“Near perfect” APT innovation will prove tempting for skilled IT security staff: Cylance

Despite a dearth of highly-qualified IT security specialists overall, the availability of new opportunities for innovation should make it easier for novel security companies to bulk up their Australian and regional employee numbers, the recently appointed Asia Pacific general manager of nascent security provider Cylance has predicted.

After around six months in stealth mode, venture capital-backed Cylance – a nine month-old company whose Presponse product and service capabilities will be rolled out over the year – recently opened a Sydney office from which regional GM Paul Wilcox and his evolving team will service the entire Asia-Pacific region.

Presponse, which examines binary or DLL files for telltale characteristics of malicious behaviour, had shown a “near perfect” detection rate in trials and customer beta testing to date, and would soon ship to into a market where innovative security tools have rapidly appeared in response to the dangers poised by targeted advanced persistent threats (APTs).

“We’re not picking things apart or detonating them,” Wilcox told CSO Australia. “The approach we’re using is more actuarial: we might look at 10,000 characteristics we determine that might be bad, then plot a piece of code at a certain point on the map and determine that it’s a threat or not.”

“We only need 100 characteristics to make a good decision, although if it gets hard we may need a thousand. And we can escalate it to the cloud if we need to. We’ve got a group of people going out there, sniffing out what’s going on out on the Internet, and looking for vulnerabilities.”

Cylance made waves last month with the high-profile discovery that building control systems at Google’s Sydney headquarters were open to exploitation because they were running an outdated version of Honeywell’s Niagara framework that allowed the extraction of usernames and passwords.

While that area of security “wasn’t something we sat down and did the business plan around,” Wilcox said the subsequent uproar – and revelations that countless other companies were similarly exposed – had reinforced the importance of building-systems integrity in most companies’ overall security postures.

“Whereas historically one might have thought that would be limited to critical [utility] infrastructure, it appears that it plays out to the broader enterprise market,” he explained. “Pretty much everybody has one.”

Such notoriety may have raised the company’s local profile, but it also highlights what Wilcox believes is a culture of innovation – reinforced by the Presponse system’s attempt to “skin the cat in a different way” – that will put him in a strong position when recruiting IT security specialists to bulk out his regional operations.

Although Australians “gravitate towards new technology a lot quicker than most,” he said, anecdotal reports of IT security skills shortages were real. “The elite top echelon of employees that companies like us are looking to grab, is getting harder to find,” he said. “A lot of them are going overseas and taking positions elsewhere.”

“However, we’re fortunate that the cutting-edge stuff we’re doing tends to attract people a bit more easily. The ones that are really on the cutting edge, and have really acute minds, are looking to jump into a company like ours. Since we announced what we were doing, I’ve gotten a lot of phone calls from a lot of really good people who want to know what they can do.”

Join the CSO newsletter!

Error: Please check your email address.

Tags CylanceAPTs

More about CSOEarthwaveEarthwaveGoogleHoneywellNiagara

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place