Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?

mlnews

Ars Technica takes an important look at what is going on around Cylance and their gaming or even outright faking of antivirus tests to create their "unbelievable" results.

And Cylance appears to be taking a page from Nutanix' book and is blocking testing of their products: Sophos obtained a copy of Cylance Protect from a reseller in order to conduct its own test, then posted the results in a YouTube video. Cylance then "contacted the reseller who provided access to the Cylance PROTECT product, citing license compliance concerns and threatening 'retribution' if the reseller involved did not demand that Sophos withdraw the video immediately," Schiappa wrote. "This left the reseller in fear of a lawsuit." Sophos pulled the video to protect the reseller.

Sophos are not the only ones getting blocked by Cylance's legal team from reporting on the product: Schiappa's allegations are similar to the experience recounted by some third-party testing organizations that have made Cylance unhappy. While AV-Comparatives and MRG-Effitas were performing a series of joint tests comparing Cylance Protect to other products, Cylance moved to revoke their license, claiming it was purchased under false pretenses.

NerdyDad

Always thought there was something fishy about Cylance. Never trusted them since their fiasco at SW'15.

scottalanmiller

@NerdyDad said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Always thought there was something fishy about Cylance. Never trusted them since their fiasco at SW'15.

That was such a disaster. That's what kept me from doing anything with them all that time. They worked really hard after that to try to explain why they screwed up so badly, but it was epically bad. Worst conference screw up I've ever seen, and from professional presenters no less. It definitely made me question their capabilities to the point that I've never looked at their product. Given that I now know that I'd be blocked from discussing it if I did test it, it saves me from ever needing to.

NerdyDad

@scottalanmiller said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@NerdyDad said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Always thought there was something fishy about Cylance. Never trusted them since their fiasco at SW'15.

That was such a disaster. That's what kept me from doing anything with them all that time. They worked really hard after that to try to explain why they screwed up so badly, but it was epically bad. Worst conference screw up I've ever seen, and from professional presenters no less. It definitely made me question their capabilities to the point that I've never looked at their product. Given that I now know that I'd be blocked from discussing it if I did test it, it saves me from ever needing to.

Totally agree. I was in that room. A professional speaker didn't research his target audience and says that it is because they were new to the vendor region in SW? Noooo... I don't think so. They didn't know what they were doing or who they were talking to, thought that they could get savvy and through in some cyber security lingo in there and we would start throwing money at them.

My boss went to their booth that same year and the guy was obnoxious. My boss only wanted to talk to the guy and get a demo or something, but the sales guy blew him off and just wanted him to listen to his spiel about how great they were and to buy their product.

No thank you. I'll stick to what I know and has already been proven.

scottalanmiller

@NerdyDad said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Totally agree. I was in that room. A professional speaker didn't research his target audience and says that it is because they were new to the vendor region in SW? Noooo... I don't think so. They didn't know what they were doing or who they were talking to, thought that they could get savvy and through in some cyber security lingo in there and we would start throwing money at them.

Their excuses made a little sense, they were told that it was a technical audience but then they found that the attendees of the conference were not technical. But doing a bait and switch on the topic makes no sense in any situation. How they thought that people who signed up for one thing would be happy with something else I have no idea. Clearly they weren't very smart, that's a very common sense mistake to have made and it took a lot of people with a lot of people there to oversee that all screwing up. They had advisors to make sure that that didn't happen. They probably violated a conference contract, in fact.

IRJ

@scottalanmiller For those of us that werent at SW '15 can you fill in the blanks?

scottalanmiller

@IRJ said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@scottalanmiller For those of us that werent at SW '15 can you fill in the blanks?

Sure... I'll try to keep it as accurate as possible as some of the pieces are claims after the fact by the vendors.

• Cylance advertises a very technical security session on white hat hacking. It's the only extremely technical session advertised at SW '15.
• The session draws huge interest both before the event and during the event. Everyone is looking forward to finding out who Cylance is and getting one technical session in a sea of high level fluff. It's the only session that I attended other than Scale's storage replication talk.
• Later, Cylance states that during the conference at this time they found that the audience was not technical like they had been led to believe, so they decided to chance the talk topic from a highly technical one about hacking where they promised to show live hacking examples to a non-technical talk aimed at grandparents and consumers talking about how to spot malware in your phone's online store.
• No one changes any official details for the session. No announcement is made, the signage is not changed. The people standing at the doors signing people in don't mention anything. Every person who attends the session is there because they were told it was a technical hacking session.
• The session starts, no mention of them changing anything. Suddenly the talk is non-technical, embarrassing and insulting to the audience. Cylance looked like utter morons as if they don't even know exactly what malware is. Clearly they were not marketing to IT pros, but consumers.
• People storm out of the biggest session at SW en masse, furious that they were lied to and that the vendor was totally condescending.
• Later, Cylance back peddles and throws SW under the bus claiming that they misled them as to the audience. Which we can't verify, but doesn't matter because that doesn't explain the idiocy of the bait and switch. No matter what the audience was perceived to be, they were promised a show of Cylance's technical prowess and got a middle school presentation on the dangers of downloading random apps from the app store on your phone.

Now what really happened? We don't know. There is a bit of excuses and he said, she said stuff. What we know is that Cylance came across as pathetic and incapable; while also being insulting and offensive to the audience. SW came out looking terrible with their promised most technical session turning into their least technical one. It significantly skewed the value of the conference as it had been the keystone to justifying the technical education level of the event.

End of day, Cylance came out looking very, very bad.

Year later, they did far better at the event. But having a good booth and good interactions is only a tiny beginning step towards correcting a massive blunder.

scottalanmiller

So, while Cylance hasn't had a blunder like that in the 18 months since that event, today's news suggests that it might be just part of a larger trend. Today seems to support the problems that they had, rather than supporting the idea that they had been wrongly informed.

RojoLoco

Someone should go post this article on SW and tag all their GGs. Because if we don't do it, no one will.

IRJ

@RojoLoco said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Someone should go post this article on SW and tag all their GGs. Because if we don't do it, no one will.

I have sales email from Cylance in my junk mail. I thought about replying with just the link to the article, but then the sales guy will know my contact info has a pulse.

scottalanmiller

@IRJ said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@RojoLoco said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Someone should go post this article on SW and tag all their GGs. Because if we don't do it, no one will.

I have sales email from Cylance in my junk mail. I thought about replying with just the link to the article, but then the sales guy will know my contact info has a pulse.

A newbie security mistake that would be.

scottalanmiller

@RojoLoco said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Someone should go post this article on SW and tag all their GGs. Because if we don't do it, no one will.

They should know, a few are on my Facebook and would have seen it.

scottalanmiller

Unlike some other vendors, though, Cylance doesn't expose anyone with authority to the communities. So the people that we know are pretty much powerless to enact change. So it is unlikely that the message will go far. The online IT communities have not been seen as important, so that there is concern around the viability of the product and vendor here will not likely warrant authorization to respond.

RojoLoco

@scottalanmiller said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@RojoLoco said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Someone should go post this article on SW and tag all their GGs. Because if we don't do it, no one will.

They should know, a few are on my Facebook and would have seen it.

I still think there are many on SW who deserve to know the whole story as they try to select AV and security products.

scottalanmiller

@RojoLoco said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@scottalanmiller said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@RojoLoco said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

Someone should go post this article on SW and tag all their GGs. Because if we don't do it, no one will.

They should know, a few are on my Facebook and would have seen it.

I still think there are many on SW who deserve to know the whole story as they try to select AV and security products.

Oh it was all totally public and posted there originally. No one hid anything there.

Richard_Automox

Hi friends.

I'm here to answer questions, talk the talk, and really go through all of this 'funness'.

We do not mislead customers or prospective customers. Plain and simple.

When we create malware samples to test with, we employ the same methods and tools that hackers do, including creating mutations and packing the samples, to better emulate what attackers do for more meaningful testing. I'd be happy to walk through any of this with anyone, but for the tests I've been running, I am using 'how-tos' found on some less than favorable websites along with software that is free and widely distributed.

We are not running or using any tool that isn’t already in an attacker’s arsenal. Any time you pack a real file, there is a chance that the original piece of software will break. This happens every now and then; you're messing with the file after all. It's like when we shaved Nic's head at Spiceworld - we messed with his image and then NOBODY took him seriously.

Is this whole process perfect? No. But the steps we take are the same steps we are seeing in the real world.

Addressing Spiceworld 15 - That was pre-Bowtie and Beards (Matt and I). The session was a cluster, there were issues of promises made and session ideas, but those ideas fell through from my understanding. That is why Matt and I went big last year at Spiceworld, coming out and not pushing the product and inviting members to test for themselves. This is the same dialogue we are continuing to have there, here, and elsewhere. That's the past, let's move on.

travisdh1

@Richard_Cylance That's great, and I think we're all happy to have someone here.

Let's talk first steps then if you really want to fix the image problem Cylance is currently facing. Has the user agreement been updated to allow third party testing yet?

scottalanmiller

@Richard_Cylance said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

We do not mislead customers or prospective customers. Plain and simple.

But the real question is... did Cylance block the release of test results? Does Ars Technica have a false story?

Reid Cooper

@travisdh1 said in Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?:

@Richard_Cylance That's great, and I think we're all happy to have someone here.

Let's talk first steps then if you really want to fix the image problem Cylance is currently facing. Has the user agreement been updated to allow third party testing yet?

I think that that sums up the concerns that I have seen. This should be fixed before anything else is done.

Richard_Automox

@NerdyDad I wouldn't either.