The document discusses the evolving landscape of cybersecurity, emphasizing the importance of pre-execution threat prevention using artificial intelligence to combat advanced malware. It describes various methods of threat detection, the challenges faced in balancing privacy and security, and the implications of technology integration on public trust. The text also highlights the financial costs associated with cybersecurity measures and the risks of excessive control friction on business operations.

1. Artificial Intelligence.
Real Threat Prevention.
Art Hathaway
Regional Sales Director, Ohio Valley
Steve Richards
Sales Engineer, Ohio Valley

3. 3 | © 2015 Cylance, Inc.
The Future of Security
Past
Pre-Execution
Humans Needed
Present Future
AV SANDBOXING ISOLATION EDR
Post-Execution
z
Pre-Execution
No Humans
AI
HIPS / ANTI-EXPLOITATION

4. 4 | © 2015 Cylance, Inc.
Required Solution
Reduce risk by preventing
malware before it executes.
Cylance prevents malware by
using Artificial Intelligence to
unlock the DNA of advanced
threats.

5. 5 | © 2015 Cylance, Inc.
Algorithmic Science
• Machine Learning
• Cluster & Classify
• Pandora ML
Confidence Scoring
Threat Indicators
• Anomalies
• Collection
• Data Loss
• Deception
• Destruction
Collect / Classify / Context

6. 6 | © 2015 Cylance, Inc.
How It Works
EXTRACT
COLLECT
CLASSIFY
& CLUSTER
TRANSFORM,
VECTORIZE
& TRAIN
BAD
GOOD

7. 7 | © 2015 Cylance, Inc.
What is a Feature / Attribute

8. 8 | © 2015 Cylance, Inc.
Extract ~15,000,000 features
RosAsm Base3.exe PE File Structure
DosMZ Header
DOS Stub
PE File Header
PE Signature
Image_Optional_Header
Section Table
Array of Image_Section Headers
Sections
.idata
.rsrc
.data
.text
.src
Directories
lea rcx,[rdi+20h]
mov qword ptr [rdi+8],r13
mov qword ptr [rdi+10h],r13
mov qword ptr [rdi+18h],r13
mov qword ptr [rcx+20h],r12
mov qword ptr [rcx+18h],r13
lea rdx,[rsp+258h]
or r9,0FFFFFFFFFFFFFFFFh
xor r8d,r8d
mov word ptr [rcx+8],r13w
mov ebx,r14d
DOS Header
NT Header
File Header
Section Headers
Export Directory
Import Directory
Resource Directory
Relocation Directory
Debug Directory
Packer Used
Compiler Type
Compiler Language
File size
PE size
Image section headers
Image imports
Functions called
Kernel hooks
Image Paths
Image Resource Directory
Bitmaps
Icons
Strings
RCData
Icon Groups
Version Info

9. 9 | © 2015 Cylance, Inc.
x=[1007013456]
Transformation
Normalization and Vectorization
Meta-data that creates new features
x=[1602111430]
x=[2819209111]
x=[3220101036]
x=[9910192839]
x=[2201920391]
x=[8819102999]
x=[5778492200]
x=[0001928311]
x=[7564778203]
x=[9928183918]
x=[9929192839]
X
Matrix
x=[0019376471]
x=[0093810292]
x=[0019102922]
x=[6657749100]
Unsafe
Safe

10. 10 | © 2015 Cylance, Inc.
Deep Discussion
• First Order Feature – information you can extract directly from
the binary or it’s structure
• Second Order Feature – Ex. Entropy Value of a binary or
section of binary.
• Third Order Feature

11. 11 | © 2015 Cylance, Inc.

13. The world is growing more
VOLATILE AMBIGUOUS COMPLEX
And it is all speeding up …

14. © 2015 Cylance, Inc. 14
The Escalating Battle for Control in Cyberspace
Increase in sophistication and number of cyber attacks
Government concerns are driving new regulation
Increasing tensions between privacy and security
Growing debate about the Roles of Government and Industry in Privacy and Security

15. Threats & Impacts – A Simple Summary
IP Loss
(technology
leadership)
Shut Down Your Business
(materiality impact)
Compromise you to
Compromise others
(trust, brand, reputation)
Product Vulnerability
(trust, brand and
reputation)
An Adversary

16. The idea is to assess soil and landscape types, weather and pest
issues to boost crop yields and profits.
All the farmer needs is a smartphone, a GPS enabled
tractor connected to cloud, with the data & analytics

17. All a government needs is access to the data
The idea is to facilitate a precision bombing.

18. The idea is to cure blindness.
Doctors on June 19th 2015 insert a retinal implant into a
patients eye that is connected to high tech glasses with a
camera and a video processing unit

19. The idea is to extort money.
All a bad person needs is poorly developed or managed
technology and the ability to execute malicious code

20. The idea is to improve road maintenance and safety
All a municipality needs is sensors in the cement,
sensors in cars, sensors with people, connected to the
cloud, with data and analytics

21. The idea is to profit from or to harm others
All a bad person needs is poorly developed or managed
technology and the ability to execute malicious code

22. The idea is to improve food safety and reduce cost
All a food and beverage organization needs is real time
information flow from the slaughter house to the point of sale

23. The idea is to save cows
All a bad person needs is poorly developed or managed
technology and the ability to execute malicious code

24. Adoption of
smart grid
devices
water/power
Tech inside
more than
phones, tablets,
laptops
IP enabled
home
appliances
Centralized
home
information
flow (bundled
services via
internet)
Proliferation of
devices & app
markets
“Virtual assets”
- content with
emotional
attachment in
digital world
Pervasive
wearables
updating social
computing
Open source
Intelligence
refining targets
Expanding attack surface - greater technology integration with society well being
Cyber has been IS characterized as the 5th domain of warfare
Digital Evolution
In the next few years the attack landscape will dramatically change:

25. $2M in funding for the attack came from cyber crime
In November 2008,10 Pakistani members of an Islamic militant organization, carried out a series of 12 coordinated shooting and
bombing attacks lasting four days across Mumbia. The attacks, began on Wednesday, 26 November and lasted until Saturday, 29
November 2008, killing 164 people and wounding at least 308.

26. The idea is to terrorize
All a bad person needs is poorly developed or managed
technology and the ability to execute malicious code

27. A growing digital economy relies on Trust
“We saw air let out of the balloon, an
evaporation of trust”
“the reputation of the Tech industry went
backwards”
“By a margin of 2 to 1 people don’t believe
that governments or businesses are
thinking enough about the broad negative
societal impacts that technology can have”
Richard Edleman – Feb 2015

28. Breaking someone’s trust is like crumpling up a perfect
piece of paper

29. Breaking someone’s trust is like crumpling up a perfect
piece of paper
You can work to smooth it over, but
it’s never going to be the same again

30. RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Semi-Automated
9 – Box of Controls

31. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Focus is on
Minimizing
damage – only
variables are time
to detect and time
to contain
Focus is on
Minimizing
vulnerability and
potential for
harm
Semi-Automated

32. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Semi-Automated
Where most of the industry is focused

33. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Highest Risk
Highest Cost
Most Liability
Lowest Risk
Lowest Cost
Limited Liability
Control Approaches
ControlTypes
Semi-Automated
Where most of the industry is focused

34. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Semi-Automated
MOTION

35. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Semi-Automated
MOTION

36. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Semi-Automated
MOTION
HIGH CONTROL
FRICTION

37. Risk
Cost
RESPOND
DETECT
PREVENT
Automated Manual
Control Approaches
ControlTypes
Semi-Automated
LOW CONTROL
FRICTION

38. WE NEED SOLUTIONS THAT …
To Enhance Trust in Technology
LOWER RISK LOWER COST LOWER FRICTION

39. so we can make sure
tomorrow is better than
today

40. Total Cost of Controls
Obvious Direct Cash Buckets
• AV replacement
• Security Operations
• Hunting team
• Investigations
• Legal
• Help Desk Calls
• Performance complaints
• Infection related issues
• IT operations costs
• IT emergency response
• Infrastructure costs
• Rebuild/re-image costs
Less Obvious Direct Cash Buckets
• De-cluter other controls
• Other end point products (cyberark, client proxy,
DLP, ect)
• Other control products
• Extending PC lifecycle
• Headroom back due to performance
• Other IT operations costs
• EOL’d systems – delayed upgrades
• Change patching windows
• Servers can be protected – normally cannot
complete disk scan with AV
• Reduce infrastructure costs due to less
“chattiness” with cloud

41. Total Cost of Controls
Hero
• Value of IP
• Maintain market leadership
• Cost of a privacy breach
• Litigation
• FTC, class actions, ect
• ediscovery
• PR & Comms
• Credit monitoring
• Mgmt Distraction
Zero
• Spent on the “insurance” and no proof
that you “saved the world”
All about probability of bad things occurring and a wide range of outcomes/impacts financially

42. Control Friction
• Controls are a “drag coefficient” on business velocity
• Slow the user
• Slow a business process
• Too Much control Friction
• Business and users go around security and IT
• Add’s cost – IT isn’t managing IT anymore
• Data and business silo’s are created
• Loss of purchasing power
• Add’s risk
• Risk and Security team becomes blind – cant prevent, hard to detect, and everything ends up
being an after the fact response
• Business adheres to the controls – generates systemic Business Risk
• Loose time to market
• Loose ability to innovate
• Loose long term market leadership