Preventing Advanced Malware Attacks Using AI Driven Technology From Cylance and DFLabs

Back to all articles

AI driven technology

To successfully combat the rise in sophisticated cyber threats, organizations must be able to detect the earliest indications of an issue and act quickly to contain it. Up until now security teams relied heavily on pre-written signatures to detect malicious behavior, but unfortunately our adversaries have had access to these same signatures and have worked tirelessly to circumvent them.

The Problem

Unknown and 0-Day threats are on the rise and legacy detection mechanisms are no longer proving to be an effective means of protection. These sophisticated threats are targeting organizations of all sizes and aim to cause as much damage as possible to their infrastructure and its assets.

These types of threats can cause this level of damage due to not only outdated detection capabilities, but also due to the lack of visibility and control network defenders have over the environment. This combination of deficiencies has proven to be an adversary’s recipe for a successful intrusion.

Therefore security operations teams within organizations today are faced with a number of challenges, including but not limited to:

  • How can we effectively detect unknown and 0-Day threats?

  • Are signature-based detection solutions still the most effective means of protection?

  • How can we gain greater visibility and control over our networks?

The DFLabs and CylancePROTECT Solution

The DFLabs and CylancePROTECT solution combines artificial intelligence with the power of automation to arm organizations with the tools necessary to stop advanced malware attacks in their tracks. Utilizing CylancePROTECT Malware Execution Control module and DFLabs’ R3 Rapid Response Runbooks within its IncMan SOAR platform, network defenders can quickly detect both known and unknown malware variants and take swift action through automated actions to stop the attack from spreading throughout the organization.

About CylancePROTECT

Cylance is the first company to apply artificial intelligence, machine learning, and algorithmic science to cybersecurity to improve the way companies, governments, and end-users proactively solve the world’s most difficult security problems. Using a breakthrough predictive analysis process, Cylance’s award-winning product, CylancePROTECT, quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated artificial intelligence and machine learning with a unique understanding of an attacker’s mentality, Cylance provides the technology and services to be predictive and preventive against advanced threats.

Use Case

Here is a simple use case in action of how DFLabs and Cylance solutions work seamlessly together.

An alert is received by DFLabs’ SOAR platform, IncMan SOAR, indicating the download of a potentially malicious file from the internet. IncMan receives the alert and automatically begins to gather information regarding the file that was downloaded, the machine it was downloaded to, and any security alerts received from the user account on the affected machine. Once this information is gathered, the designated R3 Rapid Response Runbook (e.g. for Malicious File Download) will issue three conditional statements to evaluate what automated tasks must be executed to complete the investigation.

The first condition statement looks for the threat score of the file which was downloaded. If the downloaded file is found to be malicious, IncMan will issue a command to CylancePROTECT to add the file to the global banned list. The second conditional statement looks for any additional threats which were observed coming from the affected host. If any additional threats were observed, IncMan will also issue another command to CylancePROTECT to quarantine the host and then create a troubleshooting ticket through the organization’s ticketing system to have the potentially infected machine evaluated.

The final conditional statement queries the organization’s SIEM for additional security events which involve the user account associated with the affected machine. If the evaluated statement is found to be true, IncMan will issue a User Choice condition. This condition will temporarily pause the R3 Rapid Response Runbook to allow an analyst to review the evidence which was gathered. Upon review of this evidence if the analyst finds that the user account may have been compromised, the R3 Rapid Response Runbook will resume to disable the user account and reset its password. A new troubleshooting ticket will be created through the ticketing system which will provide the new password to the helpdesk staff so that they can reach out to the affected user and help them to enable their account. If any of these conditions are found to be false positive, the R3 Runbook will exit without alerting the security staff.



AI driven technology can prevent security breaches before they damage an organization’s devices, network or reputation. DFLabs’ integration with CylancePROTECT provides organizations with the advanced detection tools and rapid response capabilities security teams need to stay ahead of their adversaries, moving beyond static signature analysis. Powered by CylancePROTECT Malware Execution Control and DFLabs’ R3 Rapid Response Runbooks, organizations are able to automatically detect, respond to and remediate an attack within seconds before it has the potential to become a serious security breach.

If you would like to see Cylance and DFLabs’ solution in more detail, as well as our other technology integrations, contact us to request a personalized demo of IncMan SOAR today.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo