CylanceGATEWAY release notes Skip Navigation

CylanceGATEWAY
release notes

What's new in the management console

Feature
Description
Date added
Windows
per-app tunnel wildcard support
In the Gateway Service policy, you can now include a wildcard in the path when you specify which apps can use the
CylanceGATEWAY
tunnel on
Windows
devices.
This feature reduces the administration time when the path specifies an executables folder which may contain versions that change frequently.
This feature is supported on
CylanceGATEWAY
agent for
Windows
2.7 and later.
For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content.
March 2023
Start the agent and enable Work Mode automatically on
macOS
and
Windows
In the Gateway Service policy, you can now force the
CylanceGATEWAY
agent on
macOS
and
Windows
devices to start when users log in or enable Work Mode automatically when the agent starts. Your policy settings override the "Start
CylanceGATEWAY
when I sign in" and "Enable Work Mode Automatically" settings in the agent, but users can still manually enable or disable Work Mode after the agent starts or close the agent.
This feature ensures that the devices have access to private network resources and benefit from ACL rules and network security protection settings by starting the agent and establishing a tunnel connection automatically. 
This feature is supported on the following devices:   
  • CylanceGATEWAY
    agent for
    macOS
    version 2.7 or later
  • CylanceGATEWAY
    agent for
    Windows
    version 2.7 or later
For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content.
March 2023
Safe Mode DNS protection support on
macOS
In the Gateway Service policy, you can configure users to use Safe Mode.
This feature extends the tenant’s ACL rules and endpoint protection for devices when Work Mode is not enabled ensuring that devices are always protected. With Safe Mode,
CylanceGATEWAY
blocks users from accessing potentially malicious destinations and enforces acceptable use policy (AUP) by intercepting DNS requests. The
CylanceGATEWAY
Cloud services evaluate each DNS query against the configured ACL rules and network protection settings, and then instructs the agent to allow or block the request in real time. If allowed, the network DNS query is allowed to complete over the bearer network. Otherwise, the
CylanceGATEWAY
agent overrides the normal response and prevents access.
When enabled, Safe Mode automatically takes effect when Work Mode is disabled. Enabling Safe Mode does not prevent users from enabling or disabling Work Mode, if the users' policy allows such operations. Safe Mode events appear in the
CylanceGATEWAY
Events screen and are sent to the SIEM solution or syslog server, if configured. 
This feature is not supported in environments that use secure DNS with DoT (DNS-over-TLS) and DoH (DNS-over-HTTPS) protocols. DNS queries sent using DoT or DoH cannot be viewed by CylanceGATEWAY.
This feature is supported on
CylanceGATEWAY
agent for
macOS
version 2.7 or later.
For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content.
March 2023
Enforce per-app tunnel access on
macOS
and
iOS
In the Gateway Service policy, you can require MDM managed devices to have a valid VPN profile assigned and installed by the MDM provider before users can use
CylanceGATEWAY
. The installed VPN profile will prevent users from manually starting the VPN in the default configuration.
This feature extends Zero Trust Access to bring-your-own devices with user privacy enrollment. This feature also helps decrease the load on your organization’s VPN by enforcing certain work traffic to use the
CylanceGATEWAY
tunnel.
This feature is supported the following devices:
  • CylanceGATEWAY
    agent for
    macOS
    version 2.7 or later
  • CylancePROTECT Mobile
    app for
    iOS
    version 2.14 or later (An updated
    CylancePROTECT Mobile
    app will be released in the near future.)
For more information, see the Gateway Service policy parameters in the Cylance Endpoint Security Setup content.
March 2023
Events enhancements
On the
CylanceGATEWAY
Events page,
  • Access type filter capabilities
    : You can now filter events by access types. The Access Type identifies whether the event was generated through a Safe Mode action or through a Gateway tunnel (Work Mode is enabled) connection attempt.
    This feature provides administrators with added visibility in the type of connection event that has occurred.
  • Event Details page
    : If the Events page displays a reputation alert, the Events Details page will display whether the alert is an IP reputation alert or a Domain reputation alert.
    This feature provides administrators with added visibility in the type of reputation alert that has occurred.
March 2023
Network anomaly detection
CylanceGATEWAY
uses machine learning to learn and monitor a
CylanceGATEWAY
user’s upload volume and download behavior pattern. Network anomaly events are detected when a user's upload and download volume are not consistent with past behavior. Abnormal upload and download volumes could be an early indicator of compromise (for example, exfiltration attempts, or malicious software installed on the device). When an anomaly is detected, it is displayed on the
CylanceGATEWAY
Events screen and identified as a behavioral risk anomaly. This detection allows administrators to review the activity and determine if it is expected behavior. Behavioral risk anomalies do not block user traffic.
Jan 2023
Benign Domain Classification
CylanceGATEWAY
uses machine learning that applies categorization to previously uncategorized destinations. This feature allows administrators to ensure compliance with their organization’s acceptable use and regulatory requirements.
Dec 2022
C2 beacon detection
Beaconing is one of the first network-related indications of a botnet or a peer-to-peer malware infection. When a host is infected, the malware can initiate a command and control (C2) channel with its creator.
CylanceGATEWAY
now detects and reports beacons in your private network traffic. Identified C2 beacon events are labelled as Zero Day Detection and categorized as a security risk and subcategorized as a beacon. The anomaly detection threat events are sent to the SIEM solution or syslog server, if configured.
Dec 2022
Events enhancements
On the
CylanceGATEWAY
Events page,
  • Time is displayed in UTC format
    : All timestamps (for example, Start Time and Event Details) are now displayed in UTC format. This feature allows for easy correlation with other security products that use UTC format for time. This feature also allows administrators to filter events for a specific time without having to consider users that might be in different time zones.
  • Event Details page
    : The link to view a summary of a user’s network activity has been moved from the Events page to the Event Details page.
  • Control the order of the columns
    : You can now change the order of the events columns by dragging the column to where you want it to appear. The updated order of the columns is saved in the local browser that you used to view the page. This feature allows administrators to order the events columns to their preference.
  • UI update
    : The Connector column has been replaced with the Network Route column. The Network Route column will label traffic as Public or Private. For Private connections, the
    CylanceGATEWAY Connector
    that is used to route the traffic will be identified. The Network Route column can be filtered to display Public traffic, Private traffic, or traffic for a specified
    CylanceGATEWAY Connector
    .
  • Filter capabilities
    . You can now perform free form type to search the events. As you type characters in the search field, you can select from the displayed matching options. The enhanced filter capability provides you with an alternate method to filter the events.
  • Network events deep linking
    : You can copy a link to an event using the icon added to the top of the event details page and share it with another console user to view the specific filtered event. This feature allows administrators to facilitate multi-team collaboration during an audit or investigation of destinations that users have tried to access. Console users must have the appropriate permissions to view the event.
  • New user search capabilities
    : You can now filter events by users’ Active Directory username from the user filter in events. Select the filter option and type the user’s
    Active Directory
    username in the search field. This filter allows administrators and SOC analysts to investigate events for a specific user and allows for better correlation between
    CylanceGATEWAY
    and other security tools.
Dec 2022
Gateway Connectors info enhancements
The Connection History Time is now displayed in UTC format. This feature allows administrators to view the latest status of a
CylanceGATEWAY Connector
without having to consider if the connector was installed in a different time zone.
Dec 2022
Google
Workspace as Managed Service
Administrators can now easily configure access to the
Google
Workspace set of applications such as
Gmail
,
Google Drive
, and
Google
IM & VoIP without having to know their FQDNs or IP addresses. This feature simplifies the process of configuring access to these destinations in the ACL rules.  
Dec 2022
iOS
and
Android
device posture validation on connect
Administrators can require
iOS
and Android devices to be managed by
Microsoft Intune
before users can use
CylanceGATEWAY
. For more information, see Configure Gateway service options in the
Cylance Endpoint Security
Setup content.
Sept 2022

CylanceGATEWAY
component versions

  • CylanceGATEWAY Connector
    version 2.7.0.775
  • CylanceGATEWAY
    agent for
    Windows
    version 2.7.0.19
  • CylanceGATEWAY
    agent for
    macOS
    version 2.7.26
To download the agent, go to the BlackBerry Website and scroll down to the Download
CylanceGATEWAY
section.

What's new in
CylanceGATEWAY Connector
2.7.0.775 (Dec 2022)

Feature
Description
Amazon Web Services
(AWS) deployment support
The
CylanceGATEWAY Connector
can now be deployed in an AWS Cloud environment. This feature allows
CylanceGATEWAY
users to access resources in their private network when the private network is hosted in the AWS Cloud through the
CylanceGATEWAY Connector
.