Cylance Review: Bag of Scorpions, Batman

Saw a great show last night at Hoyts Broadway (Sydney), courtesy of an invitation to Batman v Superman and a live malware demonstration from AI Security platform Cylance. The forces of good and evil battled it out on the big screen in spectacular fashion.  And then they played us a movie.

I’d been sold on the idea of an AI security platform. Smart, active defence, rather than ‘passive’ fencing. Not being an expert I asked for a plus one, and brought my 14yo nephew.

On the drive in, Josh updated me on his current COD sniper kill count (40,000), the prize money available for online trick shot competitions (!), and hacker collective Lizard Squad’s abilities and notable successes. Frankly I couldn’t have had a better prep session.

Running the technical demonstration was APAC Cylance Director of Pre-Sales Engineering Greg Singh. Greg had downloaded and corralled a bunch of malware files from a third party security supplier-to-industry (recent malware, last 48 hours or less).

They had 20 executable files quarantined in a folder, and different machines each running different malware / antivirus suites.

We (the audience) got to pick the systems. We chose Sophos, Trend, Symantec and of course Cylance. I’ll call them A, B, C and Cylance below (in no particular order).

One by one we went into the folder through dos commands and told each machine to open the collection of files (same collection, same malware, different machines.)  My nephew was quietly delighted at the idea of deliberately thrashing these systems. Privately so was I.

Holy shit.

The first machine running system A immediately spotted that there was malware lurking there; before even opening the files, which is nice.

After we told it to open the folder’s contents, it declined a few, and opened most of them; doing a pretty good job of spotting issues and sequestering, but more than a few got past, and a few of them executed. The system became unstable after a couple of minutes.

B was much the same story, but the system screened out fewer files and became uncooperative faster.

The C system was funny/not funny (especially if you’re running that particular system at home). It fell over itself to open damn near everything, then hit the floor faster than what Mike Tyson did to Ricky Spain. From what I understand, it’s loved ones have been notified.

The Cylance machine simply refused to open any of the malware files. Not a single one.

And it did it’s work in about 8-12 seconds.

The Cylance system works like this. They’ve synthesised an algorithm that understands what it’s looking at. Proper threat assessment using judgment; rather than ‘here’s a recent list of what you can and can’t trust’.

Greg tells us to imagine triggering a bomb, then trying to contain the blast. (Apparently this is how most malware/ anti-virus systems work, after you’ve opened something you shouldn’t.) I prefer to think of tipping out a known bag of scorpions, then trying to stuff them all back in again. But bombs are abstract, and scorpions are creepy, fast and stingy. And Cylance simply won’t open the bag.

The systems’ understanding uses a weighted score ranging between +1 and -1. A file ranked -1 will give your computer cholera, steal your money, cancel your gym membership, fire off a series of sexist emails to your boss, make your cat ill and turn the milk sour in the fridge. (+1 is, presumably, a healing missive from Jesus.)

Built off a staggering amount of data – the past 25 years of threat history – the algorithm is the endpoint of the analysis, rather than a live system.

While not true AI, it’s a novel approach to security and threat management. It doesn’t need to be online to update itself every other day (updates come every 6 months), which means it’s ideal for machines that don’t need to, can’t, or shouldn’t be net live 24/7.

The algo itself is protected, but that’s neither here nor there:  ‘there really isn’t anything to be found from reversing our process.  Basically we map patterns of badness, so the only way to avoid this is to stop being bad.’ – Greg Singh.

I went for the demo but stayed for the movie, and despite what you’ve heard (Spoilers: Batman kicks Superman’s ass) the movie was better than expected. And Cylance did things I can’t argue with.

I’m not technically equipped to tell you why. But I brought my nephew because the AI model is the one he’ll be using when he graduates. He loved it. I thought it was cool, and cannot wait to see the next iteration of this kind of approach.

Disclosure: They gave us nachos, butter chicken and, on the way out, a Batman Bobblehead. I took a Superman for my other nephew who didn’t get to go.

Mike Woodcock March 2016


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s