Q&A: Cylance CEO On Layoffs, Entering New Security Markets, And Why He Believes Legacy Vendors Won't Be Able To Compete

The Next Phase Of Cylance

Cylance shot to the top of the next-generation endpoint security market with a technology that uses machine learning and artificial intelligence to detect and prevent threats. Now, the Irvine, Calif.-based company is facing steeper competition as more companies look to enter the rapidly growing endpoint security market and other competitors continue to mature. In an interview with CRN, CEO Stuart McClure talked about the company's recent round of layoffs and where it is positioning itself for its next phase of growth, including entering new markets. McClure also addressed the re-emergence of some of the company's legacy competition – including Symantec and McAfee -- and how (or if) he expected that to impact the company's sales and strategy. Take a look at what he had to say.

How do you look at the evolving competition in the endpoint security market?

I think, first of all, we focus on the adversary and the bad guys. A lot of competitors, pretty much all of the competitors, are gunning for Cylance and trying to pick us apart or trying to defame us. … We know we can't control that. We can't prevent that. We can barely dissuade them with any facts, whatsoever. So, we just focus on being the most formidable competitor to the adversary as humanly possible. In other words, the bad guys just will not be able to get past us. They will not be able to bypass us, they won't be able to succeed, and they will want to go find jobs at Taco Bell. That's first and foremost. Second, we have to continue to innovate to do the first. Yes, we are absolutely driving huge innovations throughout our data science team and our engineering teams to continue to innovate. We are not resting on our laurels on being able to take the endpoint malware and file-less malware prevention to heart. We're extending it way beyond that and applying it to other genres, bringing the same AI techniques into other areas of cybersecurity and beyond cybersecurity.

Talk about Cylance's recent layoffs. What is the next step for Cylance?

The restructuring we did a month or so ago was simple: Literally every year we go through and we say what positions [aren't needed]. When you hire and you grow so fast like we have – we're 800 people - I challenge anybody out there, any competitor or any business leader, to hire that quickly and not find, at the end of the day, that you have two people doing the same thing and one person that really should never have been hired and another that is a horrible cultural fit. You have to sort of look at the organization to make sure we are all sitting in the right spots, doing the right thing and at high performance. That's all it is. It's sort of the Jack Welch model – we want to make sure that everyone in the seats on the bus are executing at their top performance. That is all that was. In terms of what we need to do, we just need to expand and move that technology into those realms by bringing on key domain expertise hires and applying that math to that new data se. t… It's really that simple.

When you talk about entering new markets – where exactly are you looking to expand?

I have to be careful here because competitors read your articles. What I will say is that the security landscape has really three core attacks that are used. … The first way is execution-based attacks, which means I can get you to run something on your computer… and it compromises the integrity of your device by allowing what I want to run to run. The second class of attacks is identity-based attacks. These are things like stealing your username and password, or guessing your password, or phishing you for your password. … And then lastly is denial of service attacks, which just starves the asset for resources, whether it be memory, or disk, or whatever. That's it. … We have applied the AI approach to execution-based attacks. It works very well. We want to continue and extend that. … However, there is two other areas to focus AI on: there's identity and there's denial of service. Look for us to be delivering beyond execution-based attacks in the near future.

Does that mean Cylance is looking to become a platform security vendor versus an endpoint security vendor?

Here's the problem with a platform play: you only need a platform if you don’t solve the problem the right way to begin with. It's sort of like this: ADT might compete with Vivent around home security by saying they have a more complete platform. What does that mean? They might have video cameras, break glass sensors, chimney sensors, carbon monoxide detectors, infrared sensors on the outside – they have these layers. That looks like they are more holistic, but what if I could tell you that I could prevent anybody from walking up to your door that is going to burglarize your house because I know mathematically that they are going to burglarize it. … These legacy players think that I need these other layers and then I need real-time threat intelligence. … Why do you need any of this stuff? You just prevent the stupid thing from being burglarized and you're on your way. … Yes, we will be expanding [around the three attack domains]. It's a totally different way. … Our burden in this industry is just educating as much as humanly possible about these technologies that have been built that have been addressing the symptoms, not the source of the problem. That's what we're trying to do with AI.

How does that approach to security change how partners go to market to their clients?

I think, first of all – partners can take our technology and drive that technology and innovation into all their customers immediately to remove layers and create a simpler and more high-performing environment for them. But, they can also wrap services and trusted adviser consulting capabilities around the technologies as well. But, then second is that as us and probably others start to move AI and machine learning into these other key realms of cybersecurity, you will see a more complete holistic solution and more of a platform that that they can build more services and more managed services. I think the resellers and partners that you will really start to see break out and get high growth are going to be the ones that are adopting managed services capabilities in their environments and offering that side of it.

McAfee and Symantec are looking to transform – do you see them becoming more of a competitive threat?

We don’t see that at all. What we see in the marketplace is that, I'll say, 99 percent of all the customers we talk to have completely given up on traditional AV and want to replace it completely. Maybe the 1 percent that is still sort of holding on a bit by saying, 'If I go down they go down with me' or 'Nobody gets fired for buying McAfee.' But, with the 99 percent I don't even have to go in and explain anymore what we do. They've heard what we do and want to test us out and hopefully buy us. That's it. It's never a discussion of if we augment or replace AV anymore - it's just known that we're a full replacement and the only other discussions might be around what else we can remove besides AV. We can remove things like HIPS, and whitelisting, and EDR, and forensics, and all this other stuff. That way they understand that we can do far more than just the traditional AV, too.

Symantec and McAfee are both going for a platform strategy – is that an approach that would give them an edge?

That's their only approach. … They can't innovate. It's actually a physics impossibility. The physics of moving that big of a company and getting that level of domain expertise into the company is just too challenging. … [Platform security] is the only real play they have, which is not a bad play for a big company that can have a lot of solutions. But, here's the core problem and the foundational problem with it all: it's all based on this legacy approach to detecting and cleaning up attacks with the use of signatures. … It's like the police, who are bound to a signature-based approach. They can only arrest a burglar after they have burgled. … What we're able to do is we're able to determine this person is going to burglarize you tomorrow and we know because we have abstracted millions of visible and invisible features of this individual and this person and we've and done it across millions of other burglars. … That is a fundamentally different approach that they unfortunately, at least the old incumbents, are just never going to figure out because they are so mired in their cash cow, their traditional business.

McAfee and Symantec would say McAfee Endpoint 10.5 and SEP 14 are their answers to the next-generation endpoint market. How is that different than what you're talking about?

What they're doing in those cases is using ... 50 or 60 features ... to create generic signatures. That's again just more signatures. But, to them, they think that's what Cylance is doing. They have no clue what we're doing. Honestly, they could if they reverse-engineered our product, they could figure out what we're doing. Anyone could do that, but they either haven't or they don’t see it or they don't want to. At any rate, they are doing it to create more generic signatures because that is their language. The way that is expressed is when you that feature of SEP 14 catching something that is bad, they will label it as one of four generic signatures. … They have used features and maybe a little bit of learning, but created generic signatures to do it.

What about other competitors? How do you see competition evolving in other areas Cylance plays?

Every quarter we track on 52 competitors – or more in some cases -- that we have to either address with the customer who is asking or actually beat in the actual POC. Fifty-two competitors for one product and one company – that’s interesting. That to me is a real interesting story. The names that you would see in these things: about half of them are traditional AV companies, but the other half are a mix of everything from EDR, to privilege management, to firewall companies, network companies, there's all kinds of things. I think that’s pretty telling that they have to compete basically for AV space. We have to compete with everybody trying to replace AV or augment AV. … We're coming in saying you don't need any of this stuff – even some of the network layers you don't need -- because it's just about trying to protect the endpoint at the end of the day. If you can prevent attacks at the endpoint, you don’t need to sit there and watch it and track on it or hunt and learn. If you can actually prevent it, then why do you need all these layers? That's an interesting part to it all.

How do you see the portfolio of security customer and partner evolving?

I see there will probably be some highly specialized services resellers and VARs and consultants. But, I think those that will really scale and grow quickly are the ones that will employ a complete managed capability, where they not only architect and deploy, but they support day in and day out. When you're engaged at that level, you're invited into every meeting and every discussion and every problem set because you now become the trusted adviser. I see that happening quite easily for those companies like the Fishtech's of the world and the up-and-comers that want to move past even the larger, more incumbent resellers.

How would y ou respond to all the criticism around Cylance right now?

T his industry is beyond cutthroat. People will say and do just about anything because they know they will never be held accountable. We are really trying hard to not get sucked into that world and keep focused. Our only competition is the adversary. But, the industry incumbents especially, because their very existence is being threatened, is and will continue to attack and say anything they want, even if it's entirely untrue. All we can do is reply, respond, tell the facts and the truth, and continue to focus on the adversary and the enemy. … When you have 52 competitors and you ask the 52 competitors who their main competition is, they will say it is Cylance. … We have a huge target on our back. All those 52 vendors [we compete with], they just hate us. They don’t know anything about us, but they hate us. Here's the thing – they will say anything and do just about anything to bring us down somehow. … We have to focus on the adversary and stop tearing everyone apart. … It should be everyone's competition.