Begin with the End(point) in mind
Date: Nov 21, 2016
Guest blog: The Cylance Team.
Advances in artificial intelligence (AI), machine learning (ML), and mathematical algorithms have allowed cybersecurity professionals to bolster their threat prevention in recent years. SecOps groups have shifted focus from response to prevention, using AI/ML-powered protection products such as CylancePROTECT® to stop malicious threats before they execute.
By actually preventing attacks, CylancePROTECT allows SecOps teams to achieve an expanding ripple effect of benefits. Increased visibility into corporate systems, reduced (or eliminated) data loss and improved endpoint performance aid the entire enterprise.
Moreover, personnel once stretched thin wearing too many hats and besieged with calls can focus less on the ‘nuts and bolts’ of endpoint protection installation, configuration, and software updates, and more on user-based policy enforcement, performance management, and compliance reporting. In other words, they can focus on the priority strategic work that they were hired to do.
Better Protection Through Prevention
In a 2015 study by KPMG, ‘Cybersecurity: a Failure of Imagination by CEOs,’ researchers found that “organisations need to invest in the right tools. They need visibility first and foremost, to know if they are being attacked. Without visibility, it’s impossible to identify holes in the security arsenal and weaknesses in infrastructure.”
The study also found, alarmingly, that “There are organisations that have been compromised for years before they discover the damage.”
More and more organisations today are turning to next-generation solutions that provide preventative rather than reactive protection. As a result, the pain-points of the global infosec talent shortage and slow incident response growth transform into more practical, strategic discussions about better threat visibility, a more secure environment, and improved corporate performance.
The paradigm shift occurs when SecOps teams trust the endpoint protection they use enough to shift out of the reactive ‘detect-and-respond’ pattern analogous with legacy antivirus protection. They begin to focus more on behavioral, anomaly-based threat prevention. This is similar to employing a highly trained tactical SWAT team to protect the perimeter of the organization from the outside, versus calling emergency response after an alert is activated and the ‘crown jewels’ lost.
The highly effective ‘SWAT’ system powered by Cylance harnesses the power of smart algorithms that can tell the difference between a ‘good’ file and a ‘bad’ file based on a huge number of mathematical datapoints. Based on these algorithms, CylancePROTECT detects and shuts down malware in real time, pre-execution, proactively quarantining potential threats before they do harm.
Streamlined Threat Response
So what happens when organisations prevent threats instead of reacting to them? Rather than responding to a high number of daily alerts, some of which may be false alarms, IT practitioners and administrators alike can instead respond to just the few true threats that pose potential harm. Instead of looking for the proverbial needle in a haystack, they can look for a single match in a near-empty box of matches.
The dramatic decrease in alerts comes thanks to Cylance’s machine learning algorithm, which works with fine-tuned precision to stop both known threats and new variants, including ransomware and zero days.