Cylance, the cybersecurity company, says its new CylanceOptics is an AI-powered endpoint detection and response (EDR) solution that augments the prevention capabilities of its Protect platform.
That’s a lot to digest in one gulp. Here’s what the cybersecurity provider means:
- Optics leverages artificial intelligence to amp up endpoint detection and response capabilities, specifically, root cause analysis, endpoint visibility and AI-assisted threat hunting, along with integrated incident response.
- The solution is intended to augment the company’s Protect solution and flesh out its overall AI platform with more products to come.
- One notable feature: Optics works independently of the cloud, using local data for search and collection of forensic data and bypassing worries over continuously streaming data to the cloud.
Machine Learning, AI Rivals Emerge
Cylance and fierce rivals like CrowdStrike claim machine learning and artificial intelligence tapped into the endpoint yields predictive, preventative approaches to proactively stop virtually all attacks before they start.
EDR acts as a hall monitor of sorts, patrolling endpoints and collecting data to block entries either through a dynamic rules engine or by arming security specialist with tools for manual threat detection and eradication. In Cylance’s case, behavioral data propels the handling of onslaughts by trying to catch the malware before it finds an open door. Think of it as a hall monitor and border guard rolled into one.
Cylance details its EDR thinking in a lengthy blog post that accompanies the product rollout but here’s the high notes:
- There are so many threats bypassing anti-virus solutions that internal security teams are overwhelmed by alerts and events from multiple systems.
- Endpoint security stacks make systems more complex and unwieldy, add cost and clip efficiency to where half of all alerts go uninvestigated.
- The number of breaches isn’t going to ebb - ever.
- In Cylance’s own words, “something must change, and quick.” That “something,” is harnessing machine learning and AI to build predictive analytics models to bar the door.
It’s an interesting approach. For one thing, it’s not like machine learning and AI are going to get less sophisticated over time. On the other hand, stopping malware in its tracks -- preventing threats and attacks initially -- worked for a period of time but now struggles to stay ahead of the zillions of constantly mutating variants zipping through the security stratosphere.
AI, Data Science and MSSPs
But along comes AI with data science in tow, now considered by many the well-lit path forward on a number of different technology platforms, including, and perhaps most notably, security.
Inasmuch as Cylance largely positions itself as data scientists who just so happen to be in the endpoint security business, the company, which has allowed a coming product line buildup, likely will catch the eye of MSSPs looking for new armaments to offer enterprise customers.
Of note, that could place MSSPs in the crosshairs of determining their own strategy -- either banking on solutions to prevent attacks before they happen or aligning themselves with technology for detecting, hunting down and eradicating intrusions before they fully navigate an infrastructure.
If Cylance’s claimed growth since its inception five years ago is any indication, AI could lead the security charge. The company claims some 6,000 customers worldwide, responsible for some wild growth numbers -- 322 percent in 2015, only three years after it began operations, and a whopping 607 percent skyrocket last year. It lists Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota and Kiewit among its notable customers.
Cylance’s security researchers yesterday noted that Qakbot, self-propagating Trojan malware, is back and apparently stronger than ever. And last week, Razberi Technologies said it will embed Cylance’s Protect flagship platform in its ServerSwitchIQ appliances.
Cylance said that Optics is now available worldwide through its authorized channel partners.