Cylance started life in 2012 with the express goal of blocking malicious applications before they have an effect on a computer. It was founded by Stuart McClure and Ryan Permeh, following McClure’s revelations, while working for McAfee, that he did not trust any existing anti-virus application.
McClure’s argument was the security industry was largely focused on anti-virus and malware “signatures” – sequences of program code or other previously established patterns that identify the malicious program.
As such, these programs offered no protection for zero-day exploits until the anti-virus researchers had a sample to diagnose, constructed and distributed appropriate signatures, and the anti-virus installation had updated.
With Permeh, McClure sought to codify an intelligent algorithm that could replicate the same thought processes and analysed software, good and bad, in rest and running, to identify thousands and thousands of useful parameters. This data was fed into the algorithm and, through training, proved able to successfully evaluate if a given application was malicious or not.
So successfully, Milind Karnik, vice-president of Engineering, explains Cylance has had customers report their Cylance PROTECT product protected them from WannaCry, even though they were running a two-year-old version at the time.
Cylance’s algorithm is embedded within the Cylance PROTECT client, Karnik explains, without any need for signature updates or to upload specimens to a cloud for advice; the power to protect is right in the desktop client.
This client contains the same algorithm and thus degree of protection whether one runs the consumer or enterprise edition, Karnik says, though the enterprise version, as expected, provides facilities for administrators to centrally manage the app.
The machine-learning approach to endpoint security has propelled Cylance past $100 million revenue, as announced on 29 January, representing 177% year-over-year growth due to the support of 3800 enterprise customers.
Within Australia, these enterprise customers include Australian Museum, Investa, B&R Enclosures and the REA Group, operating Australia’s largest residential, commercial and share property websites such as realestate.com.au.
Craig Templeton, CISO of REA Group, said, “Cylance is one of those rare products that actually does what it says on the tin, without huge customisation. Once deployed, Cylance PROTECT enabled us to free up resources, so we could focus effort on the things that are most important knowing that Cylance has our back.”