CylanceOPTICS v2.3 allows each endpoint to act as its own security operations center. It deploys directly on the endpoint to conduct continuous system monitoring and analysis. Armed with threat behavior models engineered by machine learning (ML), CylanceOPTICS offers immediate protection while constantly improving an organization’s security posture over time. This approach provides a level of protection beyond standard antivirus (AV) file-detection and quarantine behavior.
CylanceOPTICS does not scan binaries; it records system behavior and monitors system resources for anomalous activity. The result is increased protection from a variety of threats ranging from malware to malicious user activity.
How Does It Work?
While most legacy AV solutions focus on discovering malicious files, CylanceOPTICS focuses on suspicious behavior. Scanning for infected files offers no protection against attackers who increasingly rely on using legitimate system resources and applications to compromise infrastructure. Monitoring the environment is a critical response to modern threat actors who are migrating towards fileless malware or living-off-the-land attacks.
CylanceOPTICS uses mathematical models to determine whether a given system activity is normal. These models are trained through exposure to a clean environment and a malware sandbox. By comparing the inter-process relationships and interactions occurring in each environment, CylanceOPTICS learns which behaviors are suspicious. It then uses this knowledge to provide real-time protection to the endpoint. Rather than searching for infected files or malware executables, CylanceOPTICS keeps its finger on the pulse of each endpoint, constantly checking for irregularities.
CylanceOPTICS 2.3 ML models are finely tuned to the tactics, techniques, and procedures (TTPs) of threat actors. This allows CylanceOPTICS to recognize new or previously unseen variations of common attack types. For example, heavily obfuscated commands that elude signature-based protection are recognized by CylanceOPTICS.
When suspicious activity is detected, CylanceOPTICS offers multiple ways to respond. Automated responses can (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Matthiew Morin. Read the original post at: https://threatvector.cylance.com/en_us/home/introducing-cylanceoptics-v2-3.html