The latest information security vendor to launch in Australia reckons it has the cure to the country's "Cryptolocker epidemic".
Cylance has launched into the local market headed by former senior Telstra figure Andy Solterbeck at the helm of Asia-Pacific. Solterbeck was previously senior vice-president of business development in Telstra Software Group, and before that RSA's Australia and New Zealand general manager.
Solterbeck said: "Right now, Australia – and specifically Australia – is going through what can only be described as an epidemic of Cryptolocker."
He's not the only Telstra alumnus within the senior ranks of Cylance; the carrier's former chief information security officer, Glenn Chisholm, is Cylance's CTO, based in California.
The vendor is looking to expand its channel in Australia. Up until now, it was largely represented by key partner Sydney-based Aquion, but is now on a partner recruitment drive, hoping that greater awareness will drive the same explosive growth it has seen in elsewhere in the world.
"Gartner says we're the fastest growing security company in the last 10 years. We are growing incredibly fast... and we actually make money," Solterbeck said.
The rapid rise in popularity for the company - ranked number 313 in the latest Cybersecurity 500 list - is thanks to a unique algorithmic approach to endpoint security, rather than the more traditional method of looking for signatures of identified malware.
"We all know in healthcare it is better to prevent an illness than find it and cure it. The security industry is exactly the same. It is better to prevent a piece of malware from executing than detecting it and responding to it. Unfortunately, we as an industry have got hooked on detect and respond," said Solterbeck.
While most endpoint security products use the signature approach, this can easily be tricked using off-the-shelf tools, called "packers", to "mutate" the signatures, explained Greg Singh, who was recently appointed as regional director of sales engineering at Cylance after a career that included Splunk, Optus, Blue Coat and RSA.
In a live demonstration to media and analysts in Sydney, Singh showed how Cylance could catch malware that other endpoint security tools missed.
Singh had downloaded a bevy of malware files from third-party malware repository that was "commonly used" in the anti-virus industry, then had mutated the signatures using a packer. In the live demo, he attempted to execute the files on a number of virtual machines running three well-known endpoint security products. In each case, the majority of malicious files executed before they were detected. In a side-by-side demo running Cylance, the algorithmic approach stopped any of the malicious files from executing.
The algorithm was developed through big data, analysing the attributes of billions of malicious files to identify the characteristics. "We threw the universe of files at a big Amazon instance and we looked at those files. Each file has roughly 15,000 forensically interesting attributes. Does it print, does it not print? Does it try to execute and doesn't have an .exe?"
Rather than requiring regular updates from an online viral database, the 30MB algorithm only needs updating around once every six months. It doesn't need to go to the cloud to detect malware. "Quite often we'll run completely headless," said Solterbeck.
"Our effectiveness is significantly higher than our competitors in the market right now," he said. "Because it is an algorithm and not a bunch of signatures that get downloaded every [day], the algorithm does not need to be updated."
Solterbeck added that one client running an 18-month old version of the Cylance algorithm detected the most recent version of Qbot malware, the same malware that took down systems at Melbourne Health.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
