Interviewed at IP Expo, Dell's ex-security chief talks about why he jumped, and what it is like to get in before the attack for once Cylance VP and Ambassador-at-large John McClurg is in positive mood. The former FBI cyber expert, who was Dell's chief security officer until a few weeks ago. was attending IP Expo with his new firm. One of the reasons for his cheerfulness is that for the first time in ages, he is on the front foot.
Previous roles in risk assessment and cyber-security had meant a reactive background. “The FBI hired me out of a Phd programme and put me on the first terrorism taskforce. We'd like to get out ahead of events, but I was chasing the bad guys; always after the fact. Always the core signature was investigated after the event. We had been amassing data on spies in the US, but we've not been good at it. I was tired of always in the reactive cycle. And I was not sure, thinking even of going back to academia. But it is possible to be proactive.”
Hence the move to Cylance with its endpoint solution which measures file characteristics. “If you map the genome of the Internet – and this an idea I had a a young FBI agent, then we can judge the anomalies. It was too large then and we didn't have the big data analytics.”
He tested the market when at Dell: “There were about 60 companies offering end-point protection, so by pulling out 4100 samples of evil including malware and launching it a gains all the solutions, he tested them. Only Cylance came up with a 99.7 pre-execution result. And this is what happened, so I joined the company.”
It works best, he says because it is pre-emptive and backed with AI. Malware used to be produced by humans and so could be investigated and prevented. Now it is more sophisticated. The solution seems simple: “We pulled some smart mathematicians together who had hundreds of thousands of files of what makes up the internet. And we asked them 'what are the characteristics?'. Then anything that doesn't fit gets rejected.”
The best may be yet to come, with IoT looming: “Our model can sit on the endpoint with very little end-point overhead. And IoT – we have a solution at works pre-execution and uses little cpu, and does not require them to be online all the time, yet still have the power to stop the bad guys.”
Recent partnership announcements in Europe, including Ascenci (France), NTT Com (Germany) and StarLink (Middle East). Cylance continue to expand across EMEA, using the UK as a launch pad and distributor Ignition Technologies to accelerate market adoption. It has also just signed distributor Infinigate for DACH and the Nordics.
The recent Series D funding allows Cylance to expand on a global scale and it has ongoing plans to expand further throughout EMEA. Cylance are currently in the process of bringing on board a number of Managed Security Service Providers and other IT solution providers.