Cylance vs. Smoke and Mirrors

When you go about successfully disrupting an industry, it doesn’t take long for the competition to come after you with pitchforks. Over the past year, we’ve had a number of vendors attempt to poke holes in our Unbelievable Tour results and competitive demonstrations.

While the videos make for great social media buzz and serve to rile up their respective channel partners, they quickly unravel with just the slightest scrutiny. We’re flattered by the attention we receive from legacy AV vendors, and we take these attacks as a sign of respect for what we’ve accomplished.

We’re constantly surprised at the lack of even basic security hygiene displayed by vendors who tout themselves as cybersecurity gurus. In the latest case, it was trivial for us to retrace the steps that one particular legacy AV vendor took to obtain our product and purposely hobble it in an attempt to discredit our technology.

It’s easy to create an anti-Cylance video. In fact, if you’re a competitor, here’s the recipe:

Step 1: Convince a partner to sell you a CylancePROTECT® license or simply have your VP of Global Sales Engineering request to borrow a login.

Step 2: Install CylancePROTECT on a virtual machine (VM).

Step 3: Install your own legacy software on a second VM instance.

Step 4: Download samples from any number of malware sharing repositories.

Step 5: Run each product against this large sample set and CAREFULLY remove all malicious software, scripts and exploits that your product misses. (NOTE: you may have to generate multiple videos until you have removed all of the false negatives).

Step 6 (IMPORTANT): Change the policy for CylancePROTECT to disable certain key features like memory protection and script control, or at the minimum, put them into “alert only” mode.

Step 7: Record video, send to your channel partners as a “smoking gun” and pat yourself on the back for hawking a bloated, ineffective security product that continues to lose market share.

Where There’s Smoke, There’s Fire

It’s easy to throw accusations around like “they didn’t test with all the options turned on,” or, “show us the proof.” In reality, this legacy AV vendor used a partner to create a video that was purposely misleading. When Cylance® provided proof to the partner that the accounts used in this “test” were intentionally sabotaged, they quickly sided with us.

The truth here is that a rogue employee of a partner provided access to our product and then purposely disabled key features that would make it seem like CylancePROTECT was not as effective as we have claimed.

Our original intention was simply to check the validity of the claims presented by the competitor. The video crafted did not obfuscate any of the data (now removed). That made it easy for Cylance to retrace their steps, identify the partner, examine the policies applied to the accounts and prove that the resulting video was fraudulent.

To Cylance, partnerships are based on trust. Because we’re committed to supporting our partners, we first had a discussion with the one involved. After showing them our investigation results, they took it upon themselves to contact the competitor to have the video in question removed.

It’s not surprising that this legacy AV vendor would resort to dirty tactics and essentially use a partner to wage a proxy war. The vendor was caught with their hand in the cookie jar and are now attempting to spin the matter into something else entirely. By letting their employees put partners at risk for violations of an agreement, it’s clear to see how little this vendor values their partners.

No Smoke, No Mirrors

Ask yourself this: why would a public company with hundreds of millions of dollars in revenue throw a partner under the proverbial bus just to target a startup? Legacy AV vendors are frightened that upstart technologies are taking away accounts they feel entitled to monopolize. Accounts that have, until now, had nowhere else to turn for endpoint security.

In this war of words (and video), the only way to find the truth is to test CylancePROTECT in your environment. It costs nothing to test our software in a proof of concept (POC) and it’s the only way to see the truth for yourself.

To our channel partner that was involved in this incident, we commend you on your integrity and willingness to support Cylance’s mission to disrupt an outdated and stale industry.