CylanceGATEWAYarchitecture was designed to help you protect users' devices and your extended network from threats. The following diagrams show the architecture of
CylanceGATEWAYin the two modes of operation.
- Work Mode: Work Mode creates a secure tunnel from devices, through theCylanceGATEWAYcloud services, to network resources and protects all of the traffic on that path.
- Safe Mode: Safe Mode extends the tenant’s ACL rules and endpoint protection formacOSandWindowsdevices. When enabled, Safe Mode automatically takes effect when Work Mode is disabled, ensuring that devices are always protected.
CylanceGATEWAY: Work Mode enabled
CylanceGATEWAY: Safe Mode enabled for users on the private network (for example, users in the office on the corporate network)
CylanceGATEWAY: Safe Mode enabled for users on a remote network (for example, a user is traveling)
CylanceGATEWAYis a cloud-based service that provides Zero Trust Network Access to provide your users with access to your extended network perimeter and protect devices and your extended network from threats.
CylanceGATEWAYcloud services use machine learning to continuously evaluate network connections. Network anomaly events are detected when a
CylanceGATEWAYuser attempts to connect to a destination that might be suspicious or contain malicious content. Detected anomalies can block access to a destination based on the configured risk threshold for your environment.
The cloud-based management console allows you to configure, manage, and monitor
CylanceGATEWAYand the connections made through it.
CylanceGATEWAY Connectoris an optional component that you can install behind your firewall and in private networks to establish a secure tunnel between the
CylanceGATEWAYservices and one of your private networks. The
CylanceGATEWAY Connectorallows users to communicate with content and application servers behind your firewall using
CylanceGATEWAYinstead of a traditional VPN.
BlackBerry Connectivity Node
BlackBerry Connectivity Nodeis an optional component that allows
Cylance Endpoint Securityto synchronize users and groups with your on-premises
Microsoft Active Directoryor LDAP directory.
Cylance Endpoint Securitycan synchronize users and groups with
Microsoft Entra IDwithout the
BlackBerry Connectivity Node.
Mobile devices with the
CylancePROTECT Mobileapp installed on mobile devices sends Internet traffic through a secure tunnel to the
CylanceGATEWAYcloud services. Users can enable and disable work mode to specify whether data traffic uses the tunnel to the
Desktop devices with the
Windows10 and 11 devices.
CylanceGATEWAYhas two modes of operation:
Software-as-a-Service applications provide cloud-based enterprise software, making apps and data available to users on multiple devices. Applications and data reside mostly on cloud-based servers managed by the vendor, easing deployment and reducing on-premises infrastructure costs, but requiring security measures that extend beyond firewalls and other perimeter-based security methods.
CylanceGATEWAYcan help secure user access to SaaS applications without requiring traffic to route through your organization's private network by enabling source IP pinning.
Public Internet destinations include any web site, SaaS application, or other entity with an IP address that a client app can connect to over the Internet.
BlackBerrymaintains an ever-growing list of destinations that are known to be malicious.
CylanceGATEWAYcan block apps on devices from connecting to destinations on the list.
If you enable split tunneling, traffic between devices and safe public sites that you specify can go directly over the Internet instead of through