The announcement last week about Wedge Networks’ integration and orchestration of Cylance’s artificial intelligence (AI) technology to improve real-time detection of advanced threats has big implications for enterprises and the industry. For enterprises, the first order implication is the ability to detect and therefore block advanced threats in milliseconds that would otherwise require minutes to tens of minutes or longer to detect. That difference in time equates to the difference between preventing threats from entering the network, versus the embarrassment, disruption and expense of remediating threats that have entered the network and infected one or more devices.
It has become an accepted fact that new advanced and frequently customized threats can and will pass through even the highest performing firewalls and IPSs without detection. Sandboxing provides a more effective detection layer of defense, however executable files running never before seen code can require the sandbox to fully detonate and simulate the sequence of events including the acceleration of time to detect delay oriented threats. This sandbox process may range from minutes, to tens of minutes, and potentially even hours for some threats. Ultimately the sandbox will issue a verdict and detect these threats with a high degree of accuracy. However, by the time the sandbox has issued a malware verdict, the file has been delivered to the end user who has very likely opened it and activated the malware, infecting at least one machine and possibly many more.
Detection and remediation will always be an important capability, however preventing threats from entering the network in real-time is clearly a less disruptive, lower cost, and lower risk security model. Wedge’s integration and orchestration of Cylance’s AI predictive malware prevention technology in combination with multiple other patented technologies and processing techniques is demonstrating the ability to block both conventional and new advanced threats, with unrivaled accuracy, and just milliseconds of latency. This is enabled through the same technology concepts that are driving rapid innovation in a variety of markets. A recent article on improving the safety of air travel though the use of AI is just one example. For cybersecurity, the net result is the ability to block these threats, including those that would otherwise require a lengthy sandbox evaluation, in real-time. Thus blocking the threat before it even enters the enterprise network. The benefits of real-time detection and prevention to the enterprise are obvious. The implications to the industry are far reaching and will be the subject of a future blog.