the Presentation
Download
Report
Transcript the Presentation
Artificial Intelligence.
Real Threat Prevention.
Todd Radermacher
Renzo Saunders
$2.4B Worth Of Noise – Investment Focus On The Endpoint
The Cylance Approach to Security
Isolation
Whitelisting
AI
No Human-Derived
Detection Methods
Enterprise
Detection &
Response
Antivirus
Exploit
Prevention
© 2015 Cylance, Inc.
3
Buyers Guide: Secrets To Endpoint Security Evaluations
Framework Created By Former CISO of Intel,
Malcolm Harkins
10 Questions To Ask
4.5M Endpoints Protected – Stories From
The Field
Drivers Behind A New Endpoint Strategy
Cylance CEO – Stuart McClure
Former CTO of McAfee, Former
CISO Of Kaiser Permanente
Cylance Chief Scientist- Ryan Permeh
Former Chief Scientist of McAfee
Cylance CISO – Malcolm Harkins
Former CISO of Intel
9 Boxes Of Control
Control Types
RESPOND
Risk
Highest Risk
Highest Cost
Most Liability
Focus is on
Minimizing
damage – only
variables are time
to detect and time
to contain
DETECT
PREVENT
Lowest Risk
Lowest Cost
Limited Liability
Automated
End User Impact
Cost
Semi-Automated
Manual
Control Approaches
Source: Upcoming Release of Managing Risk and Information Security 2 nd Edition – Malcolm Harkins
Focus is on
Minimizing
vulnerability
and potential for
harm
9 Boxes Of Control
Control Types
RESPOND
Risk
Where most of the industry is focused
Highest Risk
Highest Cost
Most Liability
Focus is on
Minimizing
damage – only
variables are time
to detect and time
to contain
DETECT
PREVENT
Lowest Risk
Lowest Cost
Limited Liability
Automated
End User Impact
Cost
Semi-Automated
Manual
Control Approaches
Source: Upcoming Release of Managing Risk and Information Security 2 nd Edition – Malcolm Harkins
Focus is on
Minimizing
vulnerability
and potential for
harm
3rd
Party Data Feeds To Make Convictions?
#1
Source: cgma.org
Can We Test Offline?
#2
Source: gfi.com |
Will Your Behavioral Analysis / IOC’s Stop
Ransomware?
#2.1
Source: gfi.com |
Will you protect against packed malware?
Legitimate
Packer
Software
#3
Do You Have A Demo vs. Production Mode?
False Positives
Efficacy
#4
Is Your Comparative Marketing Accurate?
#5
Can I Consolidate? What Is Your Largest
Signature Based AV Replacement?
#6
Privacy? What Are You Accessing & Where
Does It Go?
#7
Weaponized Unstructured Data? Scripts?
Fileless Attacks via Memory?
Or
#8
End User Impact? Deployment & Required
Staffing Per 1K Endpoints?
#9
What Is Required To Do A POC?
“Don’t believe us. Don’t
believe our competitors.
Believe in yourself, and Test
It Yourself.”
Cylance CEO
Stuart McClure
#10
9 Boxes Of Control
Control Types
RESPOND
Risk
Where most of the industry is focused
Highest Risk
Highest Cost
Most Liability
Focus is on
Minimizing
damage – only
variables are time
to detect and time
to contain
DETECT
PREVENT
Lowest Risk
Lowest Cost
Limited Liability
Automated
Cost
Semi-Automated
Manual
Control Approaches
Source: Upcoming Release of Managing Risk and Information Security 2 nd Edition – Malcolm Harkins
Focus is on
Minimizing
vulnerability
and potential for
harm
ç
Impact Of The New Strategy In Cylance Community
th
1/10
|
th
1/40
70%
99%
ç
Market Validation
Visionary Quadrant Leader
“Cylance is easily the fastest
growing Endpoint Protection
Platform startup in the last ten
years.”
“…very accurate at detecting
new variants and repacked
versions of existing malware.”
Market Validation
Visionary Quadrant Leader
“Cylance is easily the fastest
growing Endpoint Protection
Platform
startupAutomation
in the last ten
“Intelligent
years.”
Steps
Up…CylancePROTECT
“…very
at detecting
usesaccurate
AI to validate
the
new
variants and repacked
risks”
Source: accenture.com/securityvision
versions
of existing malware.”
Market Validation
Visionary Quadrant Leader
“Cylance is easily the fastest
growing Endpoint Protection
Platform
startup
in the last ten
“Intelligent
Automation
years.”
Steps
Up…CylancePROTECT
“…very
at detecting
usesaccurate
AI to validate
the
new
variants and repacked
risks”
Source: accenture.com/securityvision
versions
of existing malware.”
What is CylancePROTECT?
Unrivaled Threat Prevention & Protection
PREdictive
PREvention
PRE-Execution
PRE-Zero-Day
Enterprise Ready
•
•
•
•
•
Malware | Exploits | Scripts
Microsoft Approved AV
Windows & Mac OS X
SaaS Convenience
PCI-DSS / HIPAA Compliant
Lightweight & Flexible
• 1-3% CPU / ~40 MB Memory Footprint
AI & Machine Learning Applied
ML & AI Applied To
Infosec
1.Feature Extraction
2.Regularization
3.Cross-Validation
© 2015 Cylance, Inc.
25
Cylance Unlocks the DNA of Malware
Elastic Cloud Computing Now
Makes it Possible
• We have 1000’s of nodes in AWS
• Algorithmic science puts machines to
work
Machine Learning Under the
Hood
① Collect both good & bad files
② Extract features
③ Train & Vectorize features
④ Classify & Cluster
⑤ A.I. produces confidence score
Threat Indicators
• Anomalies, Destruction
• Data Loss, Deception
Deployment Process
Topics:
•
Deployment
•
Console navigation
Detections
Topics:
•
Review detections
•
Policy development
•
Zones
Topics:
•
Memory protection
•
Enable quarantine
Hosts
Stage 2
Stage 1
Policy
Monitor only
Stage 3
Auto quarantine
ATQ +Memdef
THANK YOU
Todd Benshoof
[email protected]
818-434-1637
Thank You.