Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Cylance, Predictive Advantage
Message
<blockquote data-quote="Burrito" data-source="post: 773377" data-attributes="member: 72439"><p><a href="https://techspective.net/2018/10/26/cylance-report-reveals-malware-and-tactics-of-oceanlotus-group-and-weakness-of-traditional-av/" target="_blank">Cylance Report Reveals Malware and Tactics of OceanLotus Group and Weakness of Traditional AV</a></p><p></p><p style="margin-left: 20px"><em>We also talked about the power of machine learning and the <a href="https://techspective.net/2018/06/28/inner-circle-podcast-episode-009-predictive-advantage/" target="_blank">impact of predictive advantage</a>. While many of the household names in antimalware and traditional security tools may struggle to identify and block these threats until or unless vendors capture a sample to reverse engineer and develop the appropriate signatures, Cylance has been able to detect all of the variants for more than two years. For some variants, the predictive advantage for Cylance is as much as three years. In other words, if you installed Cylance two years ago and never updated it again, it would still be able to protect you from these OceanLotus Group attacks. </em></p><p></p><p></p><p><a href="https://techspective.net/2018/06/28/inner-circle-podcast-episode-009-predictive-advantage/" target="_blank">Inner Circle Podcast: Episode 009 - Scott Scheferman Explains Predictive Advantage</a></p><p></p><p style="margin-left: 20px"><em>Traditional antivirus / antimalware solutions rely on giving the attacker the first move. There has to be a “patient zero” that gets infected, or some other means of detecting a threat in the wild before there can be a defense against that threat. The antimalware companies capture and reverse engineer the threat to develop a signature that recognizes and blocks it…once the signature is available and deployed on your system. Before that point, you’re still vulnerable. During the lag time between the threat being detected and you applying the appropriate signature, you’re still vulnerable. </em></p> <p style="margin-left: 20px"></p><p></p><p>I think Cylance actually provides a predictive advantage in some cases. Where it has been tested now multiple times.... years-old Cylance would have caught zero-day malware (and ransomware) of today.</p><p></p><p>But... isn't this somewhat a matter of security through obscurity? Malware developers test malware against products and systems until it can penetrate. So when Cylance develops enough market share, won't some malware developers just test it against Cylance until it works? Machine learning is great. But I think there are definitive limits. </p><p></p><p>But right now... in the unlikely event that you are hit with a certain type of zero-day, Cylance could be great. </p><p></p><p>I run Cylance on several systems. It's super-light and totally unobtrusive. And for certain malware types, it is a great line of defense. </p><p></p><p>But... I believe that Cylance -- for me -- will never actually catch anything, as my other security measures would catch it first. I'll never actually get hit with a zero-day that penetrates everything else.</p><p></p><p>In the meantime, I have my exotic insurance policy (Cylance), which I get for free, which might stop that very unlikely zero-day in the future. </p><p></p><p>Cylance -- great, effective and innovative online security that you will probably never need.</p></blockquote><p></p>
[QUOTE="Burrito, post: 773377, member: 72439"] [URL='https://techspective.net/2018/10/26/cylance-report-reveals-malware-and-tactics-of-oceanlotus-group-and-weakness-of-traditional-av/']Cylance Report Reveals Malware and Tactics of OceanLotus Group and Weakness of Traditional AV[/URL] [INDENT][I]We also talked about the power of machine learning and the [URL='https://techspective.net/2018/06/28/inner-circle-podcast-episode-009-predictive-advantage/']impact of predictive advantage[/URL]. While many of the household names in antimalware and traditional security tools may struggle to identify and block these threats until or unless vendors capture a sample to reverse engineer and develop the appropriate signatures, Cylance has been able to detect all of the variants for more than two years. For some variants, the predictive advantage for Cylance is as much as three years. In other words, if you installed Cylance two years ago and never updated it again, it would still be able to protect you from these OceanLotus Group attacks. [/I][/INDENT] [URL='https://techspective.net/2018/06/28/inner-circle-podcast-episode-009-predictive-advantage/']Inner Circle Podcast: Episode 009 - Scott Scheferman Explains Predictive Advantage[/URL] [INDENT][I]Traditional antivirus / antimalware solutions rely on giving the attacker the first move. There has to be a “patient zero” that gets infected, or some other means of detecting a threat in the wild before there can be a defense against that threat. The antimalware companies capture and reverse engineer the threat to develop a signature that recognizes and blocks it…once the signature is available and deployed on your system. Before that point, you’re still vulnerable. During the lag time between the threat being detected and you applying the appropriate signature, you’re still vulnerable. [/I][/INDENT] [INDENT][/INDENT] I think Cylance actually provides a predictive advantage in some cases. Where it has been tested now multiple times.... years-old Cylance would have caught zero-day malware (and ransomware) of today. But... isn't this somewhat a matter of security through obscurity? Malware developers test malware against products and systems until it can penetrate. So when Cylance develops enough market share, won't some malware developers just test it against Cylance until it works? Machine learning is great. But I think there are definitive limits. But right now... in the unlikely event that you are hit with a certain type of zero-day, Cylance could be great. I run Cylance on several systems. It's super-light and totally unobtrusive. And for certain malware types, it is a great line of defense. But... I believe that Cylance -- for me -- will never actually catch anything, as my other security measures would catch it first. I'll never actually get hit with a zero-day that penetrates everything else. In the meantime, I have my exotic insurance policy (Cylance), which I get for free, which might stop that very unlikely zero-day in the future. Cylance -- great, effective and innovative online security that you will probably never need. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
