Cylance - Detailed Review

Security Tools

Cylance - Detailed Review Contents

Add a header to begin generating the table of contents

Cylance - Product Overview

Introduction to Cylance MDR

Cylance MDR, a product offered by BlackBerry, is a sophisticated managed detection and response (MDR) service that leverages AI and machine learning to enhance cybersecurity.

Primary Function

The primary function of Cylance MDR is to provide comprehensive threat detection and response capabilities. It offers 24x7x365 monitoring and protection, ensuring continuous vigilance against cyber threats. This includes hands-on onboarding, alert triage, investigation, managed threat hunting, digital forensics, incident response, and critical event management.

Target Audience

Cylance MDR is targeted at growing businesses and organizations seeking to advance their cybersecurity capabilities without the need for significant infrastructure changes or additional personnel. It is particularly beneficial for small to medium-sized businesses (SMBs) and larger enterprises facing resource and talent shortages in their security teams.

Key Features

24×7 Threat Protection: Continuous monitoring and protection against cyber threats.
AI/ML Powered: Utilizes AI and machine learning to detect and prevent threats, including ransomware, malware, and other malicious activities.
Incident Response: Includes crisis communications and incident response (IR) to manage and mitigate security incidents.
Threat Hunting & Detection: Proactive threat hunting and detection capabilities to identify potential threats before they cause harm.
Threat Intelligence: Integrates threat intelligence to enhance the accuracy of threat detection and response.
Configuration and Finetuning: Allows for the configuration and finetuning of the system to meet specific organizational needs.
Unified XDR Architecture: Cylance MDR Pro integrates seamlessly with existing security tools, providing deep visibility across the entire IT infrastructure without the need to replace any existing tooling. It supports over 300 platform integrations, transforming business data and applications into powerful security sensors.

Benefits

High Success Rate: Cylance MDR claims to avoid 98% of cyber incidents.
Cost-Effective: It is 85% less expensive than building and maintaining an in-house Security Operations Center (SOC).
Return on Investment: Offers a 293% return on investment.
Access to Experts: Provides access to world-class security experts, reducing the need for internal cybersecurity talent.

Cylance - User Interface and Experience

User Interface and Experience

The user interface and experience of CylanceMDR, a managed detection and response (MDR) service from BlackBerry, are crafted to be intuitive, efficient, and highly informative.

Dashboard and Visualizations

The Cylance console, which houses CylanceMDR, features interactive and visually appealing dashboards. These dashboards provide a clear overview of various types of alerts, top threats, and other critical security metrics. Users can set specific timeframes to limit the data displayed, such as viewing escalations from the last 24 hours. The dashboard includes widgets that show the ratio of unresolved to resolved threats by severity, average Mean Time To Resolve (MTTR) over the last 30 days, and the number of targeted users and devices.

Ease of Use

The interface is designed to be user-friendly, with features like AI-driven workflows and simplified threat overviews. This makes it easier for security teams to identify, track, and resolve threats efficiently. The console also offers customizable dashboards, allowing users to personalize the layout according to their needs.

Integration and Compatibility

CylanceMDR integrates seamlessly with over 300 existing security tools, ensuring that users can leverage their current security infrastructure without disruptions. This open XDR architecture collects telemetry from diverse sources across the IT environment, enhancing visibility and threat detection capabilities.

Alerts and Incident Management

The Alerts view in the Cylance console provides a comprehensive way to review and manage alerts detected across various Cylance Endpoint Security services. Users can easily identify and track prevailing threat patterns and resolve groups of alerts efficiently. The system also allows for the management of incidents, including responding to escalated incidents and viewing unresolved alerts by severity.

Support and Engagement

CylanceMDR offers 24×7 monitoring, threat detection, triage, and response services. Users have access to a dedicated SOC team through on-demand services, which includes live chat support and 24×7 phone support. This ensures that users can engage with security experts at any time, enhancing their overall security posture and peace of mind.

Reporting and Advisory Services

The service includes monthly reports and advisory services, providing users with regular updates and insights into their security environment. Additionally, features like threat intelligence indicators of compromise (IOCs) integration and advanced threat intelligence services help in maintaining a strong security stance.

Conclusion

Overall, the user interface of CylanceMDR is designed to be clear, intuitive, and highly functional, making it easier for users to manage and respond to security threats effectively.

Cylance - Key Features and Functionality

Cylance Overview

Cylance, a part of BlackBerry’s cybersecurity offerings, boasts a range of AI-driven security tools that provide comprehensive protection against various threats. Here are the main features and how they work:

AI-Driven Malware Prevention

Cylance’s security tools use artificial intelligence to detect and prevent malware without relying on traditional signature-based methods. This AI-driven approach analyzes file behavior and quarantines malicious files, preventing the spread of malware within the network. The system assigns a Cylance score to threat alerts, simplifying the process of adding unsafe files to a quarantine list.

Sensitive Data Protection

CylanceAVERT is a component that identifies, categorizes, and inventories sensitive company information. It monitors files copied to USB devices, uploaded to browser locations or network drives, or included in email messages. If sensitive data is involved in an exfiltration event, CylanceAVERT notifies administrators and performs specified mitigation actions, such as blocking the transfer.

Device Control

The Device Control feature allows administrators to manage USB mass storage devices, preventing unauthorized data transfer and potential malware infections. This feature can be set to allow full access, read-only access, or block USB mass storage devices entirely.

Memory Protection

Cylance’s Memory Protection scans and monitors running processes to protect against malware that exploits software vulnerabilities. If an application attempts to call a memory violation process, the agent blocks the process, providing an additional layer of security against sophisticated threats.

Application and Script Control

CylancePROTECT includes application and script control, ensuring that only authorized applications and scripts can run on endpoints. This prevents malicious scripts and unauthorized applications from executing, thereby reducing the risk of attacks.

Network and DNS Protection

The CylanceGATEWAY agent uses machine learning and static reputation databases to identify potentially malicious destinations. It can enforce an acceptable use policy by intercepting each DNS query to determine whether the connection should be allowed or blocked.

Extended Detection and Response (XDR)

CylanceMDR Pro integrates with existing security tools to provide a unified view across endpoints, networks, cloud environments, and other attack surfaces. It pulls telemetry from all potential attack surfaces to accurately detect attack signals, prioritize threats, and present structured cases for faster human-led investigation and response. This AI-driven approach helps stop attacks before they cause damage.

Zero Trust Security Model

Cylance Endpoint Security adopts a Zero Trust approach, assuming that every user, endpoint, and network could be potentially hostile. It requires users to prove their identity and authorization before accessing resources, ensuring that the network and devices are not compromised.

Integration with UEM and MDM Platforms

Cylance Endpoint Security can be used with various Unified Endpoint Management (UEM) and Mobile Device Management (MDM) platforms, such as BlackBerry UEM and Microsoft Intune. This integration enhances endpoint management and security, allowing for better protection of devices and data.

Virtual Machine Protection

Cylance’s AI security tools extend protection to virtual machines, providing the same level of threat detection and response as for physical devices. This is crucial for organizations that rely heavily on virtualization for their IT infrastructure.

Device Lifecycle Management

The Device Lifecycle Management feature allows administrators to specify the number of days a device can be inactive before it is marked as such. This helps manage the lifecycle of devices, ensuring that unused or abandoned devices do not pose a security risk. These features collectively provide a comprehensive security solution that leverages AI to detect, prevent, and respond to a wide range of cyber threats, enhancing the overall security posture of an organization.

Cylance - Performance and Accuracy

Performance of Cylance Endpoint Security

Cylance Endpoint Security, now part of BlackBerry, stands out for its AI-driven approach to endpoint security. Here are some key aspects of its performance:

AI and Machine Learning

Cylance leverages advanced AI and machine learning techniques to detect and block malware, ransomware, and other threats. It uses mathematical models and machine learning algorithms to identify malicious software and websites, often before they can cause harm. This proactive approach helps in preventing new and unknown threats, which traditional signature-based systems might miss.

Real-Time Threat Detection

The CylancePROTECT Desktop agent analyzes potential file executions in real-time, scanning both OS and memory layers to prevent the delivery of malicious payloads. This real-time analysis ensures that threats are identified and blocked promptly, reducing the risk of security breaches.

Continuous Network Evaluation

CylanceGATEWAY continuously monitors network connections, using machine learning, IP reputation, and risk scoring to identify and block connections to known and unknown malicious destinations, including phishing domains and command and control (C2) beacons. This ensures that endpoints are protected from emerging network threats.

Integration and Management

The cloud-based management console allows for centralized management of device policies, threat events, and global lists for quarantined and safe files. It also supports integration with Mobile Device Management (MDM) solutions like BlackBerry UEM and Microsoft Intune, enabling comprehensive management of both mobile and desktop devices.

Accuracy

Threat Scoring and Prediction

CylancePROTECT cloud services use sophisticated AI and machine learning to process large volumes of data, enabling accurate threat scoring for files and Internet destinations. This helps in making intelligent predictions about the risk potential of software and files, ensuring that only legitimate files are allowed to execute.

Context Analysis Engine

CylanceOPTICS uses a Context Analysis Engine (CAE) to analyze and correlate events on devices, allowing for automated response actions based on identified artifacts. This enhances the accuracy of threat detection and prevention by considering the broader context of device activity.

Limitations and Areas for Improvement

Known Issues and Bugs

While Cylance Endpoint Security is highly effective, there are some known issues and bugs that have been reported. For example, there have been issues with device updates being throttled, errors in importing exclusions files, and problems with threat data report requests. These issues highlight the need for ongoing maintenance and updates to ensure smooth operation.

User Authentication

There have been some challenges with user authentication, particularly when synchronizing users from Entra ID if the email address and User Principal Name (UPN) do not match. This can lead to authentication issues and may require additional configuration to resolve.

Compatibility and Integration

While Cylance Endpoint Security integrates well with various MDM solutions and other security tools, there may be specific configurations or settings that need to be adjusted to ensure seamless integration. For instance, the BlackBerry Connectivity Node may not be applicable to all CylanceGATEWAY settings, requiring careful setup. In summary, Cylance Endpoint Security performs well in detecting and preventing threats using AI and machine learning, offering real-time protection and comprehensive management capabilities. However, it is important to address the known issues and ensure proper configuration to maximize its effectiveness.

Cylance - Pricing and Plans

The Pricing Structure for CylanceMDR

CylanceMDR, a managed detection and response (MDR) service offered by BlackBerry, is segmented into several tiers, each with distinct features and benefits.

Subscription Tiers

CylanceMDR On-Demand

This tier provides support on demand only.
Features include:

Onboarding (alert finetuning and Cylance product configuration)
24×7 threat monitoring, detection, triage, and response
24×7 threat hunting and custom threat hunting
Monthly reports and advisory services
Critical Event Management mobile app
Threat intelligence indicators of compromise (IOC) integration
24×7 phone support.

CylanceMDR Standard

This tier includes essential MDR services to build cyber resilience.
Features:

All features from the On-Demand tier
Closed-loop communications and access to a CylanceMDR analyst
Advanced threat intelligence (simulation, validation, monthly reports)
Incident response and forensic investigation services (optional add-on)
Service level objectives
$1,000,000 guarantee.

CylanceMDR Advanced

This tier offers full access to MDR services to harden defenses.
Features:

All features from the Standard tier
Incident response and forensic investigation services included (not optional)
Advanced threat intelligence services included.

CylanceMDR Pro

This tier provides complete access to CylanceMDR experts and services with seamless integration with existing security tools.
Features:

All features from the Advanced tier
Third-party application integration (e.g., firewall integration)
Unrestricted access to an expansive ecosystem for seamless integration with current security tools.

Additional Details

Onboarding and Configuration: All tiers include onboarding and alert finetuning, as well as Cylance product configuration.
24×7 Services: All tiers offer 24×7 threat monitoring, detection, triage, response, and threat hunting.
Integration: The Pro tier allows for integration with over 300 platforms, ensuring no vendor lock-in and compatibility with existing security tools.

Pricing

While the exact pricing per tier is not detailed in the provided sources, it is generally aligned with the industry standard for MDR services, which can range from $10 to $30 per asset monthly, depending on the specific requirements and security stack.

In summary, CylanceMDR offers a flexible and scalable solution with different tiers to cater to various organizational needs, ensuring comprehensive security coverage without requiring additional resources.

Cylance - Integration and Compatibility

Cylance Endpoint Security Overview

Cylance Endpoint Security, now part of BlackBerry, integrates with a variety of tools and services to enhance its security capabilities and provide a comprehensive security solution.

Integration with Other Tools

Cylance Endpoint Security supports several connectors that allow it to integrate with various third-party services and other BlackBerry products. Here are some key integrations:

Microsoft Intune

Cylance Endpoint Security can report the risk level of mobile devices to Microsoft Intune, allowing Intune to execute mitigation actions based on the device risk level calculated by the CylancePROTECT Mobile app.

BlackBerry UEM

The integration with BlackBerry Unified Endpoint Management (UEM) enables CylanceGATEWAY to verify whether Android and iOS devices are managed by UEM.

Okta

This integration allows the collection of login authentication and access information from Okta services, which can be viewed in the Alerts view in the Cylance console.

Mimecast

Cylance Endpoint Security can integrate email attachment risk score data from Mimecast services, displaying this information in the Alerts view.

Third-Party Log Sources

For CylanceMDR Pro subscriptions, Cylance Endpoint Security can integrate with third-party log sources such as firewalls, email gateways, and cloud providers. This integration unifies endpoint detection and response (EDR) with other security tools, providing improved visibility and control over security incidents.

Compatibility Across Different Platforms and Devices

Cylance Endpoint Security is compatible with a range of platforms and devices:

Desktop and Mobile

CylancePROTECT Desktop and CylancePROTECT Mobile agents are compatible with various operating systems. The desktop agent supports Windows, macOS, and Linux, while the mobile agent supports Android and iOS devices. It is recommended to use the latest version of the agent that is supported for your OS.

Operating System Compatibility

Detailed compatibility matrices are available for CylancePROTECT Desktop, CylancePROTECT Mobile, CylanceOPTICS, and CylanceGATEWAY agents, ensuring that the solution works seamlessly across different operating systems.

MDM Solutions

Cylance Endpoint Security can connect to both BlackBerry UEM and Microsoft Intune, allowing it to verify device management status and report risk levels to these MDM solutions.

Cloud and On-Premises

The solution supports integration with cloud services as well as on-premises environments. For example, the BlackBerry Connectivity Node can synchronize users and groups with on-premises Microsoft Active Directory or LDAP directories, and also with Azure Active Directory without this node.

System Requirements

To ensure smooth operation, Cylance Endpoint Security has specific system requirements, including the installation of CylancePROTECT, CylanceOPTICS, and CylanceGATEWAY agents on endpoints. Additionally, multi-factor authentication using the latest Google Authenticator app is required for logging into the CylanceMDR portal. By integrating with various tools and being compatible across a wide range of platforms and devices, Cylance Endpoint Security provides a comprehensive and unified endpoint security solution.

Cylance - Customer Support and Resources

Support Options

24/7 Support

Cylance MDR provides around-the-clock support, available 24 hours a day, 7 days a week, 365 days a year. This includes phone, email, and online ticketing support.

Response Times

The support response times are tiered based on the severity of the incident. For high-impact incidents, responses are immediate via phone and under 30 minutes via electronic means. Medium-impact incidents receive responses within 2 hours, and low-impact incidents are addressed the next business day.

Web Chat Support

Web chat support is also available 24/7 and can be accessed through the management console.

Onsite Support

Onsite support is available, although it incurs an additional cost.

Additional Resources

Technical Account Manager

Customers have access to a Technical Account Manager, providing additional support and guidance. Full details are available upon request.

Support Knowledgebase and Documentation

Users can log in to the myAccount portal to search the support knowledgebase, check the status of support cases, download software and updates, and manage their BlackBerry licenses.

User Guides and Setup Instructions

Detailed user guides, setup instructions, release notes, and other documentation are available to help users get the most out of their Cylance products.

Security Bulletins and Notices

Customers can stay updated with the latest security bulletins and notices from BlackBerry.

Training and Support

The service includes training, support, and documentation. For example, CylanceMDR subscriptions offer onboarding, alert fine-tuning, and product configuration as part of the service.

Multi-Language Support

Support is provided in multiple languages, including English, Spanish, German, Japanese, and Italian, for both emails and voice calls.

Integrated Services

Integration with Other Tools

CylanceMDR is fully integrated with other BlackBerry products such as CylancePROTECT Desktop, CylancePROTECT Mobile, CylanceOPTICS, and CylanceGATEWAY. It also supports integration with third-party log sources and vendors for holistic telemetry across all endpoints.

By providing these extensive support options and resources, Cylance MDR ensures that customers have the necessary tools and assistance to effectively manage and secure their environments.

Cylance - Pros and Cons

Advantages of Cylance Endpoint Security

Cylance Endpoint Security, powered by advanced AI and machine learning, offers several significant advantages:

AI-Driven Threat Protection

CylancePROTECT uses mathematical models and machine learning to identify and block malware, ransomware, and other threats without relying on reactive signatures or sandboxes. This approach allows for effective protection against zero-day threats and newly emerging malware.

Resource Efficiency

The solution consumes fewer system resources compared to traditional antivirus software, making it suitable for older computers and devices with limited capacity. It does not require regular scans or checks against a malware signature database, which reduces the load on the system.

Comprehensive Endpoint Protection

Cylance Endpoint Security provides unified protection across various devices, including Windows, macOS, Linux, iOS, Android, and Chrome OS. It includes features like CylancePROTECT Desktop and CylancePROTECT Mobile, ensuring thorough coverage of different endpoints.

Zero Trust Security Model

The solution adopts a Zero Trust approach, which assumes every user, endpoint, and network is potentially hostile. This model enhances network security by requiring continuous verification and authorization before granting access.

Advanced Cloud Services

Cylance Endpoint Security leverages cloud services that use AI, machine learning, and risk engines to process large volumes of data. These services help in real-time threat analysis and response, ensuring proactive security measures.

Integration and Management

The cloud-based management console allows for easy setup, management, and monitoring of all features. It also supports integration with other security solutions like Microsoft Intune, enhancing overall security management.

Expert Support with MDR

Cylance MDR offers 24x7x365 detection and protection, including hands-on onboarding, alert triage, investigation, managed threat hunting, digital forensics, and incident response. This is backed by world-class security experts, providing comprehensive threat management.

Disadvantages of Cylance Endpoint Security

While Cylance Endpoint Security is highly regarded, there are some potential drawbacks to consider:

False Positives

The AI-driven approach can sometimes lead to false positives, especially with legacy applications or valid applications that behave outside expected norms. This may require additional support from the security team to avoid blocking legitimate applications.

Initial Setup Complexity

The initial setup of Cylance Endpoint Security can be complex and may require technical expertise. This can be a challenge for organizations without sufficient IT resources.

Cost

Implementing a comprehensive MDR solution like Cylance can be costly. While it offers significant benefits, the expense might be a barrier for some organizations.

Integration Challenges

While Cylance integrates well with many systems, there can be challenges in integrating it with industrial HMIS (Human-Machine Interface Systems) and other specialized systems. Improved reporting and alert communication mechanisms are also needed for better data management. By weighing these advantages and disadvantages, organizations can make informed decisions about whether Cylance Endpoint Security aligns with their security needs and resources.

Cylance - Comparison with Competitors

When Considering AI-Driven Security Tools

Cylance, now part of BlackBerry, stands out with its unique features and integrations, but it also has several competitors that offer similar and sometimes distinct capabilities.

Cylance MDR Key Features

24×7 Managed XDR Service: CylanceMDR provides continuous monitoring and threat hunting by highly skilled analysts, integrating with various BlackBerry products like CylancePROTECT, CylanceOPTICS, and third-party vendors. This holistic approach ensures comprehensive telemetry across all endpoints, networks, cloud environments, and more.
AI-Driven Threat Prevention: CylanceMDR leverages AI to analyze telemetry for attack signals, prioritize threats, and present structured cases for faster human-led investigation and response. It minimizes alert fatigue and does not require additional resources.
Extensive Integrations: With over 300 platform integrations, CylanceMDR can transform business data and applications into security sensors, enhancing threat detection and prevention.

Competitors and Alternatives

Darktrace

Autonomous Response: Darktrace uses autonomous response technology to interrupt cyber-attacks in real-time. It is highly rated but may require more resources for full implementation compared to CylanceMDR.
Unique Feature: Darktrace’s ability to respond autonomously sets it apart, but it might not offer the same level of human-led investigation as CylanceMDR.

Vectra AI

Network Metadata Analysis: Vectra AI reveals and prioritizes potential attacks using network metadata. It is highly effective but focuses more on network-level threats rather than a broad, multi-environment approach like CylanceMDR.
Unique Feature: Vectra’s focus on network metadata can provide deep insights into network-based threats, which might complement CylanceMDR’s broader scope.

SentinelOne

Fully Autonomous Cybersecurity: SentinelOne offers fully autonomous cybersecurity powered by AI, which includes automated detection, prevention, and response. It is highly rated but may not offer the same level of human expert intervention as CylanceMDR.
Unique Feature: SentinelOne’s autonomous capabilities make it a strong choice for organizations seeking minimal human intervention in their security operations.

Cynet

XDR and Automated Remediation: Cynet integrates XDR attack prevention and detection with automated investigation and remediation. It provides a comprehensive solution similar to CylanceMDR but with a stronger focus on automation.
Unique Feature: Cynet’s automated remediation can reduce the workload on security teams, though it may lack the extensive human expert analysis offered by CylanceMDR.

CrowdStrike

Cloud-Native Endpoint Protection: CrowdStrike provides a cloud-native endpoint protection platform built to stop breaches. It is highly effective and offers a strong focus on endpoint security, but it may not have the same breadth of integrations as CylanceMDR.
Unique Feature: CrowdStrike’s cloud-native approach makes it highly scalable and adaptable, especially for cloud-centric environments.

Conclusion

Cylance MDR stands out with its comprehensive integration across various environments, AI-driven threat analysis, and human-led investigation. However, each competitor offers unique strengths:

Darktrace for autonomous response,
Vectra AI for network metadata analysis,
SentinelOne for fully autonomous cybersecurity,
Cynet for automated remediation,
CrowdStrike for cloud-native endpoint protection.

When choosing between these options, consider the specific needs of your organization, such as the level of human intervention desired, the types of environments that need protection, and the existing security tools you are using.

Cylance - Frequently Asked Questions

Frequently Asked Questions about Cylance Endpoint Security and CylanceMDR

What is Cylance Endpoint Security?

Cylance Endpoint Security is an AI-powered security solution that protects endpoints from cyber threats. It uses machine learning algorithms to detect and prevent attacks before they can cause harm. The solution includes components like CylanceOPTICS for threat detection and response, and CylanceAVERT for data protection and exfiltration prevention.

What is CylanceMDR and what services does it offer?

CylanceMDR (Managed Detection and Response) is a subscription-based service that provides 24×7 managed extended detection and response (XDR). It includes services such as hands-on onboarding, threat hunting, incident response, digital forensics, and critical event management. CylanceMDR also offers advisory and tuning services, and it is backed by a $1 million guarantee for eligible customers.

How does the integration of Cylance Endpoint Security with other tools work?

To integrate Cylance Endpoint Security with other tools, such as the Lumu Portal, you need to follow specific steps. For example, in the Lumu Portal, you would go to the Integrations menu, select the Cylance Endpoint Security integration, and enter the necessary credentials like Tenant ID, Application ID, and Application Secret. This integration allows for the pushing of threat types to Cylance Endpoint Security and ensures the accuracy of the credentials provided.

What are the different subscription levels for CylanceMDR?

CylanceMDR offers several subscription levels: On-Demand, Standard, Advanced, and Pro. The On-Demand subscription provides support on demand for specific alerts. The Standard, Advanced, and Pro subscriptions include 24×7 threat monitoring, triage, and response, as well as additional features like custom threat hunting, monthly reports, and advisory services. The Pro subscription also includes third-party log source integration, such as firewall integration.

How does CylanceMDR handle incident response and forensic investigations?

CylanceMDR provides comprehensive incident response and forensic investigation services, particularly in the Advanced and Pro subscriptions. These services include 24×7 triage and response, incident response, and forensic investigations. For On-Demand and Standard subscriptions, these services are available as optional add-ons.

What is the role of AI in Cylance Endpoint Security and CylanceMDR?

The AI platform in Cylance Endpoint Security and CylanceMDR plays a crucial role in threat detection and response. It can detect threats up to 13 times faster and prevent 98% of attacks earlier in the kill chain. The AI-powered Cylance Assistant also provides summary analyses and detailed investigations of alerts, aiding in threat investigations.

How does CylanceAVERT protect sensitive data?

CylanceAVERT protects sensitive data by identifying sensitive files on endpoints and notifying administrators of any attempts to exfiltrate these files through various channels like email, browser uploads, network drives, or USB devices. It uses keyword matching and regex validation to identify sensitive data types and performs mitigation actions specified by the administrator.

What kind of support does CylanceMDR offer?

CylanceMDR offers 24×7 phone support, as well as access to CylanceMDR analysts for ongoing review and updates on threat prevention status. The On-Demand subscription allows customers to request support for specific alerts, while the other subscriptions include continuous support and regular updates.

How does the onboarding process for CylanceMDR work?

The onboarding process for CylanceMDR includes hands-on onboarding, alert fine-tuning, and Cylance product configuration. This process is included in all subscription levels and ensures that the system is properly set up and configured to meet the customer’s security needs.

What is the financial impact of using CylanceMDR?

According to a Forrester Total Economic Impact Study, deploying CylanceMDR can be up to 85% less expensive than building an in-house Security Operations Center (SOC). It also reported a return on investment of almost three times, indicating significant cost savings and efficiency gains.

Cylance - Conclusion and Recommendation

Final Assessment of Cylance in the Security Tools AI-driven Product Category

Cylance, now part of the BlackBerry cybersecurity portfolio, stands out as a formidable player in the AI-driven security tools market. Here’s a comprehensive assessment of its features, benefits, and who would most benefit from using it.

Key Features and Benefits

AI and Machine Learning: Cylance leverages sophisticated AI and ML models to identify and block potential threats in real time. This predictive approach allows it to prevent malware attacks, including zero-day threats, ransomware, and system- and memory-based attacks, before they execute.
Lightweight and Efficient: The Cylance Endpoint Security system uses a lightweight agent that minimizes system resource usage, ensuring seamless operation without frequent updates or constant internet connectivity.
Comprehensive Threat Visibility: Cylance provides detailed threat visibility through its CylanceOPTICS EDR solution, which helps in visualizing the root causes of attacks and documenting all threat activities.
Managed Detection and Response (MDR): CylanceMDR offers a range of services, including 24×7 monitoring, threat detection, triage, and response. This is particularly beneficial for organizations with limited security resources, as it provides access to a dedicated SOC team without the overhead costs.
Integration and Flexibility: CylanceMDR Pro integrates seamlessly with over 300 existing security tools, allowing businesses to enhance their security posture without overhauling their current infrastructure.

Who Would Benefit Most

Organizations with Limited Security Resources: Companies facing staffing constraints or those that lack a full-time SOC will greatly benefit from CylanceMDR. It offers on-demand access to security experts and comprehensive MDR services, ensuring continuous protection without the need for significant internal resources.
Growing Businesses: Businesses looking to advance their cybersecurity capabilities quickly will find CylanceMDR Pro particularly useful. It enhances security visibility and posture without requiring changes to the existing software stack.
Enterprises Needing Predictive Security: Any organization seeking a proactive, prevention-first approach to cybersecurity will benefit from Cylance’s AI-driven endpoint protection. This is especially crucial for those facing sophisticated and evolving cyber threats.

Overall Recommendation

Cylance is an excellent choice for organizations seeking advanced, AI-driven endpoint security and managed detection and response capabilities. Its ability to prevent threats in real time, minimal system impact, and comprehensive threat visibility make it a strong contender in the cybersecurity market.

Key Considerations

Ease of Deployment: Cylance solutions are designed for seamless integration with existing security tools, making deployment straightforward and non-disruptive.
Expert Support: The availability of 24×7 support and access to a dedicated SOC team ensures that any security issues are promptly addressed, even for organizations with limited in-house expertise.
Future-Proof Security: With its mathematical approach to malware identification and continuous AI-driven improvements, Cylance provides a future-proof solution against evolving cyber threats.

In summary, Cylance offers a powerful, efficient, and highly integrated security solution that is well-suited for a wide range of organizations, particularly those looking to enhance their cybersecurity posture with minimal disruption.