- May 16, 2018
- 1,363
Cylance Report Reveals Malware and Tactics of OceanLotus Group and Weakness of Traditional AV
Inner Circle Podcast: Episode 009 - Scott Scheferman Explains Predictive Advantage
I think Cylance actually provides a predictive advantage in some cases. Where it has been tested now multiple times.... years-old Cylance would have caught zero-day malware (and ransomware) of today.
But... isn't this somewhat a matter of security through obscurity? Malware developers test malware against products and systems until it can penetrate. So when Cylance develops enough market share, won't some malware developers just test it against Cylance until it works? Machine learning is great. But I think there are definitive limits.
But right now... in the unlikely event that you are hit with a certain type of zero-day, Cylance could be great.
I run Cylance on several systems. It's super-light and totally unobtrusive. And for certain malware types, it is a great line of defense.
But... I believe that Cylance -- for me -- will never actually catch anything, as my other security measures would catch it first. I'll never actually get hit with a zero-day that penetrates everything else.
In the meantime, I have my exotic insurance policy (Cylance), which I get for free, which might stop that very unlikely zero-day in the future.
Cylance -- great, effective and innovative online security that you will probably never need.
We also talked about the power of machine learning and the impact of predictive advantage. While many of the household names in antimalware and traditional security tools may struggle to identify and block these threats until or unless vendors capture a sample to reverse engineer and develop the appropriate signatures, Cylance has been able to detect all of the variants for more than two years. For some variants, the predictive advantage for Cylance is as much as three years. In other words, if you installed Cylance two years ago and never updated it again, it would still be able to protect you from these OceanLotus Group attacks.
Inner Circle Podcast: Episode 009 - Scott Scheferman Explains Predictive Advantage
Traditional antivirus / antimalware solutions rely on giving the attacker the first move. There has to be a “patient zero” that gets infected, or some other means of detecting a threat in the wild before there can be a defense against that threat. The antimalware companies capture and reverse engineer the threat to develop a signature that recognizes and blocks it…once the signature is available and deployed on your system. Before that point, you’re still vulnerable. During the lag time between the threat being detected and you applying the appropriate signature, you’re still vulnerable.
I think Cylance actually provides a predictive advantage in some cases. Where it has been tested now multiple times.... years-old Cylance would have caught zero-day malware (and ransomware) of today.
But... isn't this somewhat a matter of security through obscurity? Malware developers test malware against products and systems until it can penetrate. So when Cylance develops enough market share, won't some malware developers just test it against Cylance until it works? Machine learning is great. But I think there are definitive limits.
But right now... in the unlikely event that you are hit with a certain type of zero-day, Cylance could be great.
I run Cylance on several systems. It's super-light and totally unobtrusive. And for certain malware types, it is a great line of defense.
But... I believe that Cylance -- for me -- will never actually catch anything, as my other security measures would catch it first. I'll never actually get hit with a zero-day that penetrates everything else.
In the meantime, I have my exotic insurance policy (Cylance), which I get for free, which might stop that very unlikely zero-day in the future.
Cylance -- great, effective and innovative online security that you will probably never need.