Presentation is loading. Please wait.

Presentation is loading. Please wait.

Artificial Intelligence. Real Threat Prevention. Todd Radermacher Renzo Saunders.

Published byRandall Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "Artificial Intelligence. Real Threat Prevention. Todd Radermacher Renzo Saunders."— Presentation transcript:

1 Artificial Intelligence. Real Threat Prevention. Todd Radermacher Renzo Saunders

2 $2.4B Worth Of Noise – Investment Focus On The Endpoint

3 The Cylance Approach to Security © 2015 Cylance, Inc. 3 Isolation Whitelisting Enterprise Detection & Response Exploit Prevention Antivirus AI No Human-Derived Detection Methods

4 Framework Created By Former CISO of Intel, Malcolm Harkins 10 Questions To Ask Buyers Guide: Secrets To Endpoint Security Evaluations 4.5M Endpoints Protected – Stories From The Field

5 Cylance CEO – Stuart McClure Former CTO of McAfee, Former CISO Of Kaiser Permanente Cylance Chief Scientist- Ryan Permeh Former Chief Scientist of McAfee Cylance CISO – Malcolm Harkins Former CISO of Intel Drivers Behind A New Endpoint Strategy

6 Risk Cost RESPOND DETECT PREVENT Automated Manual Control Approaches Control Types Focus is on Minimizing damage – only variables are time to detect and time to contain Focus is on Minimizing vulnerability and potential for harm Semi-Automated Highest Risk Highest Cost Most Liability Lowest Risk Lowest Cost Limited Liability 9 Boxes Of Control Source: Upcoming Release of Managing Risk and Information Security 2 nd Edition – Malcolm Harkins End User Impact

7 Risk Cost RESPOND DETECT PREVENT Automated Manual Control Approaches Control Types Focus is on Minimizing damage – only variables are time to detect and time to contain Focus is on Minimizing vulnerability and potential for harm Semi-Automated Where most of the industry is focused Highest Risk Highest Cost Most Liability Lowest Risk Lowest Cost Limited Liability SUSTAINED PROGRESS 9 Boxes Of Control Source: Upcoming Release of Managing Risk and Information Security 2 nd Edition – Malcolm Harkins End User Impact

8 3 rd Party Data Feeds To Make Convictions? #1 Source: cgma.org

9 Can We Test Offline? #2 Source: gfi.com |

10 Will Your Behavioral Analysis / IOC’s Stop Ransomware? #2.1 Source: gfi.com |

11 Will you protect against packed malware? #3 Legitimate Packer Software

12 Do You Have A Demo vs. Production Mode? #4 False Positives Efficacy

13 Is Your Comparative Marketing Accurate? #5

14 Can I Consolidate? What Is Your Largest Signature Based AV Replacement? #6

15 Privacy? What Are You Accessing & Where Does It Go? #7

16 Weaponized Unstructured Data? Scripts? Fileless Attacks via Memory? #8 Or

17 End User Impact? Deployment & Required Staffing Per 1K Endpoints? #9

18 What Is Required To Do A POC? #10 “Don’t believe us. Don’t believe our competitors. Believe in yourself, and Test It Yourself.” Cylance CEO Stuart McClure

19 Risk Cost RESPOND DETECT PREVENT Automated Manual Control Approaches Control Types Focus is on Minimizing damage – only variables are time to detect and time to contain Focus is on Minimizing vulnerability and potential for harm Semi-Automated Where most of the industry is focused Highest Risk Highest Cost Most Liability Lowest Risk Lowest Cost Limited Liability SUSTAINED PROGRESS 9 Boxes Of Control Source: Upcoming Release of Managing Risk and Information Security 2 nd Edition – Malcolm Harkins

20 1/10 th | 1/40 th 70% 99% çç Impact Of The New Strategy In Cylance Community

21 ç Market Validation Visionary Quadrant Leader “Cylance is easily the fastest growing Endpoint Protection Platform startup in the last ten years.” “…very accurate at detecting new variants and repacked versions of existing malware.”

22 Market Validation Visionary Quadrant Leader “Cylance is easily the fastest growing Endpoint Protection Platform startup in the last ten years.” “…very accurate at detecting new variants and repacked versions of existing malware.” Source: accenture.com/securityvision “Intelligent Automation Steps Up…CylancePROTECT uses AI to validate the risks”

23 Market Validation Visionary Quadrant Leader “Cylance is easily the fastest growing Endpoint Protection Platform startup in the last ten years.” “…very accurate at detecting new variants and repacked versions of existing malware.” “Intelligent Automation Steps Up…CylancePROTECT uses AI to validate the risks” Source: accenture.com/securityvision

24 What is CylancePROTECT? Unrivaled Threat Prevention & Protection PREdictive PREvention PRE-Execution PRE-Zero-Day Lightweight & Flexible 1-3% CPU / ~40 MB Memory Footprint Enterprise Ready Malware | Exploits | Scripts Microsoft Approved AV Windows & Mac OS X SaaS Convenience PCI-DSS / HIPAA Compliant

25 AI & Machine Learning Applied © 2015 Cylance, Inc. 25 ML & AI Applied To Infosec 1.Feature Extraction 2.Regularization 3.Cross-Validation

26 Cylance Unlocks the DNA of Malware Elastic Cloud Computing Now Makes it Possible We have 1000’s of nodes in AWS Algorithmic science puts machines to work Machine Learning Under the Hood ① Collect both good & bad files ② Extract features ③ Train & Vectorize features ④ Classify & Cluster ⑤ A.I. produces confidence score Threat Indicators Anomalies, Destruction Data Loss, Deception

27 Deployment Process Stage 1 Stage 2 Stage 3 Policy Monitor onlyAuto quarantine ATQ +Memdef Detections Hosts Topics: Deployment Console navigation Topics: Review detections Policy development Zones Topics: Memory protection Enable quarantine

28 THANK YOU Todd Benshoof tbenshoof@cylance.com 818-434-1637

29 © 2015 Cylance, Inc. 29

30 The Benefits of CylancePROTECT © 2015 Cylance, Inc. 30 Rely on Human Classifications Require Previous Knowledge Require On-Premise Infrastructure Require Updates What We Do: Analyze Malware at the DNA-Level No Updates Needed No Reliance on Human Knowable Indicators We Do NOT: SignaturesHeuristicsBehavioral Analysis Micro- Virtualization Sandboxing 99% Threat Prevention Works offline or online PREdictive & PREventative

31 How We Do What We Do © 2015 Cylance, Inc. 31 …via Amazon’s AWS Platform Supercomputer in the Cloud Computation Platform We apply the power of machine learning to the problem of malware detection. We built a huge computation platform in the cloud with thousands of servers… GoodBad CYLANCE SCORE 00.00%85.00%64.21%15.44%90.75%45.17%26.22%77.32%33.80%41.02%29.05%79.12%92.30%12.50%89.62%96.00%

32 The Agent © 2015 Cylance, Inc. 32 Malware & Dangerous Binaries Memory Attacks Unauthorized Scripts PREVENTED FROM RUNNING All Done Pre Exectuion PROTECT

33 33 | © 2015 Cylance, Inc. Who We Are 500+ Customers. 1M+ Endpoints $77M in funding from

34 Past AI Pre-Execution Present Future AV HIPS + ANTI- EXPLOITATION SANDBOXING ISOLATIONEDR Post-Execution The Future of Security Pre-Execution

35 © 2015 Cylance, Inc. 35 Endpoint Protection Benefits 1.Superior Protection 2.Performance Gain 3.Easy To Operationalize

36 Vendor Comparison © 2015 Cylance, Inc. 36 Why AI Wins Every Time Isolation Whitelisting EDR Exploit Prevention Antivirus AI No Human-Derived Detection Methods

37 Thank You.

Download ppt "Artificial Intelligence. Real Threat Prevention. Todd Radermacher Renzo Saunders."

Similar presentations

Faronics Anti-Virus.

Faronics Anti-Virus.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Copyright 2009 Trend Micro Inc. Classification 11/3/10 1 Andy Dancer CTO – Trend Micro, EMEA Virtualisation and Cloud: New security for a new era.

Copyright 2009 Trend Micro Inc. Classification 11/3/10 1 Andy Dancer CTO – Trend Micro, EMEA Virtualisation and Cloud: New security for a new era.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Technical Product Presentation Name Date.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.

Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
2015 Security Conference Dave Gill Intel Security.

2015 Security Conference Dave Gill Intel Security.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Similar presentations

Ads by Google