Meet Cylance - Endpoint threat protection

Technology
By definition, endpoint threat protection is an endpoint security solution that detects zero-day threats (a threat that exploits an unknown computer security vulnerability), advanced malware, targeted attacks, and secures endpoint patient zero. The latter concept is what we really need to draw attention to, as the modern patient zero effect has driven the need for more robust endpoint threat protection.

While patient zero as you know it refers to the “first infected”, it has taken on an expanded meaning in the realm of cybersecurity. Years ago, endpoint security was based on the creation of a malware signature, or in layman terms, a digital pattern of malicious code. Old security systems (i.e. antivirus) would scan computer files for the malicious code pattern, assign a signature, and block it. Pretty straight forward. But things have changed, making the signature based approach an antiquated one. The problem, is that the approach is based upon finding patient zero. The creation of the necessary signature depends upon the discovery of malware on an infected endpoint. It is thus reactive in nature.

In modern time, we are seeing an unprecedented number of malware variants, with data showing that a new variant pops every 4.2 seconds. New security exploits have made signature-based defenses less effective because there is more often than not a lack of any observable malware, and the target is now an unknown vulnerability (zero day threat). This new patient zero effect has driven a critical demand for better endpoint threat protection. This is where Fully Managed Inc’s expert adoption of Cylance Endpoint Threat Protection solutions come into play.

How Fully Managed Inc’s Expert Application of CylancePROTECT Will Provide Your Organization with Optimal Endpoint Security

Prevention with AI and Machine Learning Malware Detection

Excuse the rhetorical question, but would you rather your security system kick in after malware has been executed, or before? CylancePROTECT taps into advances in artificial intelligence (AI) and machine learning to identify malware before it can be executed, therefore, it detects and prevents advanced threats that traditional antivirus (AV) tools cannot.

The problem with traditional AV, is the manner of which it stops an attack, which is accomplished in three ways.

he first method, is called byte matching. Under byte matching, the AV system looks at its malware signature list and asks whether a byte in a file matches a byte in a signature. If every byte in the file matches every byte in one of its signatures the AV flags the file as malware. However, all the attacker needs to do is change one byte to render the AV ineffective.

The second method, is heuristics, where the AV looks at loose properties of the file. It considers everything from file size to whether or not it appears to be using dangerous functions, or if it has abnormal permissions. In this scenario, an attacker only needs to change one property, and the AV is once again rendered ineffective.

The third method, is called hash-matching. In this process, the AV calculates calculates hashes (any function that can be used to map data of arbitrary size to data of fixed size) over different parts of the file, takes a hash over a certain area of the executable, and asks whether or not the hash matches the hash of a known piece of malware. But once again, the attacker only needs to change one bit and the AV is out of luck.

As a solution to outdated AV, CylancePROTECT looks at billions of files. For each file, 2.7 million points (and thus 2.7 quadrillion turns) are considered. From there, machine learning tech generates a maze, where which the presence or absence of a property directs the direction the bot should go, with each dead end being defined with a score of “good” or “bad”. If the attacker changes a property, the score for a bad property can get even worse and the tool stops the threat in its tracks. The attacker would have to navigate the maze of 2.7 quadrillion turns to prevent CylancePROTECT from detecting the change in property. Not worth the effort (for an attacker), is it?

Simplified Deployment

We must admit, the above sounds complicated. And from a backend perspective it certainly is, and it needs to be. But for you, the end user, deployment of this malware prevention tool is seamless under the guidance of Fully Managed Inc.

With no daily endpoint management or signature updates required, the intuitive cloud-enabled (but not dependent) management console simplifies deployment and management, which reduces operational overhead and provides you with an effective, efficient, and affordable endpoint security solution.

Protect your endpoints with Fully Managed and Cylance, without increasing internal staff workload or costs.

Lightweight

This endpoint threat protection tool will not strain system resources. In fact, the agent uses only up to three-percent of PC processing power. That’s approximately 10 times fewer system resources than traditional endpoint security solutions. You gain superior, preventive protection against malware, ransomware, file-less malware, malicious scripts, weaponized docs, and other attack vectors at a fraction of typical system resource requirements.

CylancePROTECT Takes on FSociety and Other Infamous Attacks