Get the PDF

Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
  - Generate a new SSO callback URL
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

Create an information protection policy

In the management console, on the menu bar, click

Policies > User Policy

Click the

Information Protection

tab.

Click

Add Policy

In the

General Information

section, fill in the following:

In the

Policy name

field, type in a name for your policy.

In the

Description

field, type in a description for your policy.

In the

Policy type

drop-down menu, select the type of policy you are creating. Possible values for policy type are regulatory or organizational.

A regulatory policy type refers to the finite set of sensitive data defined by a regulation that does not necessarily change over time (for example, PCI, HIPAA, etc.).

An organizational policy type refers to company proprietary data where the audience for who can access the data can be constantly changing. As a result, organizational data should be classified data elements (for example, the file type, keywords, the file creator, the file creator's role, etc.).

In the

Conditions

section, configure the conditions that will trigger a policy violation by using one of the following:

Condition	Description
Add conditions using a template	Click Add From Template . Click the checkbox for the templates that you want to add to your policy. You can filter the list of templates using the search bar.
Add conditions using the conditions builder	The conditions builder is comprised of And and Or statement groups. You need to use a combination of these statement groups to determine when a policy will be triggered. In the And conditions section, select the conditions from the drop-down list, then specify the minimum number of occurrences required to trigger the condition from the numeric drop-down menu. If you would like to add another item to your current statement group, click Add Item . If you would like to add another statement group, click Add Group . If you would like to delete a statement group, click Delete Group . In the Or conditions section, select the conditions from the drop-down list, then specify the minimum number of occurrences required to trigger the condition from the numeric drop-down menu.

Condition

Description

Add conditions using a template

Click

Add From Template

Click the checkbox for the templates that you want to add to your policy.

You can filter the list of templates using the search bar.

Add conditions using the conditions builder

The conditions builder is comprised of

And

and

statement groups. You need to use a combination of these statement groups to determine when a policy will be triggered.

In the

And

conditions section, select the conditions from the drop-down list, then specify the minimum number of occurrences required to trigger the condition from the numeric drop-down menu.

If you would like to add another item to your current statement group, click

Add Item

If you would like to add another statement group, click

Add Group

If you would like to delete a statement group, click

Delete Group

In the

conditions section, select the conditions from the drop-down list, then specify the minimum number of occurrences required to trigger the condition from the numeric drop-down menu.

In the

Allowed Domains

section, click The plus icon

then select the browser domain you want to allow for you policy from the list.

In the

Allowed Email Domains

section, select which email recipients specified in the information protection settings should be allowed for your policy.

In the

Actions

section, from the drop-down lists, select the action to take for Web browser, USB, and email exfiltration events. Select from the following actions:

Report: This option reports the data exfiltration or policy violation to the

Cylance Endpoint Security

console that can be viewed on the Avert Events (Avert > Events) page, creates an alert in the Alerts view, and sends the events to the SIEM solution or syslog server, if configured. In addition, an email is sent to the email recipients that are specified in the Notifications (Settings > Information protection) screen.

Report and notify: This option reports the data exfiltration or policy violation to the

Cylance Endpoint Security

console and displays the data exfiltration or policy violation badge and notification in the taskbar of the endpoint for the user.

Report, notify and warn: This option reports the data exfiltration or policy violation to the

Cylance Endpoint Security

console, displays a badge and notification in the taskbar, and adds a

Windows

notification in the endpoint and a popup warning to the user before the data exfiltration or policy violation occurs. For example, if a user uses

Microsoft Outlook

, the

CylanceAVERT

agent will intercept the email and display an alert in the email editor as well as a warning to the user before the sensitive data is sent.

Click

Add

If a user has policies assigned to them, and then has all of those policies removed, the user will be deleted from

CylanceAVERT

Do any of the following:

You can assign a policy to users and user groups. See View CylanceAVERT user details for more information.

To delete an information protection policy, select the checkbox beside the policy in the list, then click

Delete

To edit an information protection policy, click on the policy in the list, make a change to the policy, then click

Save

Section:

Managing information protection policies