​Smarter End-point protection: Stuart McClure from Cylance

A lot of security books are written. Stuart McClure, CEO of Cylance, is the author of “Hacking Exposed: Network Security Secrets and Solutions”, the best selling computer security book ever sold

We spoke with him this week at the annual AISA Conference.

McCLure left his role as the global CTO for McAfee and founded Cylance about three years ago. The trigger – when asked what end point security he ran on his own computer he answered honestly saying he didn’t use any software. The trouble, says McClure is that the existing end point security applications on the market didn’t work.

“I had this idea that there had to be a better way to determine whether something was an attack of just normal behaviour”.

McClure reasoned that if he was able to use his brain to determine whether an application was acting anomalously or if an email was a phishing attack that the same should be achievable with software.

“I didn’t trust my computer to some random technology. I would just use my brain,” he says. “I’d look for suspiciousness”.

As a technical expert he was well versed in the use of software debuggers and other tools that are usually outside the expertise and experience of most end users. His success rate with this approach was 100% - he never suffered an infection or was subjected to a successful hack or attack.

This lead him to a revelation: “If my brain can do it why can’t I train a computer to do it?”.

The problem the computer needed to solve was simple – can software determine if something is good or bad before it’s opened or even reaches the user? Given that all attacks are launched from an end-point, being able to effectively protect the end-point from incursions is critical in negating

Read more: In digital economy's online pwn shops, Australian credentials command a premium

Two years after starting Cylance, McClure and his team had their first “math model” ready. Based on pure algorithms, they had a tool that was able to determine whether something was good or bad regardless of whether it had been seen before by the software or, indeed, anyone else ever before.

Given the way malware is mass produced these days this is a critical point of difference says McClure. Traditional signature-based end-point protection relies on the security software developer recognising the malware and deploying a signature to the client so the software can recognise the malware. Cylance’s approach is different.

Their software is an artificial intelligence engine that recognises malicious or unauthorised activity regardless of whether the application in new or previously known.

Although traditional anti-virus vendors have tried this in the past, McClure says they never took it far enough.

“They looked at 100,000 samples and 3000 features. We map to seven million features today – that’s one of the key breakthroughs: seven million ways to determine whether a file is malicious or not”.

“It’s sort of like if someone comes up to your house and they look like they shouldn’t be there. You’re not going to let them in the house. You’ve never seen that person before yet your ‘spidey-sense’ has fired off. That’s what the technology does – it blocks anything that look suspicious”.

The advent of fast processors over recent years has made it possible for this approach to work. Rather than matching the digital fingerprint of a piece of malware with a signature, Cylance uses artificial intelligence. This approach wasn’t possible years ago as the processor power needed wasn’t available.

“It takes about 10-20 milliseconds per file to determine whether something is good or bad,” says McClure.

Read more: Cybersecurity, Meet SAM

McClure says Cylance uses Amazon’s cloud to access enough compute power to create the math model. Once the model is created, it’s wrapped into the application which can then be deployed to end-points.

“The learning happens in the cloud and is pushed down to the end-point. There’s no need for any more updates or connectivity,” says McClure.

Updates to the algorithm are under constant development with update currently released every nine months or so. Updates to the model were more frequent when Cylance first launched but, as the model matured and was refined, they have been less frequent. McClure expects the model to be refined even less often.

“This is one of the big myths in the industry. Hackers use the same tools, same ideas, same concepts – they just use a different, fancier format”.

This is a key point of difference with traditional antivirus says McClure. Those vendors push out signature updates weekly or more frequently with each update sometimes hundreds of megabytes. Administrators then need to push these out to end-points. That operational overhead is substantially reduced by Cylance.

Cylance has relationships with Blue Coat Systems and Raytheon with their technology integrated into the hardware built by those companies. McClure told us other partnerships were coming.

McClure says the software has been deployed to very large enterprise enterprises as well as large SMBs thus far. However, he says a play for consumers is “inevitable”.


Join the CSO newsletter!

Error: Please check your email address.

Tags CylanceAsiamcafeeEnd-point protectionStuart McClure#AISAcon2015CSO Australia

More about AISABlue Coat Systemsindeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts