Testdrive X from Invincea - brilliant campaign to try out X (on hosted VM)

This links explains it all https://www.invincea.com/test-drive-x-by-invincea/

At this security forum we are great in throwing rocks at our Windows, to see whether it breaks. The test drive is an opportunity to break stuff, just not your own it is pretty effective against fresh malware packs I can say

For being someone who has criticized Sandboxie in the past, I was invited by Lee Lawson of Invincea to test drive it. From a marketing perspective a brilliant move (embrace your enemies). I must say a well deserved 10+ plus for sportsmanship (compare that to the growling responses of some other vendors faced with critique). Invincea, you just turned a critic into a promotor, well done

 

Interesting, my fantasy is that companies like Invincea, Crowdstrike and Sentinel One will release consumer versions. If I'm correct, Cylance was planning to do this, but haven't heard anything in months. And I really need to do some reading on AI/Machine Learning, because I haven't got a clue how it works.

 

Agree, Interesting development. My bet is that Machine Learning will be incorporated like behavioral analysis in all meanstream AV's in a few years from now.

AVG beta 2017 with its own software analyser (old Primary Response Safe Conect Behavorial Blocker) and Avast's reputation management and cyberprotect (cloud sandbox analyser/ML) set to block is a nice freebie offering this 'next gen technology' now for free.. Alternatively VoodooShield offers whitelist + machine learning + blacklist. Options . . . options . . . you just have to try it yourself

 

what do mean about consumer version of Cylance? I use it now and am not a business.

 

Sounds good to me, and I still need to read a couple of posts from the VS thread, about the new AI module. But I get the impression that not all AI is the same, for example the one from Invincea is based on pure behavior blocking, if I'm correct. But I'm not sure if malware is blocked pre-execution or post execution. I also believe they still use sandboxing to isolate vulnerable apps.

Well, the question is how much money they would make by also focusing on the consumer market. If they can prove that they are better than current AV's and can minimize false positives, I don't see the problem. But of course I'm talking about simplified versions of their current offerings.

Yes, but isn't that offered by a third party company? I'm talking about a true consumer version, that you can configure yourself.

 

You are right. AI/ML is good in recognizing good and bad it does an awfull job in recognizing grey. Strangly it is positioned to fill in the gap between reputation service/signature whitelisting (known good) and traditional AV blacklisting. IMO sequence should be

A. Known bad (AV blacklist)
B. Known good (whitelist on sigature and reputation/orign analysis)
C. AI to analyse the remainder, allow good, block bad and postpone execution of greyware
D. Cloud sandbox/analysis to deal with remaining greyware, ML feeds AI for better decisions