or named group, the threats, regardless of origin or threat actor, is not about Who, but what they are doing and how.  So it is very real that attack vectors are expanding.  Bad guys are now taking notice of critical infrastructure like oil & gas, electrical, nuclear, hydro and financial sectors.

Additionally, now that almost everything is networked or wireless, vulnerabilities are being exploited in everything from building automation systems (Industrial Control Systems), medical equipment, to HVACs and automobiles.  Attackers are non-discriminate and have more time, skills and resources than all the defensive companies combined.  Thus, while the environment seems dire, the fact is that proper processes and configuration of technologies can thwart attacks and hacks.

We don't need to live in fear. But we do need to be aware of our environment.

IT Specialist: a couple of things about Cylance jump out at me. First, you're focus seems to be on combating the most advanced and sophisticated cyberthreats out there that traditional tools will not be able to detect - i.e., you're not necessarily focused on run of the mill malware targeting an Android phone, but rather advanced threats that most of us may not know even exist in the cyberworld. And second, your posture seems to be very much focused on the front-end prevention side, including an ability to predict the probability of future attacks. Is this an accurate understanding at a high level of your approach to cybersecurity?

Greg: From a product perspective, we take a far less threat-focused approach to our technology than most vendors.  Meaning, we aren’t solely focused on China, botnets, spyware or whatever the latest threat buzzword is. The problem we see with today’s current IT Security investments is the rapid pace at which these investments degrade. What was an effective technology, inevitably becomes worse over a short time as attackers learn to avoid it. 

At Cylance, we are focused on building future proof products that can identify today’s malware AND tomorrow’s.  We built a learning engine that gets smarter over time with better decision making and confidence, even as attacks change.  We outpace attacker’s ability to change with the power of cloud computing, advanced math and data science.  For those who deploy our technology and processes, they improve the security posture to a point where threats would rather go elsewhere.  Much like a house with cameras, alarms, dogs, and lights, it’s sometimes just easier for the bad guys to go to the next less secure house.  For the advanced threats determined to get in, they have more to avoid, more chance for identification and in Cylance’s case infinitely more accuracy in never getting in.

Cylance fundamentally believes prevention is possible.  All existing technologies today focus on some form of detection before they can take action.  Even the miss named, Intrusion Prevention Systems are not proactive.  They rely on the 'known' and identifying threats before they can offer a protection scheme.  Cylance has created a highly accurate prevention approach that can determine good from bad of an object even if it’s never been seen before.  This is the power and magic of our approach.

IT Specialist: Cylance is quite critical about the capabilities of most of the existing cybersecurity tools available in the market. What do you see as the major weaknesses of most existing cybersecurity tools, and are these fair criticisms? 

Greg: We think it’s fair to be critical of security vendor offerings when recent performance against threats has been so terrible. As innovative security experts we continue to stretch our knowledge and technical abilities to stay ahead of threats. At Cylance, we set out to do something about that, in a big way.  And we are even more critical of ourselves internally.

As industry veterans, we found two truths that have directed our innovation:

  1. Defensive learning hasn’t kept pace with attacker evolution
  2. No sacrificial lambs.  "If you haven’t seen it, you can’t defend against it" is not acceptable.

If you think about the history of defensive solutions, you will find two consistencies.  The first is that humans were always creating a signature of some sort to describe what they saw.  The second is that over time, there became too many signatures to create and apply inside the IT environment.  Whether it’s AV signatures, IOC’s (which are really just more signatures) or Intel (groups of signatures attached to attacker attribution), all these technologies require two things:

  1. Having seen it before.
  2. A human determined how to describe it (as opposed to statistics).

This is a failed model. We realize technologies have attempted heuristics, behavior and other 'automated' predictive approaches, but to much failure.  We believe the reason is being a victim of trying to accomplish too much, bad timing, inaccurate hypothesis and assumptions, and immature technical capability.  Even the 'most advanced' capabilities of today - sandboxing, micro vm, etc. are still 3-7 years old and based on yesterday's threat models.  And as IT professionals we are starving for something new - almost anything.

At Cylance, we are fortunate to have all this on our side.  We are attacking advanced threats entering via endpoints when the existing technology is necessary but not sufficient.  We are creating new models based on statistical significance, determined by machine learning and based on the foundations of math and actuarial science that is only capable today from massively scalable, affordable architectures.   

IT Specialist: Turning our attention to your product suite, can you provide an overview of Presponse. It looks like you are taking a more holistic approach, and are focused as much on the ability to predict and prevent future attacks as you are on combating attacks once they have occurred. Would you describe Preponse as a product offering, or more a general philosophy and approach you take to cybersecurity?

Greg: Cylance Presponse™ is a mindset about preventing the need for a response to cyber threats.  Our holistic security approach combines the understanding of a hacker mentality with algorithmic intelligence and technology that is highly accurate in predicting and preventing advanced threats.

As a service, we help organizations identify compromises, recover after an attack and enable ways to detect and prevent an attack before it impacts business. Cylance Presponse services include advanced compromise assessment capabilities, incident response, unpublished intelligence and secure software development services.   As products, we provide the technology, threat analysis and preventive capabilities to simplify IT manager jobs.

IT Specialist: Turning now to your Cylance Labs Infinity solutions, one thing that really jumps out is that you use machine learning to map out and respond to security threats. When I hear about machine learning, the first thing that comes to mind is Big Data analytics - are you essentially employing what data scientists might consider to be a Big Data solution? 

Greg: Cylance uses Machine Learning to create an autonomous artificial intelligence engine for decision making.  Big Data Analytics is a part of that, but Big Data Analytics and Machine Learning are actually a bit different. Big Data Analytics collects data to discover new information about the data set it currently has and make decisions using that entire data set.  We collect data to train our systems to make decisions.  The difference is subtle, but enormous.  Think “autonomous intelligent brain creation” versus “massive log analytics”.   At some point, we can stop collecting data and still continue to make decisions with a high degree of confidence.  Using only Big Data Analytics, if you miss data during your collection, you simply can’t report on it. 

There is one other massive difference.   We can decouple from the cloud entirely.  Big Data Analytics based technologies cannot.  Our “brain” can make decisions on its own, without the cloud or the need to process massive amounts of data.

IT Specialist: I also noticed that as part of your Infinity Labs solution you have a large private collection of tools, tactics and procedures (TTP's) that are accessible by customers. How unique are they - does it encompass information or techniques that only Cylance possesses?

Greg: Cylance has an extensive services practice that focuses on compromise assessments, incident response, policy review and creation, pen testing and code review among other advanced threat mitigation. They continue to be an excellent contributor to our technology direction to ensure our product offerings have real world capabilities.  That being said, our TTP's collected from our extensive data collection efforts as well as our services efforts is not what defines us.  At Cylance, we believe the intelligence model is just another signature model, and has already been outpaced by the number of attack groups and TTPs in our space. 

IT Specialist: Given that much of the audience are enterprise IT professionals, can you highlight Cylance's value proposition for the enterprise - it looks like you have just released an "Enterprise" solution?

Cylance Cylance is driven to provide IT departments highly elegant and simple technology solutions to the world’s hardest problems.  The goal is to actively protect so IT can more accurately and efficiently tackle their specific situations.

Cylance just announced the public availability of Infinity, which powers the intelligence of all our products and services. This is a highly intelligent, machine-learning, data analysis platform that does not rely on signatures and delivers real-time, highly accurate and predictive threat stopping abilities.

The benefits of Infinity are endless. It can be used to supercharge decision making at endpoints, and woven tightly into existing security systems via a variety of integration options.  It is cloud enabled to support advanced detection on a massive global scale in limited form factor environments, or can operate autonomously while still achieving a stunning rate of protection.

We announced CylanceV to be a cyber forensics tool integrated with Infinity. Created for enterprise Incident Response and Forensics teams as well as IT departments, CylanceV takes the tedium out of tracking down malware on infected computers to determine which files are truly bad.  CylanceV empowers anyone to automatically and quickly assess and discover compromised endpoints through malware identification that traditional detection methods miss.  This enables a starting point for forensic analysis and timely remediation all in an automated and highly efficient workflow.

An API is available today to tie SIEM and other security technologies into Infinity and capture its advanced threat knowledge.  Forthcoming endpoint solutions will also protect the most vulnerable attack vector in place today.

IT Specialist:  Turning to Cylance as a company, are there any customers or case studies you might want to highlight? I would imagine Cylance works with both government and commercial customers?

Greg: At present we are locked down by NDA to not share our company or government engagements. Over half of our company is 'clearanced' for government and highly sensitive environments.  We are working on public endorsements. 

IT Specialist: you recently raised $15 million. Who are your core investors, and what drove them to make a commitment to Cylance?

Greg: Our investors include founders, angels and two experienced, successful security venture investors. Khosla Ventures out of Menlo Park, CA and Fairhaven Capital in Boston, MA.  As leading early stage investors, they recognize the huge, global challenges of network security and the current lack of innovation.  They recognized the proven achievements of Cylance’s founders and believe in the vision that prevention is possible.

IT Specialist: Finally, for customers who might be interested in working with Cylance or trialing your technology, what is the best way for them to engage with you?

Greg: Those interested to learn more are invited to visit our website at and visit our contact page to eitherwrite us or call us at 877-972-3363. Finally, to learn more about our philosophy on the state of cybersecurity today, feel free to visitour blog.

IT Specialist: Thanks for taking the time to answer my questions today Greg. It sounds like you really are trying to create a new paradigm for cybersecurity, and I wish you the best of luck.

Showing 0 Comment

Comments are closed.