Cylance, the security outfit which offers AI-powered prevention that blocks everyday malware along with today’s most advanced cyberthreats, has signed a distributor agreement with Toshiba.
Toshiba Industrial ICT Solutions has launched sales of CylancePROTECT, an antivirus solution that leverages artificial intelligence (AI) to prevent the execution of malware at the endpoint.
Attacks by ransomware and other malicious programs have increased rapidly in recent years. CylancePROTECT is a machine-learning platform that harnesses the power of artificial intelligence to detect and prevents the execution of such malware in real time.
Unlike conventional antivirus products that use signatures to detect threats, CylancePROTECT pinpoints both known and unknown malware by breaking down files to the DNA level to analyse and classify millions of attributes per file.
Prior to the launch of sales, the Toshiba Group started in-house deployment in June 2016, installing CylancePROTECT on approximately 5,500 endpoints, including virtual desktop environments.
The software claims to provide accurate detection of zero-day and variant ransomware and other malware that was missed by previously used conventional signature-based antivirus products
Same detection capabilities confirmed in PCs that were disconnected from the company network and the internet.
Anti-virus outfit Cylance appears to have been caught out trying to create false positives in clients machines as part of a sales gimmick.
According to Ars Technica the scheme was rumbled when a systems engineer at a large company was evaluating security software products when he discovered something suspicious.
Cylance had provided him with 48 malware files in an archive stored in the vendor’s Box cloud storage account. The idea was to show the company how good its Protect, a “next generation” endpoint protection system built on machine learning really was.
Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. But when the engineer took a closer look at the malware files in question—and found that seven were not malware.
He reasoned that Cylance was using the test to close the sale by providing files that other products wouldn’t detect—that is, bogus malware only Protect would catch. Cylance claims Protect uses AI to train itself using “the DNA markers of 1 billion known bad and 1 billion known good files.”
But over the past year, competitors and testing companies have accused Cylance of using product tests that favour the company. These critics have also accused Cylance of using legal threats to block independent, competitive testing.
Cylance executives reply accuses testing companies of running tests that inaccurately represent performance.
Ars says that the Cylance appears to be “re-packing” existing malware samples and turning them into “fresh” malware mostly using packers to convert executable files into self-extracting archives or otherwise obscure their executable code.
Cylance executives said there is no foul in that, because that is exactly what hackers do – share malware and repackage that malware to evade signature-based detection. The files that only Cylance caught in the test were all repacked in some way; five of the files were processed with MPRESS and the remainder were packed with other tools, including what appears to be a custom packer.
Of the nine files in question, testing by the customer, by Ars, and by other independent researchers showed that only two actually contained malware. One of the MPRESS-packed samples appeared to contain a copy of the MPRESS packer itself. The remainder of the MPRESS files contained either “husks”—essentially empty files—or samples that had been corrupted in packing. Two others crashed on execution, after opening a bunch of Windows resources without using them.
A US security company claims that Iran has virtual control over a large number of vital defence and infrastructure sites on the web.
Cylance said in a report that its “Operation Cleaver” investigation reveals that an Iranian team called Tarh Andishan has built an infrastructure to spy, steal and destroy control systems and networks.
It said that Iranian hackers have directly attacked government agencies and infrastructure companies in Canada, China, the US, the UK, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the UAE.
It claims the HQ of the operation in Tehran also has other members in countries including the UK, the Netherlands and Canada.
The report claims that Iran has reacted to malware campaigns directed upon it since 2009, targeted at its nuclear programme and its oil and gas operations.
Iran is also claimed to have attacked banks, Israeli national systems, US Navy computers and other systems.
Infrastructure under theft includes US military targets, oil, gas and chemical companies, airports, healthcare, aerospace and defence companies.
You can find the full report here.