Vendors like Symantec, McAfee and Trend Micro have a reason to be threatened after the PC giant Dell announced its partnership with Cylance, an Irvine, California-based company that specializes in detecting and blocking attacks on endpoint computers.
“Early next year, Dell will wrap Cylance's Protect product in its Data Protection Endpoint Security Suite”, said Brett Hansen, Dell's executive director of data security solutions. The suite is an integrated package with encryption capabilities, authentication features and malware detection.
Many antivirus programs still rely on signature based malware identification. According to security experts, this method of detection is fairly ineffective these days since the same malware can be changed to avoid detection. Other technologies in antivirus suites can detect strange behavior and block malware, but often only after it has already infected a machine and done something bad. "Our customers have been telling us the same thing: it is just not working," Hansen said.
Instead of using signatures, Cylance uses an algorithm that analyzes seven million characteristics of files and programs and scores those elements on the likelihood of them being malicious, and can block them. It's a lightweight agent that runs on a computer, and it only needs occasional updating twice or thrice a year. This means that Protect doesn't need a consistent network connection to work, which will appeal to those frustrated by daily or even hourly downloads of new signatures.
“Cylance's Protect was tested by Dell's SecureWorks, the company's crack security division. SecureWorks put about 200 samples of the most effective malware and exploits together on a USB stick and was impressed with how Protect handled it”, said Hansen.