Key features of

CylanceGATEWAY

Users can enable and disable Work Mode. Work Mode protects your network and devices. When enabled, each network access attempt is evaluated against the access control list (ACL) rules and specified network protection settings that are configured for your environment. The ACL defines allowed and blocked destinations on private and public networks. If allowed, the network traffic is sent through a secure tunnel to the

CylanceGATEWAY

cloud services.

You can enable Safe Mode for users. With Safe Mode,

CylanceGATEWAY

blocks apps and users from accessing potentially malicious destinations and enforces an acceptable use policy (AUP) by intercepting DNS requests. The

CylanceGATEWAY

cloud services evaluate each DNS query against the configured ACL rules and network protection settings (for example DNS Tunneling and Zero Day Detections such as Domain Generation Algorithm (DGA), Phishing, and Malware), and then instructs the agent to allow or block the request in real time. If allowed, the DNS request completes normally over the bearer network. Otherwise, the

CylanceGATEWAY

agent overrides the normal response to prevent access.

In the Gateway Service policy, you can force the

CylanceGATEWAY

agent on

macOS

or

Windows

devices to automatically run when users log in or to automatically enable Work Mode when the agent starts. Your policy settings can override the "Start

CylanceGATEWAY

when I sign in" and "Enable Work Mode automatically" settings in the agent, but users can still manually enable and disable Work Mode after the agent starts or close the agent.

You can connect

Cylance Endpoint Security

to

BlackBerry UEM

or

Microsoft Intune

so that

Cylance Endpoint Security

can verify whether

iOS

or

Android

devices are managed by

UEM

or

Intune

. You can specify whether devices must be

UEM

or

Intune

managed before they can use

CylanceGATEWAY

. For more information on network services, see Connecting

Cylance Endpoint Security

to MDM solutions to verify whether devices are managed.

On

macOS

and

iOS

devices under Mobile Device Management (MDM), you can designate which apps are allowed to use the

CylanceGATEWAY

Work Mode tunnel. You can use this to allow work use of bring-your-own-devices without extending the Work Mode access to all apps on a device.

On

Windows

and

Android

devices, you can specify or restrict which apps can use the

CylanceGATEWAY

tunnel.

BlackBerry

uses machine learning, IP reputation, and risk scoring to maintain an ever-evolving list of malicious Internet destinations.

CylanceGATEWAY

blocks devices from connecting to known and unknown phishing domains and associated IP and FQDN destinations, saving your organization the work of manually compiling and maintaining its own list.

CylanceGATEWAY

uses machine learning to continuously protect your organization's network from threats by continuously monitoring network connections for potential threats. When an anomaly is identified, it is subsequently blocked or alerted upon based on the risk level that is set in the network protection settings.

You can use the management console to evaluate the risk level and identify the category and subcategory of network destinations as they would be analyzed and determined by the

CylanceGATEWAY

cloud services.

You can deploy multiple

CylanceGATEWAY Connectors

from one

Cylance Endpoint Security

tenant to allow access to more than one of your private networks (for example, segments, data centers, and VPCs) which are both in an on-premises and cloud environment. You can view the

CylanceGATEWAY Connectors

that are associated with each specified Connector Group. You can create a maximum of eight connector groups and assign a maximum of eight

CylanceGATEWAY Connector

s to each group.

You can install

CylanceGATEWAY Connectors

on-premises and on private cloud networks to provide network access to remote devices without changing network topology or routing, and without opening firewall holes for incoming traffic. Access through

CylanceGATEWAY

offers strong isolation; only the parts of the network you choose are exposed to endpoints, and endpoints are not exposed to the whole private network. The

CylanceGATEWAY Connector

can be deployed in an

AWS

,

vSphere

,

ESXi

,

Microsoft Entra ID

, or

Hyper-V

environment.

The

CylanceGATEWAY

dashboard in the management console displays multiple widgets that show connections, usage patterns, and alerts to help you monitor network traffic.

In the Network Protection screen, you can specify whether allowed network events (for example, Destination reputation and Signature detections) that are below the set minimum risk level are displayed as anomalies in the Network Events screen. If the allowed events are disabled, they are displayed as normal allowed traffic. Additionally, you can configure the SIEM solution or syslog support to only send blocked events. These features introduce more granular control over Network Protection and the SIEM solution or syslog and can help reduce alert fatigue.

In the Network Protection screen, you can specify the detections (for example, destination reputation, Signature detections, DNS Tunneling, and Zero Day) that you want to send to the Alerts view. Blocked and allowed ACL events are not shared to the Alerts view. This feature introduces more granular control over the alerts that are displayed in the Alerts view.

You can create ACL rules and apply them to a specific OS. For example, you can allow access to some resources to only desktop devices (

macOS

and

Windows

).

You can easily configure access to SaaS applications using the network services.

CylanceGATEWAY

streamlines SaaS app support and reduces the time required to enable SaaS app connectivity in the ACL rules that you configure for your environment. For more information on network services, see Define network services.

The ACL rules and the network protection settings that you configure for your environment filter the content and destinations that your users can access. This uses machine learning and ACL rules to ensure that users and devices comply with your organization's acceptable use and regulatory requirements. 

You can filter events based on the tunnel IP address (BlackBerry source IP) to identify the tunnel IP address used by users to access external destinations.

The

CylanceGATEWAY Connector

provides additional information on UDP and TCP flows that flow through the tunnel to your private network after Network Address Translation (NAT) is applied (for example, Private NAT Source IP and Private Source Port). This allows you to identify the source IP address and the port number of an event that has been identified as potentially malicious or blocked and traverses your private network.

CylanceGATEWAY

protects devices and your private networks by filtering, monitoring, and blocking traffic to potentially suspicious destinations.

CylanceGATEWAY

completes this by applying ACL rules that are configured for your environment and the network protection settings that you have specified. See the following for more information:

Monitoring network connections in the Administration content.
Controlling network access using ACL rules in the Setup content.

Most SaaS applications allow source IP pinning to limit access only to connections from a specific range of trusted IP addresses. By limiting users to connections only through trusted entry points, organizations have an additional level of verification that the user is entitled to use the service. Your organization may already use this method to limit access to a SaaS application to connections from IP addresses used by devices connected to your organization's network. For users working remotely without using

CylanceGATEWAY

, this means that all traffic between remote devices and a SaaS application must travel over VPN to your network and then to the SaaS application.

CylanceGATEWAY

allows you to reserve

CylanceGATEWAY

IP addresses that are dedicated to your organization. You can use these IP addresses for source IP pinning in addition to your organization's IP addresses, providing the same level of security without requiring remote users to be connected to your organization's VPN.

CylanceGATEWAY

provides advanced layer 3 encryption for IP tunnels carrying TCP, UDP, ICMP, and real-time, low-latency traffic.

The

CylancePROTECT Mobile

app sends traffic through the tunnel to the

CylanceGATEWAY

cloud services and provides users with connection statistics, status information, and the ability to disable Work Mode and stop using

CylanceGATEWAY

for connections.

The

CylanceGATEWAY

agent that you install on devices sends traffic through the tunnel to the

CylanceGATEWAY

cloud services and provides users with connection statistics, status information, and the ability to disable Work Mode and stop using

CylanceGATEWAY

for connections.

You can allow remote users to connect to safe public Internet sites directly over the Internet without tunneling through

CylanceGATEWAY

.

You can specify those destinations that must use the tunnel and the destinations that cannot use the tunnel.

When enabled, split DNS queries allow DNS lookups for the domains that are listed in the Private Network > DNS > Forward Lookup Zone configuration to be completed through the tunnel where network access controls are applied. All other DNS lookups are completed using your local DNS. If you enabled Safe Mode, DNS traffic that does not use the Gateway tunnel is protected by Safe Mode.

Android

and 64-bit

Chromebook

devices will use the tunnel where network access controls are applied.