cylance award write up

2016 Global Endpoint Security PlatformsGrowth Excellence through

Application Convergence Award

2016

BEST PRACTICES RESEARCH

© Frost & Sullivan 2016 2 “We Accelerate Growth”

Contents

Background and Company Performance ........................................................................ 3

Industry Challenges .............................................................................................. 3

Application Convergence Impact and Customer Impact ............................................. 4

Conclusion........................................................................................................... 9

Significance of Growth Excellence through Application Convergence ............................... 10

Understanding Growth Excellence through Application Convergence ............................... 10

Key Benchmarking Criteria .................................................................................. 11

Best Practice Award Analysis for Cylance ..................................................................... 11

Decision Support Scorecard ................................................................................. 11

Application Convergence Impact .......................................................................... 12

Customer Impact ............................................................................................... 12

Decision Support Matrix ...................................................................................... 13

The Intersection between 360-Degree Research and Best Practices Awards ..................... 14

Research Methodology ........................................................................................ 14

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ................................................................................................................. 15

About Frost & Sullivan .............................................................................................. 16



Background and Company Performance

Industry Challenges

Over the next few years, device proliferation will result in billions of connected devices,

systems, people, and organizations across the globe. The data and information generated

from this growth add immense value; however, their exchange within the ecosystem also

means exposure to ubiquitous cyber-risks. The scale and cost of cybersecurity breaches is

constantly on the rise and unsurprisingly, organizations are finding it increasingly difficult

to prevent and deal with cyber-attacks. According to the World Economic Forum's 2016

Global Risks Report, the cost of cybercrimes in 2016 will be worth an estimated $445

billion.

Large organizations across verticals that include banking, retail, healthcare, government,

and telecoms have been exposed to a multitude of threats and many of these entities

have been compromised. Unfortunately, hackers are rarely identified and can range from

young, independent amateurs to nation/state-sponsored hacking groups with considerable

experience and seemingly limitless funding. A number of recent attacks have resulted in

compromising extremely sensitive consumer data across industries such as airlines, large

retail chains, insurance firms across countries clearly indicating that this is a global

phenomenon and that no system is truly safe.

Even a small gap or vulnerability can let hackers into a system, and most times,

companies are unaware of a hackers’ presence for months. Employee training to increase

awareness is effective only to an extent, and in many cases, employees continue to be

responsible for security breaches. For example, a sophisticated phishing email that

appears to come from a co-worker or manager known to the employee can persuade that

employee to click on a link that takes him or her to a website where malicious software is

set to download automatically.

The rate at which cyber threats mutate and increase is also a cause for concern. For

instance, zero-day vulnerability, as the name suggests, allows no time for security

departments to prepare for previously-unknown computer software vulnerabilities that can

be exploited by hackers. Multiple endpoints, such as smartphones, tablets, laptops, and

traditional desktops, increase overall vulnerability of an enterprise. Worse, zero-day

vulnerabilities are often custom built for individual organizations, which makes it

impossible for traditional endpoint security products to recognize a zero-day as malicious.

As cyberspace becomes an integral part of economies, communities, and businesses, the

need to create more secure environments increases exponentially. One area that the

cybersecurity industry is focusing on is the prevention of malware before it even enters

the system by making endpoint security more proactive and preventive. Frost & Sullivan’s

research in this industry has shown that a company called Cylance has used artificial



intelligence (AI) and machine learning (ML) to identify a threat before it even runs, to stop

it immediately. The company achieves this without the need for human intervention

making it a truly innovative and unique approach in a market awash with ineffective,

reactive solutions.

Application Convergence Impact and Customer Impact

Completeness of Vision

Once malware enters an IT system, it has the potential to cause damage even if it has

been identified. Additional post-execution analysis and clean-up required may result in

down-time, interrupting work and productivity. Given just how vulnerable today's

electronic devices are, ensuring effective endpoint security is critical.

As new threats emerge at an alarming rate, Cylance’s vision of proactive and preventive

cybersecurity resonates with C-level executives who need to deal with the business impact

of security risks. Cylance uses an innovative approach to approach to end point prevention

that does not rely on heuristics, signatures, and behavioral analysis. The company’s

technology uses a machine learning platform that can be easily integrated with other

third-party services and tools, making it the ideal solution to deal with both existing and

future threats.

Most competing systems analyze threats and then develop methods to deal with them.

Cylance’s approach enables all threats and risks to be completely blocked before they can

begin to execute. The system uses a highly sophisticated series of mathematical

algorithms for pre-execution malware blocking. Cylance’s artificial intelligence (AI) engine

analyzes the “DNA of threats,” which is powered by machine and algorithmic science, data

sourced from millions of endpoints and dozens of databases, skilled malware researchers,

and a massive computing laboratory. The entire process of understanding, analysis, and

identification of normal and abnormal, or what is “good” and “bad”, is carried out using AI

and machine learning (ML) to look deeper and faster than humanly possible, thus avoiding

the faults, errors and omissions caused by non-machine based security systems. Plus, this

solution does not require an Internet connection, scheduled scans or signature updates,

which have plagued end-user environments for over a decade. In an industry that is

currently struggling with the availability of skilled talent, the company has no problem

retaining a staff of highly-qualified data scientists and anti-malware experts that design

and update its algorithms.

During its analysis, Frost & Sullivan was impressed with Cylance’s unique approach

because it is forward-looking and capable of dealing with unknown threats with

unmatched accuracy and effectiveness. The company’s confidence in its capabilities and

products is quite evident; the company states that it consistently and successfully stops

over 99% of malware (competing cybersecurity firms come in at a distant second with

60% to 70% success rates). Also worth noting is that competitors’ performance drops to



almost 10% when dealing with mutated versions of threats while Cylance continues to

achieve a 99% success rate.

Growth Potential

Perimeter-based security technologies and antivirus solutions commonly use threat

protection methods that are overly-dependent on legacy technologies. However, as

continuous breaches suggest, these are not very effective, especially when more

sophisticated and/or targeted attacks occur. Poorly implemented security infrastructure,

untrained employees, and/or new threats have created an ecosystem that is almost set-up

for failure. Given the nature of IT infrastructure, cloud is a critical part of today’s systems,

plus employees are constantly accessing data and information. Thus, creating better

prevention capabilities for endpoints has become quite critical.

Endpoints are clearly the most vulnerable part across the entire IT system; hence, most

cyberattacks are initiated here. Cylance algorithms analyze all the objects, applications

and files coming from various endpoints to identify the good and bad files. Once Cylance’s

solution is deployed, both historical and real-time data are fed into the algorithm, which

self-learns and analyses potential threats and responses for endpoints to enable automatic

mitigation. At a juncture, where present-day solutions need to be patched and managed

for emerging threats, Cylance next-generation approach provides superior accuracy,

security, reliability and fidelity. Given its use of a math algorithm, it requires infrequent

updates averaging every six months, as opposed to most AV vendors that require daily

signature updates.

Another differentiator is that Cylance’s solutions can deal with mutations in the malware.

Traditional antivirus products cannot recognize and deflect malware that has mutated

from an earlier form, even if it is recorded in the antivirus database of signatures. Other

competitors offer a host of services; however, they tend to be based on blacklisting or

signature approaches, which must have seen, studied, and "fingerprinted" malware before

it can be recognized and stopped. The increasing numbers of zero-day and mutated

viruses requires traditional endpoint security tools to be updated on an almost daily basis,

and these updates are still unable to recognize many newly mutated threats.

CylancePROTECT, a non-signature based solution, is math-driven and enables pre-emptive

security protection without the need for constant updates. The solution’s ability to prevent

attacks before they actually start to execute is unique. This is particularly useful in critical

infrastructure applications, where availability is more important than confidentiality.



Impact of Applications over Legacy Approaches

Legacy security approaches are completely reliant on signatures and blacklists. While their

ease of installation and use helped to spur a large number of organizations to implement

cybersecurity measures in the past two decades, with today's highly targeted malware

increasing in volume and sophistication, traditional antivirus is no longer considered

effective given the increasing complexity of attacks and greater number of threats.

Consider this, most organizations’ existing antivirus and perimeter security measures are

able to stop or prevent only 50% of the threats that they encounter; often, many of these

threats have already entered the system. When also considering the time needed to lock-

down the system and address the issue as well as the loss of employee productivity due to

the shutdown, the thought of using traditional cybersecurity has become widely

unattractive.

Many competitors are now trying to offer slight improvements over legacy approaches and

additional service extensions, but their improvements in identifying and stopping new

threats have been marginal at best. At the same time, most of these competitors have not

been able to pull the signatures out of their products. Plus, human intervention and

monitoring is a critical part of these competing systems where preventive action is only

taken once malware is already in the process of running. They also rely heavily on an

organization’s IT department to implement and monitor the process, which adds cost and

hassle for the enterprise.

Cylance’s malware identification capability is primarily supported by an ML research

platform, called Infinity, which uses cloud computing, Big Data analytics, and AI as a ML

“brain” for refinement of the algorithm while leaving only a lightweight agent that does

not need to be updated on each endpoint. The platform enables almost real-time decisions

on whether an object is good or bad. Cylance’s AI-enabled solution uses a proactive and

preventive approach to inspect each file before it runs, thus stopping the threat before it

can even start. It allows users to continue with their functions, as it halts the threat from

executing or progressing. The solution stays ahead of the curve and quarantines all

malware before it causes any harm. Cylance also offers a variety of professional services,

including a compromise assessment, which is often done for new customers that have

traditionally relied on a legacy AV product. Due to the technology, some of the services

can be accomplished remotely, without needing to scan machines or download an entire

disk image data for analysis. With Cylance’s AI-enabled solution, key identifiers help

threat professionals conduct analysis. Cylance’s advanced threat protection goes beyond

detection; it prevents attacks using CylancePROTECT®. In comparison to traditional

security solutions, Frost & Sullivan sees Cylance’s solution to be superior.



Business Value to Customers

Cybersecurity has emerged as one of the top challenges for CEOs today. Organizations

typically rely on more than one vendor to cater to different security layers and

requirements. Despite this, they still won’t receive a complete guarantee of security and

remain vulnerable. Once malware enters the system, the impact on business can be

enormous. Companies can take months to find it and recover from the set back; a lack of

visibility further confounds users.

The Cylance solution, however, offers greater efficiency for IT resources. With its Alert

Management Service (AMS), the security teams in an organization gain access to a threat

researcher and expert, an Activity Management Engineer (AME), who can guide the

actions to take on the CylancePROTECT alerts. AMEs augments the existing IT team with

knowledge on the potency of the threat. The solution is backed by strong support in terms

of monitoring, processing, analysis, reporting, and protection increasing the value for

customers. Most competing solutions only offer platforms that need to be monitored by

the customer’s IT personnel. Cylance also offers a ThreatZero service which will bring

immediate value by working with the IT department to eliminate all the threats found by

the CylancePROTECT agent.

Further to Cylance’s efficiency, the solution uses less than 1% of users’ CPU (central

processing unit) capacity, limiting its impact on customers’ memory and processor. In

addition, the solution works without the need for Internet connectivity. This makes the

solution easy to deploy and prevention benefits can be realized without any network or

device interruptions. The solution works across an organization’s infrastructure, enabling

flexibility as deployment is simple and seamless across Windows and Mac OS. It can also

be easily integrated into an existing security ecosystem through open APIs and

transferrable log files. All of this enhances the business value for customers as they are

assured of efficient security without incurring excessive costs.

Customer’s Perception of Value

Customers across industry verticals are reeling under the speed with which cybersecurity

threats have increased. Internet Protocols (IPs) are being compromised and not keeping

up with compliance requirements. Cybersecurity is not a core function for most companies

and the constant struggle and lack of efficiency of existing systems increase problems for

customers.

Cylance offers one solution for a number of security threats, which include memory-based

attacks, malicious documents, zero-day malware, privilege escalations, scripts, and

potentially unwanted programs, thus enabling customers to reduce their number of

security systems. In trial runs where previously unknown threats and mutated versions

are used to determine efficacy, the company consistently outperforms its competitors.

Therefore, customers are increasingly relying on CylancePROTECT. The list of Cylance’s



clients (across more than 22 industries, with specific expertise in the segments of critical

infrastructure, energy, healthcare, retail, finance and education) clearly indicates the

value-appeal that customers see in the future-proof solution compared to the reactive

security solutions.

As one customer, a university IT manager mentioned, the previous traditional antivirus

software completely missed more than 200 threats, which resulted in a Cryptolocker file

being executed on their system. The significant number of endpoints in an education

system with most students and faculty carrying their own devices makes it extremely

vulnerable. The university has now deployed Cylance, which managed to rectify the earlier

problem in addition to providing better security.

Customer Ownership Experience

Cybersecurity needs to be dynamic with new threats emerge with frightening frequency.

As new companies and solutions are launched to keep pace with the increase in threats,

customers find it extremely difficult to decide which solution is the best for them. Often,

they enter into contracts where companies are not able to deliver what they promise. To

deal with this challenge, many customers work with established cybersecurity layer on

additive solutions and dedicate a large IT team to deal with constant outbreaks.

This is where Cylance offers a fundamentally different value proposition, by positioning its

product directly against larger AV vendors that insist on adding more layers and products.

In this scenario, Cylance has managed to exceed expectations and many customers have

chosen to replace all of their endpoint security layers with Cylance. Customer confidence

is climbing rapidly, which was also evident from the example of a major OEM we spoke to

that has equipped all of its systems with the Cylance solution indicating its complete belief

in the efficacy of the solution.

One of Cylance’s healthcare customers has 400 locations with 10,000 endpoints and it

covers 1.3 million patients. This entity had previously refocused its endpoint security

efforts on the time-consuming and reactive method of detection and response as its

prevention had continuously failed. Patient data is extremely sensitive and healthcare

companies have a high risk of being targeted. The customer replaced multiple layers of

endpoint security after discovering that these systems completely missed malware that

was custom designed to attack the organization. Cylance also discovered hundreds of

Potentially Unwanted Programs (PUPs) that could have allowed hackers into the system.

The customer expressed considerable satisfaction with the better security that it now

receives without any disruption to its work flow.



Conclusion

Cylance’s innovative solution for cybersecurity has exceeded customers’ expectations. The

company has consistently outperformed other solutions (based on client data) in terms of

performance and in dealing effectively with unknown threats across endpoints. It has built

a strong base for the use of artificial intelligence (AI) in meeting the growing challenges

posed by hackers and cyber-attacks. Its independence from human intervention, Internet

connectivity, and regular updates to stop malicious malware, ensure its effectiveness and

has made the company a preferred solution provider for many customers. Because of this,

Cylance grown quickly and has developed various solutions for different industries.

Thereby, in recognition of its strong overall performance, Cylance is recognized with Frost

& Sullivan’s 2016 Award for Growth Excellence through Application Convergence.



Significance of Growth Excellence through Application Convergence

Application convergence drives a spectrum of opportunities for value-enhancement as new

applications and ecosystems get created. Further, application convergence leads to

extension of customer value and unique points of differentiation. At its core, application

convergence or any other type of convergence can only be sustained with leadership in

three key areas: customer demand, business value, and competitive positioning.

Understanding Growth Excellence through Application Convergence

Application convergence leads to opportunities for new value creation in here to

undiscovered ways, resulting in new applications which outperform existing approaches

and drives superior performance by utilizing multiple system inputs.



Key Benchmarking Criteria

For the Application Convergence Award, Frost & Sullivan analysts independently evaluated

two key factors— Application Convergence Impact and Customer Impact—according to the

criteria identified below.

Application Convergence Impact

Criterion 1: Completeness of vision

Criterion 2: Growth potential

Criterion 3: Ability to drive application ecosystem interest

Criterion 4: Disruptive capability of the application

Criterion 5: Impact of applications over legacy approaches

Customer Impact

Criterion 1: Business value to customers

Criterion 2: Customer's perception of value

Criterion 3: Customer ownership experience

Criterion 4: Customer service experience

Criterion 5: Brand Equity

Best Practice Award Analysis for Cylance

Decision Support Scorecard

To support its evaluation of best practices across multiple business performance

categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool

allows our research and consulting teams to objectively analyze performance, according to

the key benchmarking criteria listed in the previous section, and to assign ratings on that

basis. The tool follows a 10-point scale that allows for nuances in performance evaluation;

ratings guidelines are illustrated below.

RATINGS GUIDELINES

The Decision Support Scorecard is organized by application convergence attributes and

customer impact (i.e., the overarching categories for all 10 benchmarking criteria; the

definitions for each criteria are provided beneath the scorecard). The research team

confirms the veracity of this weighted scorecard through sensitivity analysis, which

confirms that small changes to the ratings for a specific criterion do not lead to a

significant change in the overall relative rankings of the companies.



The results of this analysis are shown below. To remain unbiased and to protect the

interests of all organizations reviewed, we have chosen to refer to the other key players

as Competitor 2 and Competitor 3.

Measurement of 1–10 (1 = poor; 10 = excellent)

Growth Excellence through Application

Convergence

Application

Convergence

Impact

Customer

Impact Average Rating

Cylance 9.0 9.0 9.0

Competitor 2 8.5 7.5 8.0

Competitor 3 7.1 6.9 7.0


Criterion 1: Completeness of Vision

Requirement: Ability to showcase a long-term vision and pioneer industry transformation.

Criterion 2: Growth Potential

Requirement: Ability to leverage the benefits of converging technologies and drive growth.

Criterion 3: Ability to Drive Application Ecosystem Interest

Success of application convergence depends on the ecosystem maturity, its partners and

strategy to build-out industry-specific solution

Criterion 4: Disruptive capability of the application

Requirement: The new application’s capability to replace existing market incumbents and

provide a path to long-term sustenance.

Criterion 5: Impact of applications over legacy approaches

Requirement: Capability of applications to deliver a set of superior solutions is key to win

support from customers.

Customer Impact

Criterion 1: Business Value to Customers

Requirement: Capability to deliver superior business value instead of simple substitution.

Criterion 2: Customer's Perception of Value

Requirement: Customer view-points on blurring of application and its potential to create

new revenue streams.

Criterion 3: Customer Ownership Experience

Requirement: Customers are proud to own the company’s product or service, and have a

positive experience throughout the life of the product or service

Criterion 4: Customer Service Experience

Requirement: Customer service is accessible, fast, stress-free, and of high quality



Criterion 5: Brand Equity

Requirement: New application enhances the company’s brand, creating and/or nurturing

brand loyalty

Decision Support Matrix

Once all companies have been evaluated according to the Decision Support Scorecard,

analysts can then position the candidates on the matrix shown below, enabling them to

visualize which companies are truly breakthrough and which ones are not yet operating at

best-in-class levels.

High

Low

Low High

Cu

sto

mer I

mp

act


Cylance

Competitor 2

Competitor 3



The Intersection between 360-Degree Research and Best

Practices Awards

Research Methodology

Frost & Sullivan’s 360-degree research

methodology represents the analytical

rigor of our research process. It offers a

360-degree-view of industry challenges,

trends, and issues by integrating all 7 of

Frost & Sullivan's research methodologies.

Too often, companies make important

growth decisions based on a narrow

understanding of their environment,

leading to errors of both omission and

commission. Successful growth strategies

are founded on a thorough understanding

of market, technical, economic, financial,

customer, best practices, and demographic

analyses. The integration of these research

disciplines into the 360-degree research methodology provides an evaluation platform for

benchmarking industry players and for identifying those performing at best-in-class levels.

360-DEGREE RESEARCH: SEEING ORDER IN

THE CHAOS



Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices

Frost & Sullivan Awards follow a 10-step process to evaluate award candidates and assess

their fit with select best practice criteria. The reputation and integrity of the Awards are

based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

1 Monitor, target, and screen

Identify award recipient candidates from around the globe

Conduct in-depth industry research

Identify emerging sectors Scan multiple geographies

Pipeline of candidates who potentially meet all best-practice criteria

2 Perform 360-degree research

Perform comprehensive, 360-degree research on all candidates in the pipeline

Interview thought leaders and industry practitioners

Assess candidates’ fit with best-practice criteria

Rank all candidates

Matrix positioning all candidates’ performance relative to one another

3

Invite thought leadership in best practices

Perform in-depth examination of all candidates

Confirm best-practice criteria Examine eligibility of all

candidates Identify any information gaps

Detailed profiles of all ranked candidates

4

Initiate research director review

Conduct an unbiased evaluation of all candidate profiles

Brainstorm ranking options Invite multiple perspectives

on candidates’ performance Update candidate profiles

Final prioritization of all eligible candidates and companion best-practice positioning paper

5

Assemble panel of industry experts

Present findings to an expert panel of industry thought leaders

Share findings Strengthen cases for

candidate eligibility Prioritize candidates

Refined list of prioritized award candidates

6

Conduct global industry review

Build consensus on award candidates’ eligibility

Hold global team meeting to review all candidates

Pressure-test fit with criteria Confirm inclusion of all

eligible candidates

Final list of eligible award candidates, representing success stories worldwide

7 Perform quality check

Develop official award consideration materials

Perform final performance benchmarking activities

Write nominations Perform quality review

High-quality, accurate, and creative presentation of nominees’ successes

8

Reconnect with panel of industry experts

Finalize the selection of the best-practice award recipient

Review analysis with panel Build consensus Select winner

Decision on which company performs best against all best-practice criteria

9 Communicate recognition

Inform award recipient of award recognition

Present award to the CEO Inspire the organization for

continued success Celebrate the recipient’s

performance

Announcement of award and plan for how recipient can use the award to enhance the brand

10 Take strategic action

Upon licensing, company may share award news with stakeholders and customers

Coordinate media outreach Design a marketing plan Assess award’s role in future

strategic planning

Widespread awareness of recipient’s award status among investors, media personnel, and employees



About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth

and achieve best in class positions in growth, innovation and leadership. The company's

Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined

research and best practice models to drive the generation, evaluation and implementation

of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in

partnering with Global 1000 companies, emerging businesses and the investment

community from 31 offices on six continents. To join our Growth Partnership, please visit

http://www.frost.com.

http://www.frost.com/

cylance award write up

Data & Analytics