How

Cylance Endpoint Security

uses advanced technology to protect users and devices

CylancePROTECT Desktop

and

CylancePROTECT Mobile

leverage cutting-edge cloud services to determine whether software, files, and websites are potentially malicious and a threat to the security of a device. The

CylancePROTECT

cloud services use sophisticated AI, machine learning, and efficient mathematical models to process large volumes of data from global sources, retain and continuously learn from the patterns and properties of that data, and use that data to make intelligent predictions and decisions about the risk potential of software, files, and Internet destinations in near-real time. The

CylancePROTECT

services constantly evolve to address new cyber threats, providing an aggressive and proactive security strategy that identifies malicious software and websites before they can have any impact on your organization's infrastructure or device users.

The

CylancePROTECT

services provide the threat analysis for files that are scanned by the

CylancePROTECT Desktop

agent. If a file is identified as malicious, the

CylancePROTECT Desktop

agent will perform any mitigation actions that you configured (for example, alert or quarantine). The agent includes a local

CylancePROTECT

service model, so if the agent cannot communicate with the cloud, the agent will use the local model to score a file.

CylanceGATEWAY

provides machine learning models (for example, Signature detection and DNS Tunneling detections) and continuous monitoring and dynamic application of IP reputation databases to monitor network traffic and identify destinations that might contain potentially malicious threats. If a destination is identified as containing potential threats,

CylanceGATEWAY

will perform any the actions that you have configured (for example, alert or block the connection to the destinations).

CylanceGATEWAY

provides two modes of operation, Work Mode and Safe Mode, to protect users' devices and your network from threats.  

The

CylancePROTECT

services are a core component of several

CylancePROTECT Mobile

features, including malware detection, SMS message scanning, and secure network checks. If

CylanceGATEWAY

is enabled, the

CylancePROTECT Mobile

app also uses machine learning to continuously monitor network traffic and can block a user’s access to a destination.

The

CylanceOPTICS

agent on desktop devices sends the data that it collects to the

CylanceOPTICS

cloud services. The data is aggregated and stored in the secure

CylanceOPTICS

cloud database. The

CylanceOPTICS

data analytics services offer rich interpretations of device data that you can access in the management console.

CylanceOPTICS

uses a Context Analysis Engine (CAE) to analyze and correlate events as they occur on devices. You can configure

CylanceOPTICS

to take automated response actions when the CAE identifies certain artifacts of interest (for example, display a notification or log off the current user), providing an additional layer of threat detection and prevention to complement the capabilities of

CylancePROTECT Desktop

.

The

CylanceGATEWAY

agent on desktop devices uses machine learning and static reputation databases to identify destinations that might contain potentially malicious threats. If the agent is also enabled for and using Safe Mode,

CylanceGATEWAY

will enforce an acceptable use policy (UAP) by intercepting each DNS query to determine if connection can proceed or is blocked.

The

CylanceAVERT

agent identifies the sensitive files on an endpoint and notifies the administrator of any attempt to exfiltrate those files through email, browser uploads, network drives, or USB devices. If a sensitive file is involved in an exfiltration event,

CylanceAVERT

will perform the mitigation action that the administrator specified in the information protection settings.

CylanceAVERT

uses keyword matching and regex validation to identify the sensitive data types that trigger an exfiltration event.