CylanceGATEWAY release notes Skip Navigation

CylanceGATEWAY
release notes

What's new in the management console

Feature
Description
Date added
iOS
and
Android
device posture validation on connect
Administrators can require
iOS
and Android devices to be managed by
Microsoft Intune
before users can use
CylanceGATEWAY
. For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
Sept 2022
Enforce tunnel reauthentication on
Windows
and
macOS
Administrators can now configure how frequently users must authenticate before they can establish a tunnel. Administrators can specify a period after which users who have authenticated and established a tunnel are required to authenticate again. If an established tunnel is disconnected and reconnects within two minutes of the users’ last established connection, users are not required to authenticate. This feature provides administrators more control to implement regulatory requirements such as requiring users to authenticate at specified times. This feature requires
CylanceGATEWAY
agent for
Windows
or
macOS
version 2.5 or later. For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
Aug 2022
Zero Day phishing, malicious domain, and C2 beacon anomaly detection support
CylanceGATEWAY
now supports threat detection of newly emerging network threats and already established malicious destinations. This feature provides additional machine learning models to protect endpoints against newly emerging network threats and established malicious destinations. After the anomalies are identified, they are assigned a risk score and subsequently blocked or alerted upon based on the risk level that you set for your network protection. The anomaly detection threat events are sent to the SIEM solution or syslog server, if configured. For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content. For more information, see Viewing network activity in the
Cylance Endpoint Security
Administration content.
Aug 2022
Hostname support on
Windows
and
macOS
Administrators can view the device hostname that is assigned to the
Windows
or
macOS
device in the
CylanceGATEWAY
Events screen. This feature allows administrators to easily identify the user’s machines associated with the endpoint, find network events for the same device hostname, and corroborate data across
CylanceGUARD
,
CylancePROTECT
, and
CylanceOPTICS
. This feature requires
CylanceGATEWAY
agent for
Windows
or
macOS
version 2.5 or later. The device hostname of an endpoint is sent to the SIEM solution or syslog server, if configured.
Aug 2022
Connection events to SaaS and managed services are identified
Traffic connection events to known SaaS and privately defined managed services (for example,
Microsoft Office 365
) are now identified in the
CylanceGATEWAY
Events screen. This feature allows administrators to easily identify the destination of the traffic. The managed services traffic connections are sent to the SIEM solution or syslog server, if configured.
Aug 2022
Allow apps to use local networks
In the
CylanceGATEWAY
service policy, administrators can specify whether allowed apps that are forced to use the tunnel are also allowed to reach local network destinations. This feature requires
CylanceGATEWAY
agent for
Windows
version 2.5 or later. For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
Aug 2022
Export
CylanceGATEWAY
Events
Administrators can export all or only the filtered
CylanceGATEWAY
Events summary to a .csv file. This feature allows administrators to analyze the events and create reports. For more information, see Viewing network activity in the
Cylance Endpoint Security
Administration content.
Aug 2022
Split tunneling FQDN support
Administrators can now specify FQDNs for destinations that must use the tunnel.
CylanceGATEWAY
periodically resolves FQDNs to IP address. Wildcards are not supported. This feature allows administrators to use FQDNs when configuring split tunneling without having to continuously update IP addresses. For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
Aug 2022
Enhanced search capabilities of ACL rules and Network Services.
Administrators can now perform searches across all ACL rules and operators. You can perform a search on the committed ACL rules. You can perform a search on the draft ACL rules. A search does not span the committed and drafted ACL rules. For more information, see Searching ACL rules and Network services in the
Cylance Endpoint Security
Setup content.
Aug 2022
Bring your own IP address (BYOIP) support
CylanceGATEWAY
now allows you to provide larger dedicated IP addresses with an IPv4 CIDR range of /24 used for tunnel egress. This feature allows organizations to use a larger IP address range, reflect the GeoIP information for the customer supplied address, and avoid issues where some web sites block AWS IP ranges. For more information, see Bring your own IP addresses (BYOIP) in the
Cylance Endpoint Security
Setup content.
Aug 2022
CylanceGATEWAY Connector
enhancements
The management console now supports the following:
  • On the
    CylanceGATEWAY Connector
    list screen, you can
    • Disable a connector
    • View the version
    • Download the log files
    • View the number of connections that are active
  • On the Connector info page, you can
    • Disable a connector
    • View the version
    • Download the log files
    • Edit the Private URL field for a connector and open the URL in a separate page
For more information, see Managing CylanceGATEWAY Connectors in the
Cylance Endpoint Security
Setup content
Aug 2022
Chromebook
(64-bit) support
CylanceGATEWAY
now supports
Chromebook
devices.
Chromebook
support with
CylanceGATEWAY
requires a
Google
managed domain and devices to be running
CylancePROTECT Mobile
for
Android
. For more information, see Specify CylanceGATEWAY options on Chromebook devices in the
Cylance Endpoint Security
Setup content.
Aug 2022
Destination reputation threat level configuration
Administrators can now configure the network destination risk level of potentially malicious IP addresses and FQDNs that
CylanceGATEWAY
will block. The network access attempts and the respective risk level are displayed in the Network Events screen (Gateway > Network). The allowed and blocked events are sent to the SIEM solution or syslog server, if configured. For more information, see Configure network protection settings in the
Cylance Endpoint Security
Setup content.
May 2022
DNS tunneling detection support
CylanceGATEWAY
now supports DNS tunneling detection based on analysis of DNS traffic from the client to the attacker's DNS server. The tunneling connection threat event is sent to the SIEM solution or syslog server, if configured. For more information, see Configure network protection settings in the
Cylance Endpoint Security
Setup content.
May 2022
Network traffic privacy
Administrators can now specify whether network access attempts are displayed in the Network Events screen (Gateway > Events) by enabling Traffic Privacy. If your environment sends network events to a SIEM solution or syslog server and if the connection attempt matches a rule with traffic privacy, the event is not sent to the SIEM solution or syslog server. For more information, see ACL parameters in the
Cylance Endpoint Security
Setup content.
May 2022
macOS
and
iOS
force network traffic protection mode
In the
CylanceGATEWAY
service policy,
  • Administrators can specify whether all network connections on unmanaged
    macOS
    and unmanaged
    iOS
    devices must use the tunnel, including local network destinations. This feature requires the following:
    • macOS
      devices running
      macOS
      10.15 or later and
      CylanceGATEWAY
      agent version 2.0.17 or later.
    • iOS
      devices running
      iOS
      14.0 or later and
      CylancePROTECT Mobile
      2.4.0.1731 or later.
  • Administrators can specify whether all network destinations on unmanaged
    macOS
    and unmanaged
    iOS
    devices can be restricted from using the tunnel. This feature requires the following:
    • macOS
      devices running
      macOS
      10.15 or later and
      CylanceGATEWAY
      agent version 2.0.17 or later.
    • iOS
      devices running
      iOS
      14.0 or later and
      CylancePROTECT Mobile
      2.4.0.1731 or later.
For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
May 2022
macOS
device posture validation on connect
Administrators can require
CylancePROTECT Desktop
to be activated on
macOS
devices before users can use
CylanceGATEWAY
. This feature requires
CylancePROTECT Desktop
3.0 or later and
CylanceGATEWAY
agent 2.0.17 or later.  For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
May 2022
Windows
per-app tunnel support
In the
CylanceGATEWAY
service policy, administrators can now specify which apps can use the
CylanceGATEWAY
tunnel on
Windows
devices. You can allow, or restrict, the apps to use the
CylanceGATEWAY
and prevent them from using other network interfaces.  This feature requires
CylanceGATEWAY
2.0.0.13 or later. For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
May 2022
SIEM solution and syslog server enhancements
Network destination alerts now provide an associated threat category and a sub-category. The
Cylance Endpoint Security
tenant ID is also logged. For more information, see Network threats in the BlackBerry Syslog content.
May 2022
Client private IP range customization
Administrators can now assign a range of IPv4 addresses of the private network that will be used exclusively by
CylanceGATEWAY
agents. For more information, see Specify private CylanceGATEWAY agent IP ranges in the
Cylance Endpoint Security
Setup content.
May 2022
Removal of the Network Events tab from the
CylanceGATEWAY
Events screen
In the
CylanceGATEWAY
Events screen, the Network Events tab has been removed.
Feb 2022
Access control list (ACL)
You can now create an ordered list of rules that define the allowed and blocked destinations on private and public networks that devices can connect to. The ACL applies to all
CylanceGATEWAY
users in the tenant that are assigned a
CylanceGATEWAY Service
policy. For more information, see Controlling network access in the
Cylance Endpoint Security
Setup content.
Existing tenants can be upgraded to ACL rules. For more information on upgrading your tenant, see Upgrading your tenant from network access control policies to ACL rules in the
Cylance Endpoint Security
Setup content.
Feb 2022
Network services enhancements
You can now create network services that nest other network services. This allows you to create a single network service to include in the ACL rule or network access control policy.
Feb 2022
iOS
and
Android
support
You can now enable
CylanceGATEWAY
on
iOS
and
Android
devices. Devices must have the latest version of the
CylancePROTECT Mobile
app.
Nov 2021
Per-app tunnel support on
Android
You can specify which apps use the
CylanceGATEWAY
tunnel on
Android
devices.
CylanceGATEWAY
also supports per-app settings specified in your EMM provider for
iOS
devices.
For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
Nov 2021
Windows
tunnel use settings
In the
CylanceGATEWAY
service policy, administrators can now specify whether all non-loopback connections must use the tunnel and whether incoming TCP connections are allowed.
For more information, see Configure CylanceGATEWAY service options in the
Cylance Endpoint Security
Setup content.
Oct 2021
Deep network threat detection support
CylanceGATEWAY
now supports deep network threat detection using network connection’s signatures.
For more information, see Configure network protection settings in the
Cylance Endpoint Security
Setup content.
Oct 2021
New event filters
You can now filter events based on a detected anomaly, whether it is due to the user’s behaviour, the destination’s reputation, or a network connection signature.
For more information, see Viewing network activity in the
Cylance Endpoint Security
Administration content.
Oct 2021

CylanceGATEWAY
component versions

  • CylanceGATEWAY Connector
    version 2.5.0.732
  • CylanceGATEWAY
    agent for
    Windows
    version 2.5.0.5
  • CylanceGATEWAY
    agent for
    macOS
    version 2.5.16
To download the agent, go to the BlackBerry Website and scroll down to the Download
CylanceGATEWAY
section.

What's new in
CylanceGATEWAY Connector

What's new in
CylanceGATEWAY Connector
2.5.0.732 (Aug 2022)

Feature
Description
Microsoft
Hyper-V
and
Microsoft Azure
deployment support
Administrators can now deploy the CylanceGATEWAY Connector in a
Hyper-V
and
Azure
environments. For more information, see Setting up the
CylanceGATEWAY Connector
in the
Cylance Endpoint Security
Setup content.
OpenSSH support
OpenSSH is now pre-installed on the connector image. This feature provides administrators an alternative means to access the connector’s command-line through SSH to perform system operations and maintenance. By default, the OpenSSH service is disabled. For more information, see Access the
CylanceGATEWAY Connector
using OpenSSH
in the
Cylance Endpoint Security
Setup content.
Regenerate the self-signed TLS certificate
In the
CylanceGATEWAY Connector
web interface, administrators can regenerate the TLS certificate at any time. The web interface indicates whether the certificate is self-signed and the certificate expiry date. For more information, see Configure the
CylanceGATEWAY Connector
in the
Cylance Endpoint Security
Setup content.
License agreement in web interface
The
CylanceGATEWAY Connector
license agreement screen has moved from the
CylanceGATEWAY Connector
deployment to the web interface.

What's new in
CylanceGATEWAY Connector
2.0.0.648 (May 2022)

Feature
Description
CylanceGATEWAY Connector
enhancements
The connector now supports the following:
  • During deployment, you can configure the connector for static IP.
  • In the
    vSphere
    and
    ESXi
    environment connector console, you can change the keyboard layout and verify that the OVF file has deployed successfully.
  • In the connector web interface, administrators are required to change the connector password. Administrators can also do the following:
    • specify settings including the HTTP/S proxy URL, Maximum Transfer Unit (MTU), Network Time Protocol (NTP) server, and Advanced Package Tool (APT). These settings can be reset to default.
    • download the connector log files.
    • restore the connector to factory settings.
For more information, see Setting up the
CylanceGATEWAY Connector
in the
Cylance Endpoint Security
Setup content.

What's new in
CylanceGATEWAY
agent for
Windows

What's new in
CylanceGATEWAY
agent for
Windows
2.5.0.5 (Aug 2022)

Feature
Description
CylanceGATEWAY
agent for
Windows
installer enhancements
When users install the
CylanceGATEWAY
agent for
Windows
and the minimum requirements are not met, the installer displays an information dialog box that specifies the requirement that was not met.

What's new in
CylanceGATEWAY
agent for
Windows
2.0.0.13 (May 2022)

Feature
Description
Support for
Windows
11
The
CylanceGATEWAY
agent for
Windows
now supports
Windows
11 devices.

What's new in
CylanceGATEWAY
agent for
Windows
1.5.0.7 (Feb 2022)

Feature
Description
Desktop alerts and notifications
The custom notification message specified in an ACL rule is now displayed by the
CylanceGATEWAY
app on the desktop.

What's new in
CylanceGATEWAY
agent for
macOS

What's new in
CylanceGATEWAY
agent for
macOS
1.5.11 (Feb 2022)

Feature
Description
Desktop alerts and notifications
The custom notification message specified in an ACL rule is now displayed by the
CylanceGATEWAY
app on the desktop.