Cylance Questions

Deleted74295

@brianlittlejohn said in Cylance Questions:

I was using Eset before... It worked great for a year then went downhill.

Oh without question, dropped like a hot rock and thrown into the ocean.

scottalanmiller

@brianlittlejohn said in Cylance Questions:

I was using Eset before... It worked great for a year then went downhill.

It was unusable for us even a decade ago. Totally garbage. Comparing Cylance to ESET isn't fair, ESET is known to not even work at a minimum level, it's not even close to Windows Defender level. You'd have been better off, literally, with nothing. You need to compare Cylance against Defender and Webroot, for example, to know if it is bringing any value.

Danp

@scottalanmiller said in Cylance Questions:

I don't think we've had a single infection with either Webroot or Vipre for eight years or more!

Ditto for us since switching to Webroot. With Vipre, we had several infections slip through via drive by downloads.

scottalanmiller

@Danp said in Cylance Questions:

@scottalanmiller said in Cylance Questions:

I don't think we've had a single infection with either Webroot or Vipre for eight years or more!

Ditto for us since switching to Webroot. With Vipre, we had several infections slip through via drive by downloads.

We left Vipre while they were still pretty decent. I've heard that they went downhill a bit. Worked great for the era when we had it, though.

Danp

@scottalanmiller IIRC, Vipre effectiveness dropped considerably after they were sold to GFI.

coliver

@Danp said in Cylance Questions:

@scottalanmiller said in Cylance Questions:

I don't think we've had a single infection with either Webroot or Vipre for eight years or more!

Ditto for us since switching to Webroot. With Vipre, we had several infections slip through via drive by downloads.

At my last job we ran Vipre. Worked really well until it became GFI Endpoint protection or whatever it was. Then we got hit with a bunch of zero days etc. Moved to Webroot and, when I left at least, there was not a single new infection.

scottalanmiller

@Danp said in Cylance Questions:

@scottalanmiller IIRC, Vipre effectiveness dropped considerably after they were sold to GFI.

That's around when we left them.

Danp

@coliver That mirrors my experience as well.

Jstear

Wow! A lot of hate thrown at ESET. I must be lucky because in the 5 years I've been using it, I haven't seen a single threat get through.

scottalanmiller

@Jstear said in Cylance Questions:

Wow! A lot of hate thrown at ESET. I must be lucky because in the 5 years I've been using it, I haven't seen a single threat get through.

We were outright scammed by them. We consider them a criminal entity, not just a bad vendor. They are blacklisted here and not allowed to be deployed, period. They actually tried to steal from us and our customers. We lost a fortune dealing with them and will never, ever do business with them unless they can provide solid documentation of their staff involved being fired and charges filed against them in court. They've failed to do so, we are considering the issues to be institutional and not something that can be fixed as it is just what the company is.

This is exacerbated by the fact that they are a security vendor so even more critical that they be ethical and trustworthy. You should never let an ESET rep in the door, let alone their software on your systems.

Jstear

I tested out Cylance to see if it was as great as everyone says it is, but it was basically Webroot from what I could tell. The biggest issue I had with it was I couldn't do much management. I had to send most requests to the dealer I was getting the trial from. They said that was going to change in the future though.

scottalanmiller

@Jstear said in Cylance Questions:

I must be lucky because in the 5 years I've been using it, I haven't seen a single threat get through.

ESET themselves are the threat.

Jstear

@scottalanmiller said in Cylance Questions:

@Jstear said in Cylance Questions:

Wow! A lot of hate thrown at ESET. I must be lucky because in the 5 years I've been using it, I haven't seen a single threat get through.

We were outright scammed by them. We consider them a criminal entity, not just a bad vendor. They are blacklisted here and not allowed to be deployed, period. They actually tried to steal from us and our customers. We lost a fortune dealing with them and will never, ever do business with them unless they can provide solid documentation of their staff involved being fired and charges filed against them in court. They've failed to do so, we are considering the issues to be institutional and not something that can be fixed as it is just what the company is.

This is exacerbated by the fact that they are a security vendor so even more critical that they be ethical and trustworthy. You should never let an ESET rep in the door, let alone their software on your systems.

Is there a post or blog that you have written about this incident? I'm curious to learn more.

scottalanmiller

@Jstear said in Cylance Questions:

I tested out Cylance to see if it was as great as everyone says it is, but it was basically Webroot from what I could tell. The biggest issue I had with it was I couldn't do much management. I has to send most requests to the dealer I was getting the trial from. They said that was going to change in the future though.

I've not heard of anything that really differentiates them from Webroot (other than costing way more.) They describe this awesome way that they work, but Webroot describes that way too. So not sure how much different they are. They had a session at SW last year but blew it big time - which was not really their fault and they've apologized and explained about that and that's all fine, but they had an opportunity to explain what made them different and failed to do so. They sound like a good option, but with Webroot at there, more mature, at a fraction of the price, I've not heard a compelling argument for Cylance's value proposition other than providing an alternative.

Jstear

@scottalanmiller said in Cylance Questions:

@Jstear said in Cylance Questions:

I tested out Cylance to see if it was as great as everyone says it is, but it was basically Webroot from what I could tell. The biggest issue I had with it was I couldn't do much management. I has to send most requests to the dealer I was getting the trial from. They said that was going to change in the future though.

I've not heard of anything that really differentiates them from Webroot (other than costing way more.) They describe this awesome way that they work, but Webroot describes that way too. So not sure how much different they are. They had a session at SW last year but blew it big time - which was not really their fault and they've apologized and explained about that and that's all fine, but they had an opportunity to explain what made them different and failed to do so. They sound like a good option, but with Webroot at there, more mature, at a fraction of the price, I've not heard a compelling argument for Cylance's value proposition other than providing an alternative.

I've heard that Cylance sold their algorithm to Webroot. Whether that is true or not, I'm not sure.

scottalanmiller

@Jstear said in Cylance Questions:

@scottalanmiller said in Cylance Questions:

@Jstear said in Cylance Questions:

Wow! A lot of hate thrown at ESET. I must be lucky because in the 5 years I've been using it, I haven't seen a single threat get through.

We were outright scammed by them. We consider them a criminal entity, not just a bad vendor. They are blacklisted here and not allowed to be deployed, period. They actually tried to steal from us and our customers. We lost a fortune dealing with them and will never, ever do business with them unless they can provide solid documentation of their staff involved being fired and charges filed against them in court. They've failed to do so, we are considering the issues to be institutional and not something that can be fixed as it is just what the company is.

This is exacerbated by the fact that they are a security vendor so even more critical that they be ethical and trustworthy. You should never let an ESET rep in the door, let alone their software on your systems.

Is there a post or blog that you have written about this incident? I'm curious to learn more.

Probably, but it has been a long time. No idea where to find it Basically their sales staff had a kill switch on our software and would regularly kill ever ESET install we had (including customers) and turn off the AV and refuse to turn it back on to extort more money from us - which is super illegal and unethical. Not only that, for a long period of time, they had effectively gone out of business and literally couldn't turn their product back on because there was no staff working and no way to call in and get support. It was layers and layers of major problems from criminal theft, extortion, non-working phone systems, total lack of customer support, etc.

nadnerB

What is a Cylance? I see the GG's swarming the "Top A/V of 2016" thread at SW...
For some reason, I associate them with Battlestar Galactica...

Nic

@scottalanmiller said in Cylance Questions:

@Jstear said in Cylance Questions:

I tested out Cylance to see if it was as great as everyone says it is, but it was basically Webroot from what I could tell. The biggest issue I had with it was I couldn't do much management. I has to send most requests to the dealer I was getting the trial from. They said that was going to change in the future though.

I've not heard of anything that really differentiates them from Webroot (other than costing way more.) They describe this awesome way that they work, but Webroot describes that way too. So not sure how much different they are. They had a session at SW last year but blew it big time - which was not really their fault and they've apologized and explained about that and that's all fine, but they had an opportunity to explain what made them different and failed to do so. They sound like a good option, but with Webroot at there, more mature, at a fraction of the price, I've not heard a compelling argument for Cylance's value proposition other than providing an alternative.

To boil it down to the essentials we do:

1. Online database to identify known malicious software
2. Machine Learning and heuristics to catch unknown bad actors
3. Journaling and rollback for anything we can't immediately identify

Cylance focuses on one layer which is the machine learning and heuristics to classify software as good or bad. Their approach puts all their energy into making #2 the best it can be, whereas we have three layers that we spread our effort across. Different approaches, but both different from and superior to signature-based definitions.

Deleted74295

@Danp said in Cylance Questions:

@scottalanmiller IIRC, Vipre effectiveness dropped considerably after they were sold....

And no more needs to be said.

Company bought out? Danger Will Robinson moment....

Richard_Automox

@Nic said in Cylance Questions:

@scottalanmiller said in Cylance Questions:

@Jstear said in Cylance Questions:

I tested out Cylance to see if it was as great as everyone says it is, but it was basically Webroot from what I could tell. The biggest issue I had with it was I couldn't do much management. I has to send most requests to the dealer I was getting the trial from. They said that was going to change in the future though.

I've not heard of anything that really differentiates them from Webroot (other than costing way more.) They describe this awesome way that they work, but Webroot describes that way too. So not sure how much different they are. They had a session at SW last year but blew it big time - which was not really their fault and they've apologized and explained about that and that's all fine, but they had an opportunity to explain what made them different and failed to do so. They sound like a good option, but with Webroot at there, more mature, at a fraction of the price, I've not heard a compelling argument for Cylance's value proposition other than providing an alternative.

To boil it down to the essentials we do:

1. Online database to identify known malicious software
2. Machine Learning and heuristics to catch unknown bad actors
3. Journaling and rollback for anything we can't immediately identify

Cylance focuses on one layer which is the machine learning and heuristics to classify software as good or bad. Their approach puts all their energy into making #2 the best it can be, whereas we have three layers that we spread our effort across. Different approaches, but both different from and superior to signature-based definitions.

Basically, the Fro is right. While both our logos are both green and we are both NGAV, our approaches are wildly different. (and yes, he flagged me to come take a look)

Our model is based on a mathematical equation which was made with AI. We asked our AI to define a file, essentially mapping the DNA of a file, mapping its traits/features and other aspects into this equation, which became the endpoint product. We do not rely on DAT/Signatures/heuristics/behavior, instead focusing on the combined traits of the individual file. We make a determination pre-execution in 1/10th of a second.

I'm here to answer questions, or on the other site.