- Configuring a new Cylance Endpoint Security tenant
- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Accessing the management console and configuring authentication
- Setting up administrators
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Create and manage a device policy
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop and CylanceOPTICS agents
- Setting up CylanceOPTICS
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Using RMM solutions to install the Cylance agents on devices
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Adding users and devices
- Setting up CylancePROTECT Mobile
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up CylanceAVERT
- Connecting Cylance Endpoint Security to external services
- BlackBerry Docs
- Cylance Endpoint Security
- Cylance Endpoint Security
- Cylance Endpoint Security Setup Guide
- Setting up CylanceGATEWAY
- Configuring network protection
Configuring network protection
You can configure how
CylanceGATEWAY
detects and reacts to threats in various ways. When you configure your access control list (ACL) rules to allow access to destinations, CylanceGATEWAY
can still block the user from accessing the destination if a potential threat is identified. You can also control the information that can be displayed in the Network Events screen and Alerts view and what is sent to the SIEM solution or syslog server, if configured. To enable the additional network protection, ensure that each ACL rule also has the "Check addresses against Network Protection" parameter selected. This setting is enabled by default. - Signature detection: You can use signature detection to enable deep network threat detection using the network connection’s signatures. When signature detection is enabled,CylanceGATEWAYautomatically blocks connections where threats are detected if the ACL rule matches the destination and checks the network protection. When signature detection is disabled, threats are logged but the connection is not blocked. For more information on a list of detections and their actions, see viewing network activity. Signature detection is enabled by default.
- Destination protection: You can use destination reputation to block potentially malicious IP addresses and FQDNs that match the risk level that you specify (low, medium, or high). When enabled, the default risk level is high.CylanceGATEWAYlogs and automatically blocks connections to the destinations that match the set risk level when the destination matches the ACL rule and checks the network protection. When destination protection is disabled, threats are logged but the connection is not blocked. For more information on a list of detections and their actions, see viewing network activity. Destination reputation is enabled by default.Risk levels use a combination of machine learning (ML) models and static IP reputation database to determine if a destination might contain potential threats.
- ML models: The ML models assign a confidence level to destinations that your users might access. ML models continuously learn whether a destination might contain potential threats.
- IP reputation databases: The IP reputation database provides a confidence level to IP addresses from open and commercial IP reputation feeds.CylanceGATEWAYreferences the reputation feeds to determine the risk level of an IP address.CylanceGATEWAYconsiders the number of vendors that have convicted a specific destination and the dependability of the sources before it assigns a risk level (for example, if the majority of sources and IP reputation engines identify a destination to contain potential threats,CylanceGATEWAYwill assign the destination a risk level of high. For more information on the risk levels, see Destination reputation risk threshold.
CylanceGATEWAYautomatically applies the Dynamic Risk category and a subcategory to IP Reputation detections that have been identified to possibly contain malicious threats using a combination of ML models and IP Reputation database. The databases continuously change to add or remove destination entries. You can view additional metadata and details for network events categorized as Dynamic Risk on the Network Events screen. The Dynamic Risk category includes the following subcategories:- Beacon
- Command and control
- DNS Tunneling
- Malware
- Phishing
- Potentially Harmful
- Suspicious Website
- Domain Generation Algorithm (DGA)