Slyguy

Level 40
Cujo home protection product is dead. Consumer website is offline. Only a business website remains. The product is going discontinued.

Consumer site gone;
https://www.getcujo.com/smart-firewall-cujo/

However it's reborn... Apparently it will use Cylance on the home network, and they partnered with a bunch of firms to provide it as a service to customers.

Cujo will use Cylance;
CUJO AI and Cylance partner to protect the connected home using AI - Media Releases - CSO | The Resource for Data Security Executives

Comcast is launching home IoT AI Protection with the new appliance;
Comcast launches Xfinity security service with Cujo AI

Comcast xFinity xFi Advanced Security will protect all your connected devices for $5.99/mo

Charter Cable is doing the same thing;
Charter Picks Cujo AI as In-Home Network Security Partner | Light Reading

Of course, AI protection on the network isn't new. Gryphon already does this reliably and with fantastic performance. Something Cujo never accomplished on their own, and it remains to be seen what they will offer with Cylance on board. Also it is telling that Comcast would pick Cujo, who have long been known for harvesting a LOT of user data, and also for having security issues, and open remote access into the Cujo itself by their employees without authorization from the customer.. Given Charter and Comast's lust to track/follow/log all user activity, I'd be incredibly suspicious over any offering from them. But that's just my opinion.
 

Burrito

Level 7
It’s the ‘Security through Obscurity’ principle.

Malware writers always test their malware against selected AVs. They tend toward the AVs that are the biggest. Malware developers have an inherent advantage in that they can tweak, re-pack and obfuscate malware until it works against their selected AVs.

So… when Cylance gets big enough, malware developers will start testing against Cylance… again, tweaking the malware until it works.
Some AV solutions like Crowdstrike Falcon have developed techniques to try and detect malware testing to rapidly defeat the testers.

As Umbra astutely states, this flawed paradigm is an argument for default-deny solutions.

Cylance did come up with a better machine-learning algorithm. There are several public tests that demonstrate this, I’ll post a piece of an industry test that demonstrated it. As far as I know, this test has never been posted here at MT.

1547947482120.png


This is from 2017 from German organization iT-Cube Systems AG. An industry rep emailed it to me.

They didn't test with the intent of making sure that everybody scores above 90% to protect possible future testing revenue.

And that's when Cylance got my attention.
 

Slyguy

Level 40
It’s the ‘Security through Obscurity’ principle.

Malware writers always test their malware against selected AVs. They tend toward the AVs that are the biggest. Malware developers have an inherent advantage in that they can tweak, re-pack and obfuscate malware until it works against their selected AVs.

So… when Cylance gets big enough, malware developers will start testing against Cylance… again, tweaking the malware until it works.
Some AV solutions like Crowdstrike Falcon have developed techniques to try and detect malware testing to rapidly defeat the testers.

As Umbra astutely states, this flawed paradigm is an argument for default-deny solutions.

Cylance did come up with a better machine-learning algorithm. There are several public tests that demonstrate this, I’ll post a piece of an industry test that demonstrated it. As far as I know, this test has never been posted here at MT.

View attachment 206756

This is from 2017 from German organization iT-Cube Systems AG. An industry rep emailed it to me.

They didn't test with the intent of making sure that everybody scores above 90% to protect possible future testing revenue.

And that's when Cylance got my attention.
This test is pretty accurate based on our own lab results and some of my own contacts. Trend Micro is absolutely abhorrent in detection even with their updated APEX system it's still pretty average at best. We've noted a 40-60% maximum detection rate with Trend Micro under larger scale deployed test situations.

A 35,000 endpoint organization I work with has Cylance Protect deployed and has never had a real protection across their deployments. I like it for this reason. Of course, it's also combined with a UTM/NGFW on the gateway and that has to be factored as part of the equation. (a big part)

Unfortunately a lot of firms have a thing for Cisco AMP right now.. Total garbage. Immunet rebranded and costing way way more with the Cisco logo slapped on and consuming 15-30% of CPU on endpoints... Good lord..
 

Slyguy

Level 40
But Burrito's core point is accurate.

Now with many customers of Charter+Comcast having Cylance, you can bet it's protection will tank. It's surface will be too large to ignore and it won't be nearly as effective at some point coming up perhaps? Also note, Cylance is on ALL Watchguard UTM/NGFW devices.. Further increasing it's exposure, and threat surface.

Gryphon uses ESET, but from what I understand the AI/ML in Gryphon is not a licensed API, nor has it been disclosed or licensed out to anyone else. So bypassing it would require a pretty expensive and detailed tailored operation. Since Grypon isn't nearly as popular as the entire comcast and charter customer base, that's unlikely to happen. Also since Gryphon has no known bypasses, backdoors or vulnerabilities, and no LAN OR WAN facing administration/access (including no SSH, Telnet, 80/443 Gui, etc) that pretty much closes off the rest of the exploits. With exceedingly limited on-device only logging that clears constantly, scooping up data leaving it won't be an option either.
 

Slyguy

Level 40
I wonder if current Cujo Owners will have their appliance updated with Cylance if that is even possible or do they turn into expensive paper weights?
You won't be installing Cylance on those crappy low powered RaspberryPI Cujo's that's for sure. However they could in theory update it as a SaaS device. But the fact they've discontinued it entirely and have removed their consumer website seems to indicate that Cujo owners bought a paperweight. So I would assume a class action lawsuit will follow if refunds aren't given. Cujo was never good, but apparently has a good marketing/sales team to convince Cylance to join them, then to convince Charter/Comcast to give them millions?

But then again, Charter is hideous, and Comcast is even more hideous so it's a good partnership perhaps of hideous stacking up to try and form something not so hideous. :)

If anyone purchased one from Amazon, regardless of when, I would escalate it to Amazon T2 support and get a refund label outside of the normal refund window. Amazon will do this... If they refunded my WiFi Thermostat two years after I bought it due to a recall (and other things I have refunded) they will do this for Cujo owners.. Then take the credit posted on your account and buy a Gryphon.(y)