Carbon Black Comes Out Swinging Against Cylance, Slams New EDR Solution
Just a week after the launch of the company's first endpoint detection and response solution, Cylance already has a target on its back, with Carbon Black saying in a blog post that the new competitor has a "lot of work ahead" if it wants to catch up to Carbon Black and other EDR leaders.
"Welcome to the exciting world of EDR!" the blog post says, in the form of an open letter to Cylance. "We’re excited to learn you have finally recognized the value (and necessity) that comes from converging detection and response with prevention … Detection and response are critical — to find threats that get past file-based malware identification. We at Carbon Black have long known this to be true."
The CylanceOPTICs EDR solution, delivered as part of the Cylance AI Platform, uses artificial intelligence for endpoint detection and response capabilities, including root cause analysis of threats, threat hunting, increased visibility, and incident response. The solution competes directly with Carbon Black's Cb Defense solution.
[Related: Q&A: Cylance CEO On Layoffs, Entering New Security Markets, And Why He Believes Legacy Vendors Won't Be Able To Compete]
In the blog post, Carbon Black Security Market Strategist and Go-To-Market Director Brian Gladstein said EDR solutions need to be able to provide visibility of both malware and non-malware-based attacks and need an easy-to-use, fast user interface. The post also said leveraging the cloud is "essential," as it reduces storage capacity needs (the post pointed out that CylanceOPTICS allocates 1GB of storage on each device) and prevents hackers from deleting locally stored data. Finally, it said EDR solutions must leverage known threat watch lists and threat intelligence, as well as algorithms.
"We’ve been in this market for a while and have learned a lot about what it takes to make organizations successful when it comes to security. It seems you have a lot of work ahead of you to get CylanceOPTICS to the level it needs to be — all the way down to some core architectural decisions you’ve made. So, as you continue to develop your EDR platform, make sure you are paying attention to these four primary requirements," the blog post said.
In an email to CRN, Cylance's senior vice president of marketing, Shaun Walsh, said Cylance is looking to bring a fresh take to EDR, leveraging its experience from the prevention side of the endpoint security market. He said some of the benefits of the company's artificial intelligence model is that it requires less hardware and, by storing forensic data on the endpoint, protects the privacy of customer data.
"When you start with effective prevention, then you’re able to implement a completely different approach to EDR. To Cylance, EDR is a capability of our AI-driven security platform. CylanceOPTICS represents the evolution of EDR into a more usable and accessible form that every results-oriented security team can use," Walsh said in the email.
"The competition in endpoint market, whether it be antivirus or malware protection, ... is getting fierce," Matt Johnson, CEO of Baltimore-based Phalanx Secure Solutions, said.
Cylance was the fastest-growing private cybersecurity company in 2015, according to the 2016 Inc. 5000, with $11.1 million in revenue in 2015 and a three-year growth rate of 7,613 percent. The company has also landed a huge amount of venture capital funding, including $100 million in Series D funding in June, one of the largest by any security company last year.
However, Cylance has also faced increased competition as its competitors move into its stronghold in the next-generation anti-virus space, with companies like Carbon Black acquiring Confer to get into that market, and others, such as Crowdstrike, Symantec and FireEye also looking to expand there.
Johnson said the competition has added to the confusion for customers around endpoint security as new solutions enter the market and vendors flame-throwing words at each other. He said his company chose to partner with Carbon Black, offering it as part of its overall security solution, because of its features. However, he said he also knows MSSPs that are happy with Cylance's solutions. He said partners play a critical role in helping customers navigate the market and choose the right solution for their business.
"The value we bring is we test all these solutions and we work with them. We are experts on what we work on," Johnson said.