AI Mathematical Models for Better Detection and Protection than Existing EPPs

According to the National Police Agency, the damage caused by ransomware attacks in 2022 jumped by 86% over the previous year. VPNs were the attack vector in 68% of cases, and in over 78% of cases, the victim of the attack was unable to detect it, even when an Endpoint Protection Platform (EPP) was deployed. Even 61% of companies that were able to detect ransomware reported that detection did not lead to a reduction in damage because the problem was due to human factors.

Yuji Yamasaki of BlackBerry Japan suggests that the cause of damage lies in “operation problems” and “technical problems.” To address the operational problems, Yamasaki outlined a document prepared by the CSIRT of BlackBerry Security Services, titled, “The 13 Deadly Sins of APT Incident Response.”

Technical challenges include issues with existing EPPs, such as “malware evolution” (obfuscation), “detectable features,” and “network assumption” (not applicable to OT). To address these, Blackberry Japan is using Cylance AI, a product that applies mathematical model AI to security. This technology makes it possible to detect and defend against ransomware better than existing EPPs.

Some essential requirements for ensuring the security of OT terminals are “the ability to detect and quarantine known and unknown viruses”; “no significant difference in detection accuracy with or without an internet connection”; “the ability to run only specific software”; “the ability to control the connection of USB devices, etc.”; and “not imposing a burden on clients.”

These requirements are met by Cylance PROTECT, an EPP that features Cylance AI. Clients can choose between Cylance ON-PREM, which safeguards Cylance PROTECT even in completely closed environments, and Cylance HYBRID, which can be used with limited internet connectivity. Other available options include Cylance OPTICS, an EDR product, and Cylance GATEWAY, a zero-trust network access product that does not require a VPN.