[OWASP-Portland] [Owasp-portland] Antivirus in the Enterprise - Is it dead yet?

Hiep Dang hdang at cylance.com
Thu Nov 19 18:20:35 UTC 2015

Tim, I hear you loud and clear and I wholeheartedly agree with you. I no longer work for McAfee so I cannot speak on their behalf anymore, but I can say this...  Ryan Permeh (founder of Cylance) and I worked together at McAfee. He was in charge of product security and conducted security audits on all their products while I ran global malware research. I joined him at Cylance because they are taking a different approach to security. I (like Ryan and Stuart McClure) was disenfranchised with the dogma of security (as you put it so well). Here are a few things that Cylance is doing differently that I hope addresses your exact concerns:

1. Attached is a document written by Ryan saying exactly the same things that you pointed out
2. Cylance is working with HackerOn and has an active Bug bounty program.  So if you find something, we want to know about it PLUS you can make some money
3. We do continuous security scanning of our product via WhiteHat Sentinel.
4. We do quarterly security audits via Optiv.
5. We do quarterly agent security audits via AttackResearch.

- Hiep 

-----Original Message-----
From: Tim [mailto:tim.morgan at owasp.org] 
Sent: Wednesday, November 18, 2015 12:18 PM
To: Hiep Dang <hdang at cylance.com>; Scott Davis <Scott.Davis at Webtrends.com>
Cc: OWASP (owasp-portland at lists.owasp.org) <owasp-portland at lists.owasp.org>
Subject: Re: [Owasp-portland] Antivirus in the Enterprise - Is it dead yet?

Hi Hiep and Scott,

Here are the slides I used for my portion.  I don't have Tony's updated slides so I'll let him respond with those.


Thanks for your perspective last night.  I know my argments cut against security dogma and while I feel strongly that we need to reexamine our use of many security products, I do want to attenuate my assertions a little bit by saying this:  

If a security vendor adopts a strong "do no harm" ethic and policies, implementing these by designing their own product to be very secure, use the latest mitigation tools (compiler options, sandboxing) along with regular security audits (code reviews, automated fuzzing, etc), then I can see a place for these kind of products.  Currently, that's
*not* how most security products are developed (besides the examples I gave, I've tested plenty of security products over the years and many are awful).  I'm also skeptical that securely written security products can survive in the market place, given the state of the industry, but it is something we should strive for!

Best regards,

On Wed, Nov 18, 2015 at 06:06:52PM +0000, Hiep Dang wrote:
> Hi, all, thanks for the fun debate last night. There were some great points made. Would it be possible to share the slides that were presented? I'm very keen on hearing all of the concerns that people have on security products as it's my job to strive to make them better.
> Hiep Dang
> Director of Product Management
> hdang at cylance.com<mailto:hdang at cylance.com>
> 407-497-4437
> 1800 SW 1st Ave, Suite 100
> Portland, OR 97201

> --
> Owasp-portland mailing list
> https://lists.owasp.org/mailman/listinfo/owasp-portland
> A sincere thanks to our chapter supporters:
>   https://owasp.org/index.php/Portland#Chapter_Supporters

-------------- next part --------------
A non-text attachment was scrubbed...
Name: antivirus-engine-defense-20151007.pdf
Type: application/pdf
Size: 108806 bytes
Desc: antivirus-engine-defense-20151007.pdf
URL: <http://lists.owasp.org/pipermail/owasp-portland/attachments/20151119/80b99247/attachment-0001.pdf>

More information about the OWASP-portland mailing list