Ever Heard of Cylance?

Discussion in 'other anti-virus software' started by kerykeion, Dec 31, 2015.

  1. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Their product seems interesting, shame it's enterprise-only now. Though, I've requested for a demo.
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,927
    Location:
    U.S.A.
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,158
    Location:
    in a remote land :)
    what is more shameful , is that they gives the demo only to USA-based companies or individuals...
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Not sure why you call it shameful. May be restricted licensing issues involved that they have yet to work out.
     
  5. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,158
    Location:
    in a remote land :)
    they are a business , so they need a wide customer base especially if they are new in the market; and it is just a demo (no need licenses) ; how can they sell if the demo isn't available...unless they only need to sell in their home country. i hope they changed that protective behavior. i will try requesting a demo again, let see.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    True, with a big but. A lot of the new companies first start in their home country. Then when they go abroad, the need an infra structure in the new area. I'll be surprised if the give out a demo without first being able to talk with you. And once they find out you are an individual as opposed to a business, they might not even give you the demo.
    Reason is simple. Support costs make it unprofitable to deal with individuals instead of IT people.

    Good example of this is ShadowProtect. Desktop version for one copy is now $99. They are discouraging the home user. Again it's a support cost issue.
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,158
    Location:
    in a remote land :)
    you are right on this, but nothing prevent them to warn the individual reaquesting the demo that no support will be offered.
     
  8. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    It will cause bad publicity. Warn the customer all you want,when a major problem occurs, then no support = bad publicity.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I've read about it, but if it's really that good, why don't they release a consumer version? They are claiming they can spot about 99% of all malware, but I still don't know exactly how, because they are being a bit vague. And I also noticed that the CylancePROTECT anti-exloit component seems to work about the same as HMPA and MBAE, so it's nothing revolutionary.
     
  10. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
  11. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    "less than 1% of CPU and require no Internet connection or signature updates."
    https://www.cylance.com/

    If this is true the AV signature based industry is dead

    https://community.spiceworks.com/topic/833551-does-anyone-actually-use-cylance

    IMO this test is a joke, he is using virustotal.... a Symantec employee LOL

    http://www.symantec.com/connect/blogs/cylanceprotect-symantec-labs-analysis#comment-11539831
     
    Last edited: Feb 4, 2016
  12. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
  13. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    Both seem to be using artificial neural networks to predict if a file is malicious. While this is an interesting approach with a possibility good success return, some of their claims seem like word plays in marketing like their software not requiring victims. If the malicious file the user encounters has a similar pattern (for lack of a better word) then the algorithm can indeed detect it before it runs, however, they still need some data to introduce new coding patterns in malware. Wish they offered a consumer version with a trial or some audits from 3rd party labs, at least. The live shows they do, doesn't represent anything for me as you can effect and manipulate the results easily.
    PS: I did see the av-test report for Cylance.
     
  14. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
  15. entropism

    entropism Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    323
    Cylance is getting pretty good feedback from Spicework's forum. Basically it's a Webroot type product, works really well.
     
  16. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,158
    Location:
    in a remote land :)
    USA market only , pointless.
     
  17. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,071
    Location:
    Netherlands
    Why no use VoodooShield beta 3, it also uses Artficial Intelligence/Machine Learning.
     
  18. VoodooShield

    VoodooShield Developer

    Joined:
    Dec 9, 2011
    Posts:
    4,872
    Location:
    United States
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Cool, didn't even know about this. But I trial version is not available so it seems. Also, I watched some of the videos, and it didn't become clear to me how the malicious files are exactly blocked? Was it by AI, behavior blocker, or policy based anti-exe?
     
  20. VoodooShield

    VoodooShield Developer

    Joined:
    Dec 9, 2011
    Posts:
    4,872
    Location:
    United States
    From what I can tell, it is all pure Ai, and it automatically scans the entire hard drive. At first, I was not sure if Cylance was working or not (while it was performing its initial scan), so I decided to execute some malware. I had always heard that Cylance analyzes the files pre-execution, so I figured it would be utilizing some kind of anti-exe as well, but from what I can tell, it is not since the malware was allowed to run. The malware dropped some files, and Cylance ended up detecting them (I believe it caught all of the dropped files). Once the initial scan is complete, I will execute some more malware to see how it reacts... but from I can tell, it is basically a continuous automatic scanner, and very little user intervention is required or possible.

    There is also a discussion on the VoodooShield? thread, so we might want to either move the conversation there, unless you guys think it is better to keep it on this thread.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK thanks for the info, I will also check out the VS thread. If it's really more effective than current AV's it would be a cool thing. The thing is, in the last 10 years I've heard so many companies claiming to have developed revolutionary new anti-malware solutions, that I have become a bit skeptical.
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Per the AV-Test comparative previously referenced BitDefender, Kaspersky, Trend, and Sophos all received higher scores.

    No thanks on this product at this time.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Description per Cylance rep. from Spiceworks forum:

    The core technology works by inspecting a binary pre-execution to determine malicious intent, and either blocking execution or disallowing. We have additional technology that watches memory and running processes to ensure that they are not subject to exploitation via traditional exploitation techniques as well as return oriented programming (stack pivots, etc).

    Here's an actual malware report I extracted from Spiceworks.

    Following is Cylance Protect's report on why it blocked a particular toolbar application:

    •This PE is hiding something in its "relocations" area, and we're not sure what. The relocations area in a PE file is generally used for relocating particular symbols, but this particular object contains something else.
    •This object imports functions that are used to list files.
    •This object imports functions that can capture and log keystrokes from the keyboard.
    •This object imports functions that are used to gather information about the current operating system.
    •This object seems to be looking for common protection systems.
    •This object imports functions used to access and manipulate temporary files.
    •This PE imports functions that can be used to delete Files or Directories.
    •This PE imports functions that can be used to spawn another process.

    Sure looks like a probability based behavior blocker to me. Analysis ....... "If it looks like a duck, talks like a duck, and walks like a duck ........... Its a duck!" Also explains the high FP rate on the AV-Test report.

     
  24. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi itman,
    Please give link, in particular when quoting.
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Link given in reply #11.