Just a week after the launch of the company's first endpoint detection and response solution, Cylance already has a target on its back, with Carbon Black saying in a blog post that the new competitor has a "lot of work ahead" if it wants to catch up to Carbon Black and other EDR leaders.
"Welcome to the exciting world of EDR!" the blog post says, in the form of an open letter to Cylance. "We’re excited to learn you have finally recognized the value (and necessity) that comes from converging detection and response with prevention … Detection and response are critical — to find threats that get past file-based malware identification. We at Carbon Black have long known this to be true."
The CylanceOPTICs EDR solution, delivered as part of the Cylance AI Platform, uses artificial intelligence for endpoint detection and response capabilities, including root cause analysis of threats, threat hunting, increased visibility, and incident response. The solution competes directly with Carbon Black's Cb Defense solution.
In the blog post, Carbon Black Security Market Strategist and Go-To-Market Director Brian Gladstein said EDR solutions need to be able to provide visibility of both malware and non-malware-based attacks and need an easy-to-use, fast user interface. The post also said leveraging the cloud is "essential," as it reduces storage capacity needs (the post pointed out that CylanceOPTICS allocates 1GB of storage on each device) and prevents hackers from deleting locally stored data. Finally, it said EDR solutions must leverage known threat watch lists and threat intelligence, as well as algorithms.
"We’ve been in this market for a while and have learned a lot about what it takes to make organizations successful when it comes to security. It seems you have a lot of work ahead of you to get CylanceOPTICS to the level it needs to be — all the way down to some core architectural decisions you’ve made. So, as you continue to develop your EDR platform, make sure you are paying attention to these four primary requirements," the blog post said.
In an email to CRN, Cylance's senior vice president of marketing, Shaun Walsh, said Cylance is looking to bring a fresh take to EDR, leveraging its experience from the prevention side of the endpoint security market. He said some of the benefits of the company's artificial intelligence model is that it requires less hardware and, by storing forensic data on the endpoint, protects the privacy of customer data.
"When you start with effective prevention, then you’re able to implement a completely different approach to EDR. To Cylance, EDR is a capability of our AI-driven security platform. CylanceOPTICS represents the evolution of EDR into a more usable and accessible form that every results-oriented security team can use," Walsh said in the email.
The blog post is just the latest criticism of Cylance from other endpoint security vendors, even though previous attacks have fallen primarily on the company's prevention software. Cylance has received a lot of heat for its offering, with companies such as Sophos going after the company's testing claims, and Symantec saying Cylance does not provide a full endpoint security offering. Cylance has fired back at the companies, urging customers to test the offering for themselves and hiring away top channel executives from some of its competitors.
"The competition in endpoint market, whether it be antivirus or malware protection, ... is getting fierce," Matt Johnson, CEO of Baltimore-based Phalanx Secure Solutions, said.