CylanceGATEWAY release notes
What's new in the management console
Support for multiple private network configurations
You can now configure
CylanceGATEWAYto allow access to resources on more than one private network (for example, segments, data centers, and VPCs) both in on-premises and cloud environments. You can view the
CylanceGATEWAY Connectors that are associated with each specified Connector Group. This feature allows you to deploy multiple
CylanceGATEWAY Connectors from one Cylance Endpoint Security tenant and provides an aggregated view of the connectors for each private network.
This feature is enabled by default on new tenants. Existing tenants can be upgraded to support multiple private network configurations. You must contact
BlackBerryTechnical Support if you want to enable this feature.
Improved control of network traffic settings
The updated Network Protections settings introduce more granular control over the detection and protection mode of features of
CylanceGATEWAY, the respective details that you want to have reported and displayed in the Network Events screen, and the level of details shared to your integrated SIEM solution or syslog server, if configured.
For more information, see Configuring network protection in the Cylance Endpoint Security Setup content.
Enable Split DNS
In the Gateway Service policy, you can now enable Split DNS after Split tunneling is enabled. For more information on split DNS tunneling, see "Split tunneling enhancements" below.
HTTP content logging
In the ACL rules, you can now specify whether network events should include unencrypted, plain-text HTTP connection data. When enabled, a summary of the request and response details of an event are displayed in the Events Details page. The Events details page displays the first three HTTP events of the total events. You have the option to view all the events and the details that are associated with each one. This feature allows unencrypted HTTP network traffic to be reviewed and analyzed more deeply while further enabling threat hunting.
Safe Mode DNS protection support on
In the Gateway Service policy, you can configure users to use Safe Mode.
This feature extends the tenant’s ACL rules and endpoint protection for devices when Work Mode is not enabled ensuring that devices are always protected. With Safe Mode,
CylanceGATEWAYblocks users from accessing potentially malicious destinations and enforces acceptable use policy (AUP) by intercepting DNS requests. The
CylanceGATEWAYCloud services evaluate each DNS query against the configured ACL rules and network protection settings, and then instructs the agent to allow or block the request in real time. If allowed, the network DNS query is allowed to complete over the bearer network. Otherwise, the
CylanceGATEWAYagent overrides the normal response and prevents access.
When enabled, Safe Mode automatically takes effect when Work Mode is disabled. Enabling Safe Mode does not prevent users from enabling or disabling Work Mode, if the users' policy allows such operations. Safe Mode events appear in the
CylanceGATEWAYEvents screen and are sent to the SIEM solution or syslog server, if configured.
This feature is not supported in environments that use secure DNS with DoT (DNS-over-TLS) and DoH (DNS-over-HTTPS) protocols. DNS queries sent using DoT or DoH cannot be viewed by CylanceGATEWAY.
This feature is supported on
Windowsversion 2.8 or later.
OS-specific ACL support
In the ACL rules, you can create rules and specify which OS that the ACL rule applies to must match. This feature allows you to unify the ACL rules. For example, you have content sensitive resources that you only want desktop devices (
Windows) to access. In this scenario, your ACL rule would specify the desktop devices which are allowed access to the resource.
For more information, see the ACL parameters in the Cylance Endpoint Security Setup content.
Split tunneling enhancements
Now when you enable split tunneling, split DNS queries allow lookups for the domains that are listed in the Private Network > DNS > Forward Lookup Zone configuration to be performed through the tunnel where network access controls are applied. All other DNS lookups are performed using your local DNS server.
Chromebookdevices do not support split DNS queries and the DNS lookups are performed through the tunnel.
This feature allows you to further ensure user traffic privacy and geographical locality of the DNS queries, enhancing the Split Routing feature of Gateway. Split DNS is disabled by default. If you enabled Safe Mode, DNS traffic that does not use the Gateway tunnel is protected by Safe Mode.
On the Events Details page,
CylanceGATEWAY component versions
- CylanceGATEWAY Connectorversion 184.108.40.2068
- CylanceGATEWAYagent forWindowsversion 220.127.116.11
- CylanceGATEWAYagent formacOSversion 2.8.14
To download the agent, go to the BlackBerry Website and scroll down to the Download
What's new in CylanceGATEWAY Connector 18.104.22.1688 (June 2023)
CylanceGATEWAY Connector22.214.171.1248 (June 2023)
The June release rebrands the "blackberry-gateway-connector" debian package to "cylance-gateway-connector" installation files. This updated version is required to enable enhanced features in future releases.
CylanceGATEWAY Connectornow provides additional information on TCP and UDP flows that flow through the tunnel to the private network (for example, the Private NAT Source IP and Private NAT Source Port) after the Network Address Translation (NAT) is applied. When events traverse the private network, the Private NAT Source IP and Private NAT Source Port are displayed on the Events Details page for each event. If the Private NAT Source IP and Private NAT Source Port events are not available or the feature is not enabled, the Events Details page displays "Unknown". Events that are identified as a potentially malicious or blocked based on your network protection settings are sent to the SIEM solution or syslog server, if configured. Health check and DNS events are not sent to SIEM solution or syslog server.
For more information, see the Viewing the Event Details page in the Cylance Endpoint Security Administration content.
What's new in CylanceGATEWAY agent for macOS version 2.8.14 (August 2023)
macOSversion 2.8.14 (August 2023)