John McClurg joins Cylance with a diverse history of academic, government, and business experience. Most recently at Dell, McClurg led strategy and tactical operations for internal global security services and improved the effectiveness and efficiency of security initiatives. Prior to Dell, McClurg was CSO for Honeywell International, where he led internal physical and cyber global security services. McClurg has also served in the U.S. government where, as a special agent in the FBI, he supported the missions of numerous government agencies, including those of the CIA, DOD, and DOE, battling terrorism, cybercrime, and espionage. His first blog post for Cylance can be read here.
SecuritySolutionsWatch.com: Thank you for joining us today, John and congratulations on your new position at Cylance. Before discussing today’s cybersecurity threat environment and Cylance solutions in greater detail, please tell us about your background.
John McClurg: As you look across the spectrum of my professional life, what characterizes the experiences is the fact that I’ve been living in the world of the reactive:
As a young FBI agent, I was assigned to one of the first Joint Terrorism Task Force teams that the United States federal government pulled together to battle the emerging threat of terrorism. I worked with teams that responded to attacks including the Oklahoma City bombing in 1995, the Unabomber, who was apprehended in 1996, and the Pam Am Flight 103 Lockerbie bombing in 1998. During that same time, I also successfully pursued hackers and phreakers, the latter being a subset that focuses on telecommunications systems, especially to obtain free calls.
I then entered the realm of espionage. I was a member of the team that identified and pursued Harold James Nicholson, the former CIA officer and a twice-convicted spy for Russia's Foreign Intelligence Service, SVR.
In all my years of learning and real-world experience, what fascinates me is that since our nation’s founding, protection from threats has been a priority. Yet during that entire time, the models have been reactive.
President George Washington, when asked in the depths of the American Revolution what most concerned him, answered “spies.” For hundreds of years we’ve been amassing information to protect, yet we’re still playing the reactive card. The same paradigm has continued through my career in the cyberworld. As we built defense infrastructure and techniques, it was always to improve reaction after the vulnerability or threat was identified and usually already exploited. That’s the signature-based approach. That’s the world we understood. Not to overstate something, but this is an archaic paradigm. It’s an old model that consigned us to a world not unlike that reflected in the classic movie Groundhog Day, a never-ending cycle in which we seemed doomed to live over and over again—forced to accept the mantra “it’s not if, but when we’ll be compromised.” That’s my background and what in part propelled me to Cylance: a new paradigm for protection through prevention.
SecuritySolutionsWatch.com: One will read on Cylance.com that CylancePROTECT® is, “the only enterprise endpoint solution that blocks threats in real time BEFORE they ever cause harm. “Please give us an overview of CylancePROTECT…how does it work?
John McClurg: Let me start by stating that my interaction with Cylance and CylancePROTECT enabled me to step away from Groundhog Day and write a new script.
CylancePROTECT is a truly advanced threat prevention solution. It sits on each endpoint within the organization, whether it’s a desktop, laptop, mobile device, server, or virtual machine. By applying artificial intelligence, machine learning, and mathematic techniques, it instantly identifies and prevents malware and cyberattacks from executing. Basically, it protects from every threat known and yet-to-be-known, including system- and memory-based attacks, malicious documents, zero-day malware, privilege escalations, scripts, and potentially unwanted programs.
The solution boosts the efficiency of your IT resources and reduces user impact throughout your organization. The endpoint security product uses little memory, less than 1% of CPU. It requires no Internet connection or signature updates and is engineered to run with minimal updates and fewer system resources. In addition, it works with Windows and Mac OS, easily integrates into existing security platforms, and is available in OEM and embedded versions for technology partners. It operates in every environment, whether it’s 1,000, 10,000, or 100,000 endpoints.
Basically, we feel like CylancePROTECT provides simple, silent, and sustainable security.
SecuritySolutionsWatch.com: Please also fill us in about ThreatZERO™ Services.
John McClurg: Many of us at Cylance have been running infrastructure for a long time. ThreatZERO allows us to bring the same prowess to perform an in-depth infrastructure review that identifies what may be tainted and corrupted inside the organization. It enables our team to work closely with the customer to ensure CylanclePROTECT is optimally positioned. We also examine the internal environment, ferreting out where threats may have ensconced themselves, and then expel them.
Beyond our solution, we want our customers to succeed with their security. That’s our mission, to protect everyone under the sun. We provide ThreatZERO Services so people can get the most out of their investment by seamlessly integrating our software with existing infrastructure. We empower users to feel safe.
SecuritySolutionsWatch.com: What is your perspective, John, regarding the unique value proposition Cylance delivers and Cylance’s competitive advantages…say, versus Symantec and Kaspersky, for example.
John McClurg: The ROI that Cylance brings becomes apparent, especially for the CIO and the CISO, as you sit in the quiet of your study, unchained from old duties tied to response that once took up tremendous time. You see the downstream costs associated with the failure of your legacy AV partner, who detected the threat only after it occurred.
If the adversary is stopped upstream, all of the resources associated with the downstream structures—IT infrastructure, analysis, and manpower—can be diverted to some other worthy activity. Or you can simply return the ROI to the bottom line. True threat prevention at the endpoint liberates. It delivers back to you the resources, money and time previously tied up constructing layers of defenses.
SecuritySolutionsWatch.com: We understand that your customer list includes Panasonic, Toyota, The Gap, as well as government agencies, just to name a few. That is indeed quite impressive. Any ‘wins” or success stories you’d like to discuss?
John McClurg: I want to flip that question on it’s head by sharing a success story that didn’t happen. It’s my story and reflects what Shakespeare described in Romeo and Juliet as “a wound that has not yet felt a scar.” It’s a wound still fresh and very much on my mind, sustained as a result of an advanced persistent threat.
I turned to Cylance after experiencing the painful wounds of a breach. I’d heard their claims but didn’t think they could be true. I was skeptical. After the team I lead performed its due diligence, they returned to me giddy. And these aren’t the kind of guys who get giddy. I was shocked when they said the claims were true. If I’d only had Cylance in place before the breach, all the pain and lost time would have been avoided.
So I’ve tested the product before implementing. And I’m a big believer in that. The attorney in me, in some ways, never stops. I tell people not to trust someone else’s word, test it yourself.
The Latin phrase that captures this principle is Res Ipsa Loquitur, which translates to “The thing speaks for itself.”
For three years in a row I ran a number-one rated security organization. The benefits from strong prevention are remarkable and have a ripple effect. I’ve experienced that first hand. First, you gain time back. Your weekends and late nights and holidays return. The measure of success used to be how quickly could I detect a breach after it happened. Being free of that model is liberating.
SecuritySolutionsWatch.com: Cyberattacks, whether from a foreign government, a sophisticated hacker group, or lone wolf, are in the headlines just about every day now. Unintentional insider threats are an equally serious problem where employees or other users might innocently click on phishing messages, visit nefarious websites, run risky or outdated software, or fall into any number of other traps. Please share with us your thoughts on “best practices” in today’s world of IoT, mobility and BYOD.
John McClurg: I think when you talk best practices in the traditional sense, you’re still using language that’s framed or influenced by old paradigms, meaning the language of “reactive detection.” For most, predictive capabilities stand outside traditional best practices. It’s a completely different game. It’s a new world.
We are seeing artificial intelligence, machine learning, and math applied in a way that makes traditional best practices less relevant. That is the best practice. We’re liberating people from the best practices associated with a reactive legacy and replacing them with a solution that prevents the execution of advanced persistent threats and malware at the endpoint. Our users create a level of security that surpasses traditional legacy systems by quantum leaps.
It takes us away from our weird relationship with crisis, where we’ve spent so much time and energy preparing for it that we can’t imagine doing something else. It’s almost a love/hate relationship. We’re no longer the distasteful cost of doing business. We’re now an indispensable aspect of advancing the business. That’s a refreshing place at which to arrive.
Thomas Friedman in his book The World is Flat characterized the modern world as a place where traditional boundaries of delineated interest would grow more and more porous as it grows evermore connected. With modern technology, mobility, the IoT, and big data, there’s never been a better time for Cylance to provide its offering.
SecuritySolutionsWatch.com: You’ve got a pretty amazing management team at Cylance. Care to elaborate?
John McClurg: I’ve made a lot of great business relationships over the years. I’ve led many great security teams that protected terrific business organizations.
After being rated the number-one internal security program in the IT sector three years in a row, and after having just won the U.S. government's Cogswell Award, many are asking why I would walk away at the top of my game and join a small startup. The answer: Discovering the most disruptive technology I've seen in over 20 years, capable of changing the world more significantly than anything else I've seen out there. My move to Cylance made them all ask me a similar question: why am I leaving my successful position?
There’s a gravitational force at Cylance, pulling and attracting some of the industry’s finest talent--executives like Malcolm Harkins, our Chief Information Security Officer. He was a longtime Intel executive.
These people have seen the liberating force of this technology, which helped forge what we claim as our mission: to protect everyone under the sun. At first impression this might sound like a bit of hubris on our part, but it’s a calling to service, to contribute to something larger than yourself, to protect those who can’t protect themselves. That’s why I’m here, and I believe that’s why we have some of the brightest minds in cybersecurity leaving secure positions in large companies to make a difference here.
SecuritySolutionsWatch.com: How can potential new customers arrange for a demo?
John McClurg: My shortest answer of the interview: visit www.cylance.com. You can click to schedule a demo.
SecuritySolutionsWatch.com: Thank you again, John, for joining us today. Are there any other subjects you would like to discuss?
John McClurg: As a young man, I read Thomas Kuhn’s The Structure of Scientific Revolutions. Kuhn recognized that every so often we need profound change. He understood that we need times when normal science is interrupted by a period of radical, world-shaking science that challenges us. Cylance was prepared and ready to step forward into that moment in history that Kuhn wrote about many years ago.
For us, centuries of the same practice of incident response need no longer apply. The rules of the game have evolved, including our standards and what we define as best practices. The present is that time described in Kuhn’s book, and it’s exciting to be part of the story.
It’s akin to Copernicus’s transformative discovery that the earth was not the center of the universe. His learning and knowledge challenged the Ptolemaic theory, the dominant paradigm of his day, with a completely new and different heliocentric view. In that effort, we at Cylance can relate.