Dell’s solution with Cylance has been extended to an air gap mode for networks with no or little connectivity to the Internet.
Dell has unveiled an air gap version of its Dell Endpoint Security Suite Enterprise [ESSE] solution, aimed at companies who, for security reasons, want to either protect their endpoints from the internet entirely – the traditional definition of air gap – or which have restricted internet access.
“Over the last 18 months we have been partnering with Cylance to provide an endpoint security suite, which we introduced in November 2015,” said Brett Hansen, VP Endpoint Data Security and Management, Dell. “Earlier this year we expanded it to include a host-based firewall and web protection. It has been a very successful product for us. However, some of our customers with higher-end networks have asked us for a solution to address their air gap networks. These are where the networks are completely cut off from the Internet, or have limited access, for security reasons. But they also are at risk, and there have been situations where malware got into those environments.”
The problem here, is that because most modern security technologies are cloud-based, they don’t fit with on-prem solutions that don’t have an Internet connection.
“Today, air gap networks don’t let you access security that could improve the solution,” Hansen said. “It’s one reason pure cloud-based is not our approach. It’s more important than ever to have that local capability. ESSE doesn’t require cloud connectivity to work with an air gap environment. That’s because the Cylance technology is based on AI and mathematical modelling, so doesn’t require frequent updates like AVM [anti-virus management] solutions. You don’t have to make frequent pushes, just a new algorithm in every three to four-month time frame.”
Hansen stressed that Cylance is exceptionally well equipped to provide this capability.
“Many vendors today like to claim they have machine learning AI,” he said. ‘It’s the new cloud. What Cylance has done with machine learning really hasn’t been replicated in the industry, however. They put a lot of work in to create an algorithm with the intelligence of this one. It took them years of research before they came up with their first algorithm two years ago. In contrast, much of what is called machine learning today simply takes an AVM module and makes it more intelligent. They use machine learning to tune their signatures in a more productive manner. There’s a big distinction between that, and what Cylance is doing.”
Hansen noted another advantage of the Cylance technology is that their machine learning can be employed on devices.
“A lot of machine learning is up in the cloud,” he said. “Cylance has created an efficient algorithm that allows us to employ it at the device level, so intelligence is at the device level rather than up in the cloud. That’s perfect for air gap networks.”
The market for ESSE has traditionally been large organizations with top security concerns, but Hansen said that the market is expanding.
“It is government organizations like Defense and all the three letter agencies,” Hansen said. “But it’s also across critical infrastructure organizations – notably energy, and not just nuclear. Most energy and utility companies have air gap networks. So do financial organizations and chemical manufacturers. They are more prolific than most people recognize, and they are becoming more enticing. There is an added expense associated with them, but there’s also a much larger expense if a critical part of your environment is compromised. Given the pervasive nature of attacks today, this can dramatically reduce exposure. I think this will encourage other companies to look at this as a solution for parts of their business.”
That means that ESSE’s channel business, which is fairly small compared to Dell direct, is likely to grow.
“The channel is about 20 per cent of my revenues, but this product over time will be more channel focused,” Hansen said. “The initial customers are the sort of large customers who Dell typically sells direct. But there is a growing need for this solution in the marketplace. For partners who have the relevant experience, and who have customers who have critical infrastructure, there is a good opportunity here.”