You are here

A Cylance Case Study: Machine Learning in Insider Threat Incident Response

A Cylance Case Study: Machine Learning in Insider Threat Incident Response

ML-powered products that do not use signatures to augment detection are largely enterprise-ready.

Boston, December 12, 2018 – In Q4 2016, a real-world deployment of a machine learning-based endpoint security solution identified a worm outbreak and prevented from it propagating further. This solution, CylanceProtect, performs pre-execution malware detection by inspecting the suspect file—without the need for signatures and without requiring it to execute.

This report provides empirical data on the enterprise-readiness of ML-based endpoint security solutions that work without signatures and their efficacy over legacy anti-virus solutions. The data provided in this report is a result of primary research methods observed in a monthlong incident response investigation as well as interviews conducted by Aite Group of the customer’s security engineers.

This is a 13-page Impact Note. Clients of Aite Group’s Cybersecurity service can download this report and the Executive Impact Deck.

Download table of contents

This report mentions Cylance, Darktrace, Kaspersky Lab, McAfee, Symantec, and Vectra Networks.