The AI Cybersecurity Company that Began as a Sketch on a Napkin
Greetings astounding readers,
Welcome to another edition of PIE, where we interview the brightest entrepreneurs and VCs from Princeton and beyond. This issue’s featured founder is Stuart McClure, CEO of Cylance, a company that is currently valued at $1 billion+ and uses artificial intelligence to stop cybersecurity attacks. Prior to founding Cylance, he served as EVP, Global CTO, and General Manager at McAfee.
What was the motivation behind founding Cylance?
In 2004, I was asked to do a talk at the Rochester Institute of Technology. At the end of my presentation, a student asked me to show him my system tray; he said he wanted to know what I ran on my computer to protect myself. I looked at the front row and there’s the head of worldwide sales for McAfee sitting there. I’m like, you’ve got to be kidding me. Anyway, I said, “Look I don’t need to show you my system tray, I will tell you that I don’t use any security products and I haven’t since 1995.”
I knew what to look for and knew how to prevent these attacks. After answering this question once or twice a week for eight years, I thought to myself, “Why can’t we program a computer to think like me, to look for things just like me?” I’d somehow been able to prevent zero-day attacks left and right, so why can’t we program software to do that same thing? That’s how the idea behind Cylance came about.
What makes Cylance unique from other cybersecurity systems?
To secure their endpoints, organizations need to establish a prevention approach. In the past, signature-based security products were generally the only option. But as attack diversity has risen, these products designed to protect against known attacks struggle to deliver acceptable prevention. To make matters worse, these technologies are generally high maintenance, requiring scarce IT resources to spend time testing and distributing signature updates, troubleshooting performance issues, and rolling out frequent updates. If the products delivered superior prevention, these headaches may be worthwhile, but sadly, they fall well short. Cylance solutions provide businesses of all sizes with the chance to rethink their approach to prevention.
Our products deliver cyberattack prevention powered by artificial intelligence, combined with application and script control, memory protection, and device policy enforcement to prevent successful cyberattacks. Unlike traditional endpoint security products that rely on signatures to detect threats, Cylance delivers protection against common threats such as malware, ransomware, fileless malware, malicious scripts and behavior, and weaponized docs without the use of signatures or the need to stream data to the cloud. This approach eliminates the need for IT administrators to spend hours pushing out new signatures and software updates, freeing them to finally work on other projects that can help the organization grow.
Cylance offers something that no other security solution on the market can: zero-day attack prevention. We train our AI model against billions of behaviors, good and bad, so that it learns to autonomously convict, or not convict, behaviors and activity all pre-execution. The result of this massive, ongoing training effort is a predictive AI model that can block cyberattacks that will come into existence years into the future.
In light of the Facebook Cambridge Analytica data breach earlier this year, do you think that tech companies need to be more careful about security? Or are data breaches ultimately unavoidable?
We are living in a privacy sensitive world these days. No longer can we all frivolously share information as a vendor. The challenge is many companies are behind the curve, not sensitized to the importance of keeping private data private. As a result, we will continue to see large-scale breaches of the applications and services we rely on until security and privacy become board-level priorities. We need to think beyond the existing traditional view of security as yet another cost center and embrace next-generation security products that enable predictive prevention of attacks before they cause damage.
Back in the early days of Cylance, how did you convince the first round of investors to believe in your product?
Before Cylance existed, I sat down at a hotel bar in Santa Monica with Mark Hatfield, who was a partner at Fairhaven Capital at the time, now at 1011 Ventures, and Alex Doll, co-founder of PGP as well as former COO/CFO. I took a napkin and mapped out our vision for the whole company — the problem it would solve, how antivirus software doesn’t work, how we would use machine learning to teach a mathematical model to recognize malware, and how in two years we’d have a product better than anything on the market.
The code had to be built, but our vision and experience with what wasn’t working at McAfee and the ability to recruit smart people were key in attracting investors. We were taking a complex problem and breaking it down into something anyone could understand.
If you had free access to the world’s largest supercomputer, what would you do with it?
Build a math model to understand the origins of the universe and BSOD (blue screen of death) our way out.
—
And that’s it for this issue! Feel free to reach out if you have any questions or comments.
Check out our other interviews here!
