why do you get irritated? you work for Cylance? @itman just point out what Cylance "forgot" to mention. When a vendor like Cylance claim to be "better than..." , they exposed themselves to people who will check the veracity of their claims; especially when their product has some "shady" aspects.
"why do you get irritated? you work for Cylance?" lol no!!!! I bought the 60 dollar home version I have to think it is ok, otherwise I will feel bad about my purchase and then someone might have put one too many in my cereal again.
No nefarious motives or anything like that. I have no affiliation in any capacity with any security vendor. I go on a "mission" so to speak whenever I see a security vendor making claims that are not supported by research science and most importantly, proper independent third party testing of the product's capability. For what it is worth, there is a specific reason why established security vendors use the methods they do in their products. They have been shown over time and verified to be the most effective solution available. Take signature detection for example. The major security vendors would like nothing better to get rid of them. Maintaining and servicing them is a labor intensive, troublesome at times, and therefore costly procedure. Since these companies exist to make a profit, they will be the first to get rid of signature detection if they found another less costly alternative that provided the same level of protection. Finally there is the question of if a new detection method is actually "new and revolutionary." The simple fact is AI detection methods have been and are presently deployed in most of the major security vendor products. Heuristic detection has been around a long time and is probability based. The advanced memory scanning used for example in Eset products is execution based protection based on behavior analysis. And the list goes on and on. The only thing that has changed recently is that more advanced mathematical models have been developed that have the potential to provide more reliable behavior analysis and therefore improved detection of new malware. Many of these algorithms are currently being introduced into existing security solutions. Symantec's Sonar for example is using them. But they are only being used after the vendor has thoroughly tested them through internal lab and independent testing and verified that they are better than existing probabilistic solutions.
~ Removed Copyrighted Image ~ per tech support. "There are two version of Cylance . The one with CylanceV with the version 2.xxx and the other which connects to on line cloud version 1.2.13xx" now look at screen shot and tell me which version was used for the Symantec verses cylance test. the screenie was taken from that PDF itman posted a link to here. http://www.av-comparatives.org/wp-content/uploads/2016/02/avc_mrg_prot_2016_02_24_cyl_sym_en.pdf my home version is 1.2.1370.99 I forgot to grab the same screen shot from the Sophos verses cylance before it was taken down.
ok I read that again and my mind seems to not see the same thing for some reason. it says they asked for a lic of CylanceProtect and were for whatever reason turned down. they then said a third party granted access to a lic for Cylance. for some reason my eyes are missing the part where version 2.0 was mentioned. the only thing I see from the from the PDF was they used version 1.2xx which depens on the cloud and cylance v is not suppose to. I still do not understand the cylance v . if you look at their product list it is not mentioned but if you look at their blog they list three flavors of cylance v this was from 2013. https://blog.cylance.com/why-v so yes I am still cornfused.
More news on the Cylance vs Sophos blow-out: In an email statement to CRN this weekend, Schiappa said Cylance’s response was to “threaten legal action against one of its reseller partners” and “demanded that the reseller ask us to take down the video.” Schiappa said Sophos took down the video while the situation was being clarified. “To be clear, Sophos has not been contacted by Cylance and to our knowledge Cylance has not disputed the accuracy of any information contained in the video. Furthermore (and like with all Sophos-produced material), Sophos stands by the validity of the information we publish,” Schiappa said in an email to CRN. “Effective cybersecurity solutions are needed now more than ever. Sophos values innovation, truth and authenticity, and so do I.” In the blog post, Cylance said that after tracking down the partner using information from screenshots shown in the video, the reseller partner in question was alerted to its employee’s alleged involvement in the video. The company said the reseller partner “quickly sided with [Cylance]” then contacted Sophos on its own to have the video removed.” Ref.: http://www.crn.com/news/security/30...h-a-reseller-partner-caught-in-the-middle.htm
my product came from a reseller and not cylance. mine came from malware managed. "the test in the video? looked to be the endpoint; after all there is no point of comparing an endpoint solution with a home solution. Anyway, the important part of the video is valid for both versions, so it doesn't matter which one is used" I already proved they did not use the full blown endpoint version for the test against Symantec. they used the version I had originally. only reason mine is a higher version is they updated it because it was shutting off windows defender as so many other security software do. I asked them about it and they fixed it in my build. as you can see from my version, and looking at my post above, they were not using as I said the full blown version.
Let's try to de-mystify Cylance. Below is my best interpretation of what they offer in both the home and enterprise environments. You can access the Cylance web site: https://www.cylance.com/products-protect for further details. Home version CylanceProtect - basically an AI based behavior blocker powered by their "Infinity" engine. Enterprise Version CylanceProtect - basically an AI based behavior blocker powered by their "Infinity" engine. Console - group and device management plus cloud support. Application Control(optional) - whitelisting and anti-exec capabilities Memory Protection(optional) - self-explanatory Have no idea what the optional components cost but my gut tells me $$$$$. Interestingly, Cylance is marketing the Application Control as an alternative to using the AI behavior blocker? Makes no sense to me why any enterprise environment would buy this since they already have equal Win features like group policy, SRP, AppContainer, etc. that do the same thing. Appears Cylance is offering a managed solution to do the same activity: Because of its predictive model, CylancePROTECT is the best solution for dynamic environments where users are frequently installing/updating applications. But, what about a solution for fixed-function devices with a low change factor such as data center servers, point of sale systems, industrial control systems, ATM’s and kiosks? For those environments, the best solution is CylancePROTECT+AppControl. I have seen marketing "mumbo jumbo and voodoo dances" in my IT days but Cylance appears to have reached "new heights" in this area.
same product, wherever you buy them. it doesn't matter; in the Sophos video, the so-called AI engine didn't detect the malware after a slight change on its code; means either they use hash comparison somewhere via the cloud or the AI is not smart at all. i'm sorry if it doesn't please you, but Cylance seems more based on claims & hype than efficiency.
Appears also IT depts. have big budgets these days? Dang - nothing like working when money mattered. You can buy Eset Endpoint for $15 a license w/ 5 license minimum. Other endpoint products similarly priced. And as has always been the case in mega license purchases, established vendors give corresponding mega discounts.
"I have seen marketing "mumbo jumbo and voodoo dances" in my IT days but Cylance appears to have reached "new heights" in this area." lol yes it does look like if you want all features you have to buy extra ad ons. I don't understand it. all I know is if you buy the home version, you have no control and malware managed does its mumbo jumbo administering it. if you buy from cylance, I think they do but again could be way wrong on that part. I did see some stuff on cylance + protect but still not sure how all that works either. so anyway to me it looks like the tests were done without memory, script and apps control, which would explain the poor performance. I still don't know for sure. looks like cylance plus threat zero gives you memory, script and apps control which my version does not do but as you can see from my sig, I have it covered anyway lol ya know it is hard operating on your last gray cell matter.
No. This .pdf explains what ThreatZero is:http://innetworktech.com/wp-content/uploads/2015/11/CylancePROTECT-Threat-Zero-Services.pdf ThreatZero is where Cylance personnel will actively monitor your installation and provide malware remediation services.
Moderation note: We've receive two requests from MRG to have some posts removed from this thread which they stated contained factual inaccuracies in regards to their test. We have removed those posts. Also, they've asked that MRG not be discussed further in this thread. As such, no additional mention of MRG should occur from this point forward. Thank you for your cooperation.
Came across a web posting by Bluecoat on how they are using Cylance which in my opinion is how the product should be utilized. Note that Cylance employs no sandboxing capability and the sandboxing referenced is being performed by the Blue Coat product: After Content Analysis determines that a PDF, EXE, DLL or Object Link Embedding (OLE) file has not been scanned before, isn't on the file whitelist, and isn't on the file type exception list, it examines that file with the on-box Cylance Static Analysis service. This service uses advanced artificial intelligence algorithms to identify and block malware, and can be used to greatly improve the chances of identifying malware. The Cylance engine scours files for unique identifying features and converts those features into a numerical value. That value is and run through a proprietary algorithm to produce a score. This score is a predictive indicator of whether the file is malicious or not. To take action on the static analysis score, two threshold options are available: Block and Sandbox. •Scores equal to or above the block threshold are blocked immediately with no further analysis. •Scores below the block threshold are forwarded to the available antivirus engines, and if clean, forwarded to the requesting user. •Scores equal to or above the sandbox threshold are forwarded to the configured sandbox services for additional analysis. •Scores below the sandbox threshold are scanned by the available antivirus engines, but are not subjected to sandbox analysis. Ref.: https://bto.bluecoat.com/webguides/...htm#Topics/Tasks/services_static_analysis.htm
itman, I was referring to this page. at bottom is shows comparisons https://www.cylance.com/products-protect-threat-zero nice article itman, thanks
Guess who just scarfed up Blue Coat? yup you guessed it ... Symantec. https://techcrunch.com/2016/06/13/symantec-grabs-blue-coat-systems-for-4-65-billion/
Someone made a nice profit in this deal noting it was bought for 1.3 billion in 2011: https://techcrunch.com/2011/12/09/i...ty-company-blue-coat-for-1-3-billion-in-cash/ Makes a logically jump for Symantec. They can offer one integrated solution, gateway and endpoint protection, to their enterprise customers. Also gives them a chance to reverse engineer Cylance's AI engine or most likely replace it with their own AI scanner version they have been developing,
so the AI war is ongoing now between Dell & Symantec to name a few of the big players. of course reverse engineering is illegal AS I am sure Symantec knows. still wondering if cruelsister was right and maybe dell is going to snatch up cylance. I see some regular posters here have written this thread off as a waste of bandwidth, what do you think itman?
Latest from the Sophos blog. Excerpt: For months, Cylance has sought to dazzle audiences with its “Unbelievable” demonstration, staging well-choreographed battles against other IT security vendors, including Sophos. The exhibition ends with Cylance delivering near-perfect scores while everyone else (predictably) shows lackluster results. Yet when the playing field is leveled, and Cylance’s product comes under real scrutiny, the company cries foul, puts the fear of lawsuits into the minds of its partners, and accuses others of “smoke and mirrors” tactics. At a recent Chicago event that Cylance held, one Sophos customer in the audience asked to see how the Sophos product was configured for Cylance’s “Unbelievable” demo. On reviewing the settings, the customer discovered that key (and default) protection settings had been disabled. When the customer insisted that Cylance enable the proper default configuration and re-run the test, Sophos beat Cylance. The same behavior has been reported by multiple other vendors, including the disabling of everything other than hash lookups – an unfair test to say the least. After seeing these demos and hearing numerous similar stories, we instructed our technical team to evaluate the Cylance claims so that we could test their validity. We focused on making the comparison fair, factual, and balanced using default and vendor-recommended settings. Sophos didn’t cherry pick or manipulate malware for the test. Ref.: https://blogs.sophos.com/2016/06/29/thoughts-on-comparative-testing/
pretty sure this thread will dissolve into nothing land and Dell with still make money ... itman if you had to bet which one comes out on top , Dell or Symantec, which onee would you pick? basing this on Dell has hardware, Symantec does not.
To early to tell. However if Dell decides to take on the traditional endpoint market, you're declaring war on all the endpoint vendors.
Cylance, Sophos and Symantec are all great products, but I suppose if someone was interested in seeking the absolute truth, they would simply test the products themselves.
