Since completing the acquisition of Cylance in February 2019, BlackBerry Cylance is now a billion-dollar cybersecurity firm with the technology portfolio enterprises need to intelligently connect, protect and help build secure endpoints. Cylance’s machine learning and artificial intelligence technology is a strategic addition to BlackBerry’s end-to-end secure communications portfolio. Its embeddable AI technology will accelerate the development of BlackBerry’s secure communications platform for the Internet of Things (IoT).
|John McClurg, VP & Ambassador-At-Large, BlackBerry Cylance|
CyberSecurity Asean reached out to John McClurg, VP & Ambassador-At-Large at BlackBerry Cylance to get his views on how AI and ML play a role in cybersecurity today as well as why organisations are still preferring a reactive approach to cybersecurity.
According to John, proactive prevention has eluded us. He explained the security industry had profited quite nicely from the insecurity of the world and this reactive paradigm, the latest example being that which it’s garnering from EDR.
“For decades we have relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of malware and other attacks. The effectiveness of that AV technology was always predicated on having the latest signatures on hand, which the adversaries could easily defeat with just the slightest modification of their last iteration. That signature-based paradigm required much in the way of downstream resources and expense and usually at least one “sacrificial lamb” upon which to let each new instance of threat sink its teeth.”
Referring to his time with the FBI, he said on a good day the capture and deflection rates rarely rose above 50%, requiring that they labour assiduously to manage leaderships’ expectations.
“We finally got leadership to understand and accept what became almost a mantra in the industry: “It’s not if but when” --as galling professionally as that admission was to make. However, just as predicted 50 years ago by Thomas Kuhn in his book, Structure of Scientific Revolutions, we see the dawn of a new day where AI’s machine learning and advanced mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%.”
The FBI has now called John back into service to help redesign the next generation of InfraGard leveraging this emerging force. Prevention now means that much of the “Defense in Depth” structures that they've been building for decades, that was complex, resource-intensive, costly, and ultimately inefficient--if not ineffective--can now be revisited because of effective AI-supported math models, deployed high in the kill-chain, that aren’t dependent on signatures in order to predict when an incoming file is malicious.
John pointed out the inertia that yet seems to hold many organisations captive continues to puzzle him. Almost every morning, there are headlines of companies that have fallen prey to ransomware, which John believed could have been defeated before it executed by math models that are now more than three years old.
“Why if the solution has been around, haven’t organisations embraced it? Part of the answer may lie in the time, energy, and effort, not to mention the expense, that organisations put into creating their massive “Defense-in-Depth” structures. It’s almost as if they’ve given birth to these structures and have developed what seems like love or affection for them that undermines the motivation they would otherwise have to move away from the reactive technologies that make up those structures to the proactively predictive capabilities of the new.”
He added that the inertia is further bolstered if there isn’t any pressure being brought to bear to reduce the expense associated with that legacy structure. Another factor contributing to this inertia can be the success they’ve had in reducing their “mean-time-to-detection” to the point that makes a compromise almost tolerable, at least as long as it’s not ransomware. John said the old saying still comes to mind—“Of all the words of tongue and pen, the saddest are these it need not have been.”
When it comes to R&D with BlackBerry, John commented that one of their Cylance Founders, Ryan Permeh, now serving as Blackberry’s Chief Security Architect, is a part of Blackberry Labs. In time, they expect the transition of some parts of Cylance’s Research and Intelligence group as well. As Chief Security Architect, Ryan reports to Charles Eagan (Blackberry CTO), who runs the new Blackberry Labs, an advanced R&D organisation focused on driving innovation within the organisation. Naturally, John pointed out that Cylance has a fit around areas like security research, university cooperation, thought leadership, and data science, among others.
With the growing number of IoT devices and an increasingly connected future, John commented they are very actively working with peers in Blackberry Labs on a variety of IoT initiatives including security and machine learning on the QNX platform and application of our security platform in smaller form factor devices of all flavours.
“We will be demonstrating some of these innovations in the automotive sphere at this coming CES in January.”
With that said, we shall just wait for BlackBerry Cylance to continue to innovation and enhance the cybersecurity industry.