Vendors like Symantec, McAfee and Trend Micro have a reason to be threatened after the PC giant Dell announced its partnership with Cylance, an Irvine, California-based company that specializes in detecting and blocking attacks on endpoint computers.
â€œEarly next year, Dell will wrapÂ Cylance's ProtectÂ product in itsÂ Data Protection Endpoint Security Suiteâ€, said Brett Hansen, Dell's executive director of data security solutions.Â The suite is an integrated package with encryption capabilities, authentication features and malware detection.
Many antivirus programs still rely on signature based malware identification. According to security experts, this method of detection is fairly ineffective these days since the same malware can be changed to avoid detection. Other technologies in antivirus suites can detect strange behavior and block malware, but often only after it has already infected a machine and done something bad. "Our customers have been telling us the same thing: it is just not working," Hansen said.
Instead of using signatures, Cylance uses an algorithm that analyzes seven million characteristics of files and programs and scores those elements on the likelihood of them being malicious, and can block them. It's a lightweight agent that runs on a computer, and it only needs occasional updating twice or thrice a year. This means that Protect doesn't need a consistent network connection to work, which will appeal to those frustrated by daily or even hourly downloads of new signatures.
â€œCylance's Protect was tested by Dell's SecureWorks, the company's crack security division. SecureWorks put about 200 samples of the most effective malware and exploits together on a USB stick and was impressed with how Protect handled itâ€, said Hansen.