Cerber virus/ransomware making the rounds...

scottalanmiller

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

wirestyle22

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

scottalanmiller

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

wirestyle22

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

scottalanmiller

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

wirestyle22

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

scottalanmiller

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.

wirestyle22

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.

Agreed