CylanceGATEWAY release notes
CylanceGATEWAY
release notesWhat's new in the management console
Feature | Description | Date added |
---|---|---|
Windows per-app tunnel wildcard support | In the Gateway Service policy, you can now include a wildcard in the path when you specify which apps can use the CylanceGATEWAY tunnel on Windows devices. This feature reduces the administration time when the path specifies an executables folder which may contain versions that change frequently. This feature is supported on CylanceGATEWAY agent for Windows 2.7 and later.For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content. | March 2023 |
Start the agent and enable Work Mode automatically on macOS and Windows | In the Gateway Service policy, you can now force the CylanceGATEWAY agent on macOS and Windows devices to start when users log in or enable Work Mode automatically when the agent starts. Your policy settings override the "Start CylanceGATEWAY when I sign in" and "Enable Work Mode Automatically" settings in the agent, but users can still manually enable or disable Work Mode after the agent starts or close the agent. This feature ensures that the devices have access to private network resources and benefit from ACL rules and network security protection settings by starting the agent and establishing a tunnel connection automatically. This feature is supported on the following devices:
For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content. | March 2023 |
Safe Mode DNS protection support on macOS | In the Gateway Service policy, you can configure users to use Safe Mode. This feature extends the tenant’s ACL rules and endpoint protection for devices when Work Mode is not enabled ensuring that devices are always protected. With Safe Mode, CylanceGATEWAY blocks users from accessing potentially malicious destinations and enforces acceptable use policy (AUP) by intercepting DNS requests. The CylanceGATEWAY Cloud services evaluate each DNS query against the configured ACL rules and network protection settings, and then instructs the agent to allow or block the request in real time. If allowed, the network DNS query is allowed to complete over the bearer network. Otherwise, the CylanceGATEWAY agent overrides the normal response and prevents access. When enabled, Safe Mode automatically takes effect when Work Mode is disabled. Enabling Safe Mode does not prevent users from enabling or disabling Work Mode, if the users' policy allows such operations. Safe Mode events appear in the CylanceGATEWAY Events screen and are sent to the SIEM solution or syslog server, if configured. This feature is not supported in environments that use secure DNS with DoT (DNS-over-TLS) and DoH (DNS-over-HTTPS) protocols. DNS queries sent using DoT or DoH cannot be viewed by CylanceGATEWAY. This feature is supported on CylanceGATEWAY agent for macOS version 2.7 or later. For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content. | March 2023 |
Enforce per-app tunnel access on macOS and iOS | In the Gateway Service policy, you can require MDM managed devices to have a valid VPN profile assigned and installed by the MDM provider before users can use CylanceGATEWAY . The installed VPN profile will prevent users from manually starting the VPN in the default configuration. This feature extends Zero Trust Access to bring-your-own devices with user privacy enrollment. This feature also helps decrease the load on your organization’s VPN by enforcing certain work traffic to use the CylanceGATEWAY tunnel.This feature is supported the following devices:
For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content. | March 2023 |
Events enhancements | On the CylanceGATEWAY Events page,
| March 2023 |
Network anomaly detection | CylanceGATEWAY uses machine learning to learn and monitor a CylanceGATEWAY user’s upload volume and download behavior pattern. Network anomaly events are detected when a user's upload and download volume are not consistent with past behavior. Abnormal upload and download volumes could be an early indicator of compromise (for example, exfiltration attempts, or malicious software installed on the device). When an anomaly is detected, it is displayed on the CylanceGATEWAY Events screen and identified as a behavioral risk anomaly. This detection allows administrators to review the activity and determine if it is expected behavior. Behavioral risk anomalies do not block user traffic. | Jan 2023 |
Benign Domain Classification | CylanceGATEWAY uses machine learning that applies categorization to previously uncategorized destinations. This feature allows administrators to ensure compliance with their organization’s acceptable use and regulatory requirements. | Dec 2022 |
C2 beacon detection | Beaconing is one of the first network-related indications of a botnet or a peer-to-peer malware infection. When a host is infected, the malware can initiate a command and control (C2) channel with its creator. CylanceGATEWAY now detects and reports beacons in your private network traffic. Identified C2 beacon events are labelled as Zero Day Detection and categorized as a security risk and subcategorized as a beacon. The anomaly detection threat events are sent to the SIEM solution or syslog server, if configured. | Dec 2022 |
Events enhancements | On the CylanceGATEWAY Events page,
| Dec 2022 |
Gateway Connectors info enhancements | The Connection History Time is now displayed in UTC format. This feature allows administrators to view the latest status of a CylanceGATEWAY Connector without having to consider if the connector was installed in a different time zone. | Dec 2022 |
Google Workspace as Managed Service | Administrators can now easily configure access to the Google Workspace set of applications such as Gmail , Google Drive , and Google IM & VoIP without having to know their FQDNs or IP addresses. This feature simplifies the process of configuring access to these destinations in the ACL rules. | Dec 2022 |
iOS and Android device posture validation on connect | Administrators can require iOS and Android devices to be managed by Microsoft Intune before users can use CylanceGATEWAY . For more information, see Configure Gateway service options in the Cylance Endpoint Security Setup content. | Sept 2022 |
CylanceGATEWAY component versions
CylanceGATEWAY
component versions- CylanceGATEWAY Connectorversion 2.7.0.775
- CylanceGATEWAYagent forWindowsversion 2.7.0.19
- CylanceGATEWAYagent formacOSversion 2.7.26
To download the agent, go to the BlackBerry Website and scroll down to the Download
CylanceGATEWAY
section.What's new in CylanceGATEWAY Connector 2.7.0.775 (Dec 2022)
What's new in
CylanceGATEWAY Connector
2.7.0.775 (Dec 2022)Feature | Description |
---|---|
Amazon Web Services (AWS) deployment support | The CylanceGATEWAY Connector can now be deployed in an AWS Cloud environment. This feature allows CylanceGATEWAY users to access resources in their private network when the private network is hosted in the AWS Cloud through the CylanceGATEWAY Connector .
|