Retailers and financial services companies are some of the biggest targets of cyberattacks, but the federal government is also squarely in the crosshairs.
The personally identifiable information (PII) of American citizens, which many federal agencies are privy to, is a lucrative prize for malicious actors. The military and intelligence communities are also faced with attacks from nation states and other adversaries.
At CSRA’s most recent Emerging Technology Day, we heard from one of the leading companies in cybersecurity, Cylance.
Cylance has been described as “the first company to apply artificial intelligence, algorithmic science, and machine learning to cyber security.” One of its solutions, CylancePROTECT®, is an antivirus and application control solution for fixed-function devices that leverages artificial intelligence to detect and prevent malware from executing on endpoints in real time.
CylanceV®, another of its solutions, is for local integration into network appliances, endpoint software, and services platforms. The company also provides incident response, compromise assessments, forensic investigations, industrial control systems, critical infrastructure and key resource security, penetration testing, and custom services.
We recently spoke with Stephen Baker, Director of Federal Civilian at Cylance, to discuss what the company does, and why its solutions are so essential for the government today.
Thinking Next (TN): Can you discuss the current state of the threat landscape facing federal agencies? Are the threats facing the government and military different than those facing private enterprise?
Stephen Baker (SB): Many of the threat actors targeting the federal government share significant commonality with those targeting segments of the commercial sector.
Having said that, the U.S. government has a significant set of high value systems and networks, which makes it a given that adversaries will always endeavor to gain a foot hold within these target sets. Unique actors and tools, techniques, and procedures are common in these areas within the government.
TN: How has the threat landscape facing government organizations evolved over the past few years?
SB: Much like the rest of the cyber security industry, the government has seen threats increase in sophistication and has seen the number of capable adversaries increase. We are also seeing much more prolific use of polymorphic malware and of the post-breach use of windows utilities like PowerShell and WMI.
TN: What network and technology trends are making the threat landscape and network defense more daunting and dangerous?
SB: The increasingly ubiquitous use of SSL encryption on networks is making defense more difficult for network-based sensors. Additionally, rapidly increasing use of multi-part content delivery in browsers makes it much more difficult to re-assemble and analyze threats on the wire.
TN: What cybersecurity solutions does Cylance offer to federal agencies? What separates Cylance's solutions from others on the market today?
SB: Cylance offers a new and much more advanced form of anti-malware technology. Put simply, Cylance emulates the way a human might act in terms of reverse engineering and analyzing potential threats. But it can implement those techniques much more quickly and with a lot more reliability. However, our unique differentiators for the federal government include a minimal footprint, a significantly decreased cadence for detection and updates, and the solution’s ability to work in a fully disconnected environment – including air gapping and headless operation modes. But most of all our solution has been tested by the DoD with proven efficacy rates exceeding 99%+.
TN: How does Cylance use AI and machine learning to defeat malware?
SB: We apply our machine learning methods to static analysis of executables within Windows, Linux, and Mac-based operating environments. Essentially, Cylance is able to conduct a full bytecode analysis of every file we encounter in a customer’s environment. Based on the structure and makeup of the executables, Cylance will take operational actions to protect the systems we are tasked with guarding.