Key features of CylanceAVERT
Sensitive data scanning
CylanceAVERTcan scan files uploaded to USB drives, internet browsers, and email attachments, as well as scan the body content of an email message for company data that the administrator defined as sensitive in the information protection policies. An email notification will be sent for data exfiltration events.
Information protection policies
You can specify the conditions that must be met to trigger the policy violation, the allowed domains for the policy, and the actions to take when a policy has been violated. See Managing information protection policies in the Cylance Endpoint Security Setup guide for more information.
You can create information protection policies to specify the data and conditions that must be met to trigger a policy violation, as well as the locations to apply the policy, the activities to monitor, and the remediation action to take when a policy has been violated. See CylanceAVERT events in the Cylance Endpoint Security Administration guide for more information.
Information protection settings
You can use the information protection settings to configure the sensitive data that they want to monitor for by adding templates and data types to use in an information protection policy. Administrators can also define the browser and email domains that will be allowed and trusted, manage the evidence that they want to collect for data exfiltration events, and specify how long the evidence should be available. Specified email addresses can also be sent notifications of data exfiltration events. See Define sensitive content using information protection settings in the Cylance Endpoint Security Setup guide for more information.
CylanceAVERTfile inventory creates a record of all the sensitive files in an organization through a file trawling process. See Using the file inventory to identify sensitive files in the Cylance Endpoint Security Administration guide for more information.
You can use the evidence locker to view details of the files that have been involved in exfiltration events and download the files to their local storage for auditing purposes. See Using the evidence locker to view exfiltration event details in the Cylance Endpoint Security Administration guide for more information.