On Cybersecurity and our investment in Cylance
What do Sony, Adobe, Ashly Madison and Target have in common? All of them have been hit by security breaches in the last two years (Forbes compiled a list here of 20 biggest data breaches of 2014). The media has several stories on this issue surrounding consumer facing industries like retail and healthcare but this is an acute problem that the enterprise broadly faces (as Sony’s case illustrates).
It is hard to visualize the shear amount of data being created and shared today — Cisco estimates IP traffic to reach 2 trillion gigabytes per year by 2020. While increased information security efforts are targeted towards the server side, at the endpoint, the last line of defense, the incumbent antivirus providers are struggling to keep up with the pace at which hackers are creating malware (what happened to UPS is a good case in point).
How antivirus incumbents are struggling with current speed of malware creation?
At the core of current antivirus solutions is the database of malware signatures. Research armies are constantly working to keep it updated. However the pace of updating is struggling to keep up with the pace of malware creation. Over 6 million new malware strains were created in 2014 which represents a 77% increase over 2013 and the pace is only expected to accelerate.
Attacks happening in the window of time between emergence of malware in the cyberspace and it becoming part of the antivirus provider’s database are called Zero-day attacks. And it is this period where traditional antivirus is useless against the malware that hasn’t been identified and updated in the signatures database.
What does the next generation of end point security look like?
Some of the features that enterprises are looking for:
- No dependence on signatures or daily updates
- Light on CPU and quick to react to malware
- Low false positive rate: every email attachment can’t possibly be evil. It’s only those that claim that you won a $1B dollars.
Cylance uses a machine learning approach to overcome the dependency on signatures. They extract the “DNA” of the files — millions of characteristics — and then use statistical models to determine if they are maleficent.
A good analogy is the interview process. Existing antivirus solutions are comparable to picking candidates based on keywords in resumes. That simply won’t work. Instead we have multiple rounds of interviews and reference checks to understand the candidate’s fit at a deeper level — motivation, background, aptitude etc. While resume key words are different for each candidate and job profile combination, the underlying drivers of candidate’s fit can be abstracted and every interviewer knows them intuitively.
Analogously, Cylance aims to build machine learning models to deeply understand files/processes to identify malware. This overcomes the reliance on surface-level signatures that can’t be updated fast enough to counter zero-day attacks. The concept seems simple but to build it with the constraints listed above is the complex piece. This is where we were impressed by the brains behind the startup.
Very few more qualified to tackle the antivirus problem than the ex-McAfee core team
Stuart McClure, co-founder and CEO of Cylance, was the CTO at McAfee (later at Intel Security). Stuart is also the author of the most popular security book “Hacking Exposed” and is a leading authority in the information security space. His co-founder Ryan Permeh was the chief scientist at McAfee.
As software eats the world, endpoint security becomes an increasingly vital enterprise issue across the globe. The Draper Nexus team is excited to help the highly qualified team at Cylance to tackle this issue.
Image Credit: Illustration by Jack Moreh
