Architecture: CylanceGATEWAY
CylanceGATEWAY

Component | Description |
---|---|
CylanceGATEWAY cloud services | CylanceGATEWAY is a cloud-based service that provides zero trust network access to provide your users with access to your extended network perimeter and protect devices and your extended network from threats.The CylanceGATEWAY cloud services use machine learning to continuously evaluate user behavior and provide adaptive response to network anomaly events. Network anomaly events are detected when a CylanceGATEWAY user's network usage pattern is not consistent with past behavior. If the percentage of anomalous events exceeds a set threshold, CylanceGATEWAY can dynamically override the user's access control list (ACL) rules to block network access and require the user to authenticate before they can continue. |
Management console | The cloud-based management console allows you to configure, manage, and monitor CylanceGATEWAY and the connections made through it. |
CylanceGATEWAY Connector | The CylanceGATEWAY Connector is an optional component that you can install behind your firewall and in private cloud networks to establish a secure tunnel between the BlackBerry Infrastructure and your private network. The CylanceGATEWAY Connector allows users to communicate with content and application servers behind your firewall using CylanceGATEWAY instead of a traditional VPN. |
BlackBerry Connectivity Node | The BlackBerry Connectivity Node is an optional component that allows Cylance Endpoint Security to synchronize users and groups with your on-premises Microsoft Active
Directory or LDAP directory. Cylance Endpoint Security can synchronize users and groups with Azure Active
Directory without the BlackBerry Connectivity Node . |
Devices with the CylanceGATEWAY agent or CylancePROTECT Mobile app | CylanceGATEWAY supports iOS , Android , Windows 10 , Windows 11, and macOS devices. The CylancePROTECT Mobile app installed on mobile devices or the CylanceGATEWAY agent installed on desktop devices sends Internet traffic through a secure tunnel to the BlackBerry Infrastructure . Users can enable and disable work mode to specify whether data traffic uses the tunnel to the BlackBerry Infrastructure . |
SaaS applications | Software-as-a-Service applications provide cloud-based enterprise software, making apps and data available to users on multiple devices. Applications and data reside mostly on cloud-based servers managed by the vendor, easing deployment and reducing on-premises infrastructure costs, but requiring security measures that extend beyond firewalls and other perimeter-based security methods. CylanceGATEWAY can help secure user access to SaaS applications without requiring traffic to route through your organization's private network. |
Internet destinations | Public Internet destinations include any web site, SaaS application, or other entity with an IP address that a client app can connect to over the Internet. BlackBerry maintains an ever-growing list of destinations that are known to be malicious. CylanceGATEWAY can block apps on devices from connecting to destinations on the list.If you enable split tunneling, traffic between devices and safe public sites that you specify can go directly over the Internet instead of through CylanceGATEWAY . |