@Nic said in Cylance Questions:

@scottalanmiller said in Cylance Questions:

@Jstear said in Cylance Questions:

I tested out Cylance to see if it was as great as everyone says it is, but it was basically Webroot from what I could tell. The biggest issue I had with it was I couldn't do much management. I has to send most requests to the dealer I was getting the trial from. They said that was going to change in the future though.

I've not heard of anything that really differentiates them from Webroot (other than costing way more.) They describe this awesome way that they work, but Webroot describes that way too. So not sure how much different they are. They had a session at SW last year but blew it big time - which was not really their fault and they've apologized and explained about that and that's all fine, but they had an opportunity to explain what made them different and failed to do so. They sound like a good option, but with Webroot at there, more mature, at a fraction of the price, I've not heard a compelling argument for Cylance's value proposition other than providing an alternative.

To boil it down to the essentials we do:

1. Online database to identify known malicious software
2. Machine Learning and heuristics to catch unknown bad actors
3. Journaling and rollback for anything we can't immediately identify

Cylance focuses on one layer which is the machine learning and heuristics to classify software as good or bad. Their approach puts all their energy into making #2 the best it can be, whereas we have three layers that we spread our effort across. Different approaches, but both different from and superior to signature-based definitions.

Basically, the Fro is right. While both our logos are both green and we are both NGAV, our approaches are wildly different. (and yes, he flagged me to come take a look)

Our model is based on a mathematical equation which was made with AI. We asked our AI to define a file, essentially mapping the DNA of a file, mapping its traits/features and other aspects into this equation, which became the endpoint product. We do not rely on DAT/Signatures/heuristics/behavior, instead focusing on the combined traits of the individual file. We make a determination pre-execution in 1/10th of a second.

I'm here to answer questions, or on the other site.

@scottalanmiller That's why Matt and I are here - to make the message clear.

@Jstear Which reseller? We need to get that corrected immediately. Please DM me those details.

@zuphzuph said in Cylance Questions:

@PackMatt73 Webroot sold their marketing exec to Cylance.

FTFY - Sold = Lost. Exec = guru

@scottalanmiller oh hai

Richard here. Prior Cylance and Webroot. Poacher of Nic from SW.

Automox is a cloud native cyber hygiene platform. You can patch, deploy software, enforce policies, and a whole lot more across Windows, Linux, and Mac including servers. You can pull a report as needed as well. Don't want to get too salesy but happy to talk more.

@Reid-Cooper The problem there is funding. As the article talked about, a lot of the testing labs are funded through subscription.

If you can find a way to build a testing lab that tests 100% un-funded by the industry it's testing, I can promise you we would be the first interested party to submit and participate.

@scottalanmiller Kickstarter.com

#makelabsindependentforonce

@scottalanmiller oh hai

Richard here. Prior Cylance and Webroot. Poacher of Nic from SW.

Automox is a cloud native cyber hygiene platform. You can patch, deploy software, enforce policies, and a whole lot more across Windows, Linux, and Mac including servers. You can pull a report as needed as well. Don't want to get too salesy but happy to talk more.

@travisdh1 said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@Richard_Cylance said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@travisdh1 We commented on that part last year....when it happened. https://www.cylance.com/cylanceprotect-vs-smoke-and-mirrors

I've been commenting on everything else throughout the thread.

I'll attempt to make this easier to understand by asking a different way.

What confidence do customers have that Cylance won't threaten legal action when attempting to talk about the product publicly?

No need to be pandering or rude. I get what you are asking.

You're trying to cross two different situations. The issue we had was not with a customer, but with a reseller breaking their terms and conditions they agreed upon. Sophos' video showed the settings they used, and we called them out on it. They changed their T&Cs to stop public testing, we removed them from our list of products we use in public testing. Then we all moved on.

You can talk about the product all you want. Share the results of your POC, use, or results. That's all on you and your experience, and there are plenty of threads all over the web that have those kinds of conversations.

@travisdh1 We commented on that part last year....when it happened. https://www.cylance.com/cylanceprotect-vs-smoke-and-mirrors

I've been commenting on everything else throughout the thread.

@scottalanmiller Kickstarter.com

#makelabsindependentforonce

@Reid-Cooper The problem there is funding. As the article talked about, a lot of the testing labs are funded through subscription.

If you can find a way to build a testing lab that tests 100% un-funded by the industry it's testing, I can promise you we would be the first interested party to submit and participate.

@scottalanmiller "One vendor, CrowdStrike, even pulled out of the NSS Labs tests and revoked the testers' license, then attempted to obtain a restraining order to block publication of the results NSS had obtained. "CrowdStrike filed suit in US Federal District Court against NSS Labs to hold it accountable for unlawfully accessing our software, breaching our contract, pirating our software, and improper security testing," a company spokesperson wrote in a post to CrowdStrike's blog. "Regardless of test results (which we have not seen), CrowdStrike is making a stand against what we believe to be unlawful conduct." The court denied CrowdStrike's initial request for a restraining order, but the case has yet to be decided.'

We aren't CrowdStrike.

@scottalanmiller Look at it as an interpretation of the situation. For the longest time we have been fighting against the accepted mindset of security. Now, no matter where you stand on what AV to use, there is no denying that advancement hasn't been the strongest point of the industry. Cylance changed that with a new way of thinking, and when the OGs of the company started out on the road, they fought back this wall.

You are more than welcome to test our product out, use malware you find, and post your results. Assuming you are talking about the Sophos/Cylance issue, there were higher up issues with the reseller than I am privy to, so I won't speak to that. But the test they showed was flawed, and we called them out for it. That is the past though.

Every test I have ever done in front of an audience or a customer I have invited attendees to check my settings. I update all the products I test against, enable all the features I have that are viable for the test (don't need anti-phishing layers on for a malware execution test for example), and ensure all signatures/dats are downloaded and updated, as well as full connection to their servers is there. I don't do that for Cylance - I run a version on my test machine from September 2015 and often run it disconnected from the web. Again, I ask any attendee to come up and verify, recommend changes if they feel the need, and run the test for them.

But in the end, I am a vendor, and we want people to trust the results themselves. You wouldn't buy a car based off someone's presentation alone; you're going to test drive the metal machine. Same thing here; don't trust me or any other vendor.

@RojoLoco If you approach me in a way that clearly gives me no room to present our side, then no matter how we work in this, you will always have the wall.

Look - I said it above - SW 15 was a poor representation and action on our end. We own that. Matt and I joined up and have been working with our experiences and skills to tell more and more of the story, and it's been incredible growth in the right direction for our company.

I posted this on SW-
" I invite attendees of all my shows to come up and verify my settings on all the competitor setup. I'd be happy to have a one-on-one with you and let you have full control and run the demo on my machine (so you don't get infected).

This article clearly demonstrates the need for the industry to update their testing practices. Testing needs to change, and we've been saying it for years. We will continue to call out bad testing practices. Matt and I have said it before on here- don't trust us. Download your own samples, run it against your AV solutions and our offering. There is a need to test against files never seen before, using the same methods that malicious distributors are using.

Independent tests that don't use real-world methodologies are ineffective. AV-Test and NSS Labs are endeavoring to make tests more akin to the real world, and we support them in their efforts. While no testing house is perfect, they are making changes that serve the world at large."

@NerdyDad I wouldn't either.

Hi friends.

I'm here to answer questions, talk the talk, and really go through all of this 'funness'.

We do not mislead customers or prospective customers. Plain and simple.

When we create malware samples to test with, we employ the same methods and tools that hackers do, including creating mutations and packing the samples, to better emulate what attackers do for more meaningful testing. I'd be happy to walk through any of this with anyone, but for the tests I've been running, I am using 'how-tos' found on some less than favorable websites along with software that is free and widely distributed.

We are not running or using any tool that isn’t already in an attacker’s arsenal. Any time you pack a real file, there is a chance that the original piece of software will break. This happens every now and then; you're messing with the file after all. It's like when we shaved Nic's head at Spiceworld - we messed with his image and then NOBODY took him seriously.

Is this whole process perfect? No. But the steps we take are the same steps we are seeing in the real world.

Addressing Spiceworld 15 - That was pre-Bowtie and Beards (Matt and I). The session was a cluster, there were issues of promises made and session ideas, but those ideas fell through from my understanding. That is why Matt and I went big last year at Spiceworld, coming out and not pushing the product and inviting members to test for themselves. This is the same dialogue we are continuing to have there, here, and elsewhere. That's the past, let's move on.