“We can easily forgive a child who is afraid of the dark; the real tragedy of life is when men are afraid of the light.”
- Plato, Philosopher and Mathematician (428-347BC)
In the unforgettable 1999 movie “The Matrix”, Morpheus tells Neo:
“This is your last chance. After this, there is no turning back. You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill – you stay in Wonderland, and I show you how deep the rabbit hole goes. Remember: I’m offering the truth. Nothing more.”
Of course Neo chooses the red pill and quickly finds that everything he’s felt, achieved, experienced and thought in his entire life was an illusion. The revelation is a complete shock and Neo struggles to grasp this new reality.
This modern day story is a reimagining of a 2,350 year old allegory from book VII of Plato’s Republic, known as The Allegory of the Cave or simply Plato’s Cave. In a dialogue between Plato’s brother Glaucus and his mentor Socrates, the reader is presented with a scenario where prisoners are chained to a cave wall from birth and view shadows of everyday objects projected onto the wall in front of them. The shadows are the result of people walking in front of a large fire while holding different objects "...including figures of men and animals made of wood, stone and other materials."
From Great Dialogues of Plato (Warmington and Rouse, eds.) New York, Signet Classics: 1999. p. 316.
Having never been outside the cave, or free to interact with any of the objects, the prisoners’ reality is entirely subjective. They weave stories about the origin of these objects in order to put their reality into a framework, never knowing that they are seeing merely shadows of objects representing their real-world counterparts.
When a lone prisoner is freed from their bonds, they first struggle to grasp basic human movements and then – after seeing the actual objects casting the shadows for the first time – they struggle to fit this new knowledge into their existing worldview. The prisoner’s eyes hurt from staring into the fire (associating light with truth and knowledge). They are informed that this new experience constitutes reality, not what they had previously experienced. In the face of this new truth, the prisoner begins to experience cognitive dissonance as their previous worldview crumbles.
Going a step further, the prisoner is painfully forced outside of the cave into the blinding light of the sun (again, linking light to truth and knowledge) and experiences even greater amounts of cognitive dissonance when presented with another new reality.
When the prisoner returns to the darkness of the cave, and is again shackled to the wall to play the shadow game, their disorientated state – from exposure to the sun and revelation at the true nature of reality – causes the formerly freed prisoner to appear mad to the others. The other prisoners begin to believe that whatever happened to the freed prisoner had an adverse affect on his mind.
Socrates posits that, if another was freed, they might in fact kill the liberator in the misguided belief that what occurred to the first prisoner was malicious. Was the prisoner better off living within the restrictions of the curated, completely subjective reality? Is ignorance truly bliss?
From ancient Philosophers to modern neuroscientists, the debate over subjective vs. objective reality is one that has fascinated humans for millennia. How we experience the world and what meaning we extrapolate from those experiences shape our own worldview. Different cultures, different times, and different experiences will lead to different views of reality.
But an objective reality requires universal truths, ones that exist independent of our ability to observe it. Objective reality requires something more than experience. It first requires a language that transcends the barriers of culture and time. It requires logic and mathematics.
This is where Cylance’s story begins.
I hate to be the Morpheus here, but we’ve all been living in the security industry’s version of Plato’s Cave. The wool has been pulled over our eyes. We’ve been brainwashed from birth into believing that the shadows on the cave walls were the extent of existence.
For as long as cybersecurity has been an industry, we’ve been taught that to find an attack, we need to first be attacked. We can then forensically examine this attack, determine its exploit vector, its subsequent malicious actions on the endpoint and then write a signature for it – hopefully in time to help the rest of the world detect or prevent the same (or a similar) attack. I’m here to tell you that this a priori assumption is, in fact, false.
Over the better part of 25 years, we’ve spent hundreds of billions of dollars on security solutions that were 100% dependent on one technique: signatures. Whether you call it antivirus, whitelisting (the opposite of blacklist/antivirus), heuristics, behavioral or another other term, they are all signatures. And signatures are bound by limitations, limitations that require a “sacrificial lamb”.
“Do you think that’s air you’re breathing now?”
I’m sure I don’t have to remind you what this signature-based strategy has produced: seemingly endless cyber attacks that have cost Billions in financial damage, the loss of unfathomable amounts of intellectual property, and countless hours spent in post-incident response. Let’s not forget the amount of jobs lost as a result, as Target’s C-level executives recently experienced.
So what is the answer?
Mathematics. Algorithmic Science. Data Science. Machine Learning. Artificial Intelligence. Security based on an objective approach to malware detection.
At Cylance we have produced the first and most effective plaform for predicting maliciousness in files on the endpoint. Pre-execution. Cloud independent. Requiring no updates.
So I ask you … “Do you want the red pill or the blue pill? I only offer the truth.”
Stuart McClure
CEO/President
Cylance, Inc.
