File this under commentary. Prelude: A very famous quotation, "Those that forget the lessons of history are doomed to repeat them." This approach has been tried before. Remember Threatfire, Prevx, Dynamic Security Agent, etc.? None of those products exist today. Prevx technology was incorporated into the Webroot product line. These products failed for many reasons but most notable are: 1. The hardware capability didn't exist at the time to support the every increasing development of algorithms to keep the products viable. 2. The cost of maintaining such sophisticated products in light of ever increasing Win OS enhancements became cost prohibitive. Point 1 no longer is a limiting factor. Point 2 also has been mitigated to a large degree since we are seeing the end of development life in Windows based desktop OSes. However as noted in a prior posting, MIT just completed research in this area using advanced algorithms that are not publically released and are much more advanced than used in any currently available commercial product. The results yielded an effective protection factor of 85% against todays current malware. Bottom line - unless this new AI technology exclusively can produce malware blocking rates in line with current technology employed by today's top ranking security products, I am not interested.
From your linked article. " Dell evaluated dozens of companies for the partnership opportunity, looking for an on-the-box and cloud solution that had a high degree of detection accuracy and an effectiveness rate of about 90 percent. Cylance fit the bill, Hansen said." 90 % that seems pretty good.
I am retired now. During my 40 year IT career, I held a number of positions that would qualify me as an insider so to speak as to how large corporations make hardware and software purchasing decisions. Cost, capability, and availability were in most instances not the most important factors in product selection. Rather, internal company "politics" was the most important factor on what vendor would be selected. In determining why a product was selected, the processes after the fact involves "connecting all the dots" so to speak. In my personal opinion, the factors involved in the Dell purchase decision of Cylance software was financially motivated. Dell is a major supplier of hardware and software to the U.S. government. The U.S. government is a major financial backer of Cylance. Do I need to continue ..................?
itman wow I was not using computers in 1976. And so what companies foreign or USA are not tied to any gov, that are worth their two cents of salt? Most are tied in so me shape or form.
The "days of hard iron" my man. IBM 360's were the in thing in those days. A huge machine was considered anything with a 560K of memory.
Cylance Review: Real world threat test vs. Sophos by Sophos https://www.youtube.com/watch?v=95omp6-I58k
That was Fun Obviously Sophos get annoyed enough by Cylance claims, the Empire Strike Back Sophos is a well known topnotch contender in the endpoint security business, no surprises there. Cylance doesn't even let you control anything, i know why now, it is just a scanner lol I love the hash modification part, i had the laugh of the day. Thanks @FleischmannTV
A slight OT: Sophos exploit protection, as shown by the video, is the great technology that came from Surfright HitmanPro.Alert, right?
Exactly! I wonder how this "test" would have looked like before they implemented HitmanPro tech. Run the same test with Sophos Home and see what happens... /E
I tend to agree. Though in this case, Cylance have made several such videos where they compare their own product against <insert vendor> to post on their youtube channel. Not sure if they have done one of Sophos though.
if you watched the video; at the beginning the guy said that Cylance disabled some features of the other competitors
Great video! Does show the marked protection contrasts of a full featured security solution versus a specialty product like Cylance. Most illuminating and disturbing in my opinion is at the end of the video, Sophos shows strong evidence that Cylance is not 100% behavioral as claimed. Appears Cylance is additionally using some form of blacklisting and hash to detect malware. Worse, when the malware sample's code was modified thereby changing the hash, Cylance didn't detect it.
And they did not ? I have not watched all of the videos that Cylance have made of "Cylance V.s XXX". I just see they've posted several on their youtube channel (Cylance Vs. Symantec, ESET, McAfee to name a few). Now, what is true, false or bias in all this, I pass on trying to figure that out
Shhh it's very innovating They've developed a so called "next-gen product" by taking advantage of the expensive but needed R&D of other vendors in using signature based tech "from the 80's" via a web service....ohhh how "next-gen" that sounds like. I leave that to the experts
"Cylance doesn't even let you control anything, i know why now, it is just a scanner lol" somebody here mentioned a rumor that they might release a user control system of some sort in july. I guess I will know since I spent the bucks to try it out. I downloaded grcs leak test the other day and tried to install it and cylance detected it as a threat for some reason. never tried uploading it to VT yet.
And if Cylance continues to detect it afterwards, then it must be the "next-gen" part of Cylance that is hard at work.
downloaded it again but when I try to upload to VT I get a do not have permission pop up. also file is labeled as a system file for some odd reason. on a side note my computer just updated to new os build yesterday.
the odd thing is right after I download the leak test again it shows the leak test icon but after about 10 sec. it changes. I suppose I could try renaming it before it switches. the screen shot above it what I get when I try chose the file to upload using VT upload interface.
ok I re-downloaded leak test and quickly changed the extension to random letters. before I could upload it to VT the file was gone. suppose to get a pop up from cylance if something is quarantined but nothing. took at look at the gui and sure enough cylance had taken it. so it appears once it take the file it adds a special permission to that file so if you download it again with same name it once take it but it won't allow you to do anything with the file with same name, if name changes it will take it again. hope that makes sense.
Maybe Cylance "locked" it to prevent you from doing anything with that file, they labeled it as a "threat" after all. And even if you re-download the file, they may remember it from the last time it arrived in your computer. edit: I noticed the above post now.
yes once they latch on to that hash or whatever they will not let you upload it to VT. they drop your rights to that file some how. the first time they simply take the file, next time you down load it, they don't take it again they just change your permissions. if you download it again and change the file name they grab that sucker again lol
I finally watched the video. I guess dell must be pretty stupid then to chose cylance as their endpoint security solution after supposedly looking at a dozen other solutions. and yes they do connect to the cloud every ten min. BUT may be it would have been a bit more fair for sophos to have compared their end point security to dells new solution. it appeared to me they used the consumer version like I have instead of the business version which included client control. but I will watch it again to make sure. https://www.dell.com/learn/us/en/vn...nces-availability-of-the-dell-data-protection yes I think someone should make their same comparison with Sophos's 9 nasty's using dells solution.
