How Cylance Endpoint Security uses advanced technology to protect users and devices Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance Endpoint Security Overview and Architecture
  4. What is Cylance Endpoint Security?
  5. How Cylance Endpoint Security uses advanced technology to protect users and devices

How
Cylance Endpoint Security
 uses advanced technology to protect users and devices

CylancePROTECT Desktop
 and
CylancePROTECT Mobile
 leverage cutting-edge cloud services to determine whether software, files, and websites are potentially malicious and a threat to the security of a device. The
CylancePROTECT
 cloud services use sophisticated AI, machine learning, and efficient mathematical models to process large volumes of data from global sources, retain and continuously learn from the patterns and properties of that data, and use that data to make intelligent predictions and decisions about the risk potential of software, files, and Internet destinations in near-real time. The
CylancePROTECT
 services constantly evolve to address new cyber threats, providing an aggressive and proactive security strategy that identifies malicious software and websites before they can have any impact on your organization's infrastructure or device users.
The
CylancePROTECT
 services provide the threat analysis for files that are scanned by the
CylancePROTECT Desktop
 agent. If a file is identified as malicious, the
CylancePROTECT Desktop
 agent will perform any mitigation actions that you configured (for example, alert or quarantine). The agent includes a local
CylancePROTECT
 service model, so if the agent cannot communicate with the cloud, the agent will use the local model to score a file.
The
CylancePROTECT
 services are a core component of several
CylancePROTECT Mobile
 features, including malware detection, SMS message scanning, and secure network checks. If
CylanceGATEWAY
 is enabled, the
CylancePROTECT Mobile
 app also uses machine learning to continuously evaluate user behavior and provide adaptive response anomaly events when a user's network usage pattern is not consistent with past behavior.
CylanceGATEWAY
 can block a user’s access to the network or require the user to reauthenticate.
The
CylanceOPTICS
 agent on desktop devices sends the data that it collects to the
CylanceOPTICS
 cloud services. The data is aggregated and stored in the secure
CylanceOPTICS
 cloud database. The
CylanceOPTICS
 data analytics services offer rich interpretations of device data that you can access in the management console.
CylanceOPTICS
 uses a Context Analysis Engine (CAE) to analyze and correlate events as they occur on devices. You can configure
CylanceOPTICS
 to take automated response actions when the CAE identifies certain artifacts of interest (for example, display a notification or log off the current user), providing an additional layer of threat detection and prevention to complement the capabilities of
CylancePROTECT Desktop
.
For desktop devices with the
CylanceGATEWAY
 agent, cloud services use machine learning to create a behavioral model based on user activity and use that model to recognize deviations from the user's expected behavior. The
CylanceGATEWAY
 agent collects data on a user's network usage pattern and can dynamically block the user's network access and require the user to authenticate before they can continue.
The
CylanceAVERT
 agent identifies the sensitive files on an endpoint and notifies the administrator of any attempt to exfiltrate those files through email, browser uploads, network drives, or USB devices. If a sensitive file is involved in an exfiltration event,
CylanceAVERT
 will perform the mitigation action that the administrator specified in the information protection settings.
CylanceAVERT
 uses keyword matching and regex validation to identify the sensitive data types that trigger an exfiltration event.