At RSA 2017, there are no shortage of companies claiming various usages of artificial intelligence (AI) and machine learning (ML). Some are new to the party. Others are old dogs insisting this is not a new trick for them. Many are making legit claims, but in fact they are using AI or ML in ways that do not move their level of protection beyond what traditional antivirus companies already achieve using legacy technology.
Want to find out who is legit and who is just jumping on the AI/ML bandwagon? Watch our video and learn how Cylance built a native-born artificial intelligence and stirred up the cybersecurity industry:
VIDEO: Cylance VP Bryan Gale Speaks on AI and the Me-Toos
Bryan Gale is a VP at Cylance. Here’s what he has to say on the subject of AI and ML in the antivirus (AV) industry.
Enthuses Gale, “Most of us (here at Cylance) come from a rich heritage background of AV companies, and we all know what the product is doing on the backend. Many of the traditional players may indeed be using ML at this point, but really, all they’re doing is using it to create signatures more efficiently.”
Cylance was born different, claims Gale. But why does that matter? For starters, he says, the company was founded based on the premise that AI and ML could be used to make the primary convictions on the endpoint itself.
“We don’t use any other kind of detection engine, or detection technologies,” explains Gale. “We don’t use heuristics, we don’t use behavioral rules, and we don’t use signatures. Everything is done autonomously on the endpoint, through our machine learning model that has been essentially miniaturized.”
There are plenty of other benefits of using AI and ML, says Gale. “We don’t have the query the cloud, we don’t have to look at backend rules or signature files to make those convictions. We’ve spent the last five years creating those machine learning models, and we’ve refined them over time.”
So what, exactly, is Cylance doing differently to the other guys, and how is that important? Bryan Gale has plenty to say on that subject.
“For one thing, Cylance products have almost no perceptible impact on the endpoint. The product itself is lightweight and non-intrusive, and doesn’t even register on the endpoint’s CPU, in many cases. The endpoint is then capable of making its own autonomous decisions as to what is malicious and what’s not." Adds Gale, “The user doesn’t have to do a regular systems scan, and bog down the whole box while trying to scan for malware. They don’t have to go through that onerous process of downloading a 750MB DAT file every few days, decompressing that, then scanning the system again.”
The bonus, he says, is that Cylance’s use of AI/ML on the endpoint works in a predictive fashion. Users can leave the untouched, un-updated product to run for months at a time, unplugged from the Internet, and still remain close to 100% effective against malware compared to traditional AV.
For more information on why Not All Machine Learning is Created Equal, check out our white paper on the subject.