Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cybersecurity and improve the way companies, governments and end-users proactively solve the world’s most difficult security problems.  Using a breakthrough predictive analysis process, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist.

By coupling sophisticated machine learning and artificial intelligence with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats. 

CylancePROTECT is a Next-Generation Antivirus (NGAV) product that redefines what anti-virus (AV) can and should do for your organisation, leveraging artificial intelligence to detect AND prevent malware from executing on your endpoints in real-time.

The cybersecurity industry is wrought with change, yet the fundamentals of malware detection have remained the same for more than three decades.  In the face of constant innovation from attackers, AV vendors continue to focus on aging technologies that use signatures and post-attack behaviour analysis to protect computers.  A new approach is required.

Algorithmic science and machine learning are fundamentally shifting the equation, offering new ways to effectively identify, diagnose, categorise and control the execution of every file. Cylance is leading this revolution with the Next-Generation AV (NGAV) predictive and preventive product, CylancePROTECT

Defining NGAV

The current, outdated approach of blacklisting relies almost entirely on using signatures and simplistic behavioural information to detect attacks.  This worked for a while, as the costs for attackers and defenders to respond to each other were at parity, however, as the bad guys added new tricks, defenders adapted and evolved, forcing attackers to innovate further.  The attackers now have the advantage; the sheer number of threats is exploding exponentially with large numbers of new threats appearing daily.  Always-on, always-connected devices provide new, fertile ground for attacks.  Improvements in defense are met with swift, advanced responses – to the point where adversaries are gaining a significant advantage.  The cost for attackers is far lower than for defenders due to outdated detection and response strategies - it is clear traditional methods are failing.

Key elements of a Next-Generation Antivirus include:


Automated Static Code Analysis

Dormant and non-active code should be analysed at the level of its core DNA or characteristics prior to it’s ability to execute.  These characteristics can be as basic as the PE file size or the compiler used, or as complex as a review of the first logic leap in the binary.  Cylance extracts millions of unique characteristics from potentially-hazardous files and applies machine analysis to determine their intention.

Execution Control

Detection of bad, abnormal and good files should be coupled with the ability to control the object in real-time. Rather than relying on hash comparison or post-run behaviour heuristics to determine what to do, Cylance evaluates objects early in the run-time process (in less than 100 milliseconds).  This allows the agent to prevent execution if the object is determined to be malicious.



No Daily Updates

A key weakness of traditional security solutions that rely on whitelisting and blacklisting is the need to retain vast databases of hashes and other signatures of known malware or approved applications.  CylancePROTECT is a sophisticated agent that makes decisions in real-time on the host by classifying an object’s characteristics against optimally trained statistical models.  Those models are updated every few months, but retain effectiveness for much longer.  There is no need to constantly download new file signatures and worry that detection doesn’t flag when you miss a day’s worth of updates.

No Connectivity Requirements

Many traditional security solutions rely heavily on the cloud to supplement their protective capacity.  Whilst internet access is often available, piping vast amounts of information to a vendor is not always possible or desirable.  CylancePROTECT operates autonomously, classifying threats using its entirely disconnected agent - making the correct decisions is imperative for situations such as air-gapped networks used in industrial control systems and low-bandwidth networks used by retail point-of-sale systems, branch offices & remote employees.





The appropriate protection architecture should be invisible to users, as well as simple to deploy and administer.  The CylancePROTECT agent is small and typically uses less than 1 percent of CPU.  It is easily deployed with common distribution tools and offers browser-based alerting and policy management.

Contextual Visibility

In addition to predictive, proactive detection and blocking, next-generation anti-virus should collect data that provides the full context of attacks for analyst and incident response intelligence.  The Cylance management console provides pre-execution insight and detonation intelligence from dynamic analysis.

Some vendors already claim to offer next-generation anti-virus technology, yet CylancePROTECT is the only NGAV product recognised by the Microsoft AV Club.  Cylance consistently proves to be highly effective in blocking threats, whilst having an extremely low impact on users.  NGAV must offer both elements to satisfy the requirements of a “next new” that imparts better detection and protection whilst seamlessly fitting into normal company operations.

Given that it’s taken 30 years to roll out the current AV solutions, a NGAV needs to either significantly enhance current endpoint security or replace it entirely.