- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Logging in to the management console
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Setting up administrators
- Adding users and devices
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Using device policies to manage CylancePROTECT Desktop devices
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop agent
- Setting up CylancePROTECT Mobile
- Setting up CylanceOPTICS
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Azure environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Installing the CylanceGATEWAY agent
- Defining your private network
- Setting up CylanceAVERT
- Installing the CylanceAVERT agent
- Define sensitive content using information protection settings
- Managing information protection policies
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- BlackBerry Docs
- Cylance Endpoint Security
- Setup
- Cylance Endpoint Security Setup Guide
- Setting up CylanceGATEWAY
- Configuring network protection
Configuring network protection
You can configure how
CylanceGATEWAY
detects and reacts to threats in various ways. When you configure your access control list (ACL) rules to allow access to destinations, CylanceGATEWAY
can still block the user from accessing the destination if a potential threat is identified. To enable the additional network protection, ensure that each ACL rule also has the "Check addresses against network protection" parameter selected. This setting is enabled by default. - Intrusion protection: You can use intrusion protection to enable deep network threat detection using the network connection’s signatures. When intrusion protection is enabled,CylanceGATEWAYautomatically blocks connections where threats are detected if the ACL rule matches the destination and checks the network protection. When intrusion protection is disabled, threats are logged but the connection is not blocked. For more information on a list of anomalies and their actions, see viewing network activity. Intrusion protection is enabled by default.
- Destination protection: You can use destination reputation to block potentially malicious IP addresses and FQDNs that match the risk level that you specify (low, medium, or high). When enabled, the default risk level is high.CylanceGATEWAYlogs and automatically blocks connections to the destinations that match the set risk level when the destination matches the ACL rule and checks the network protection. When destination protection is disabled, threats are logged but the connection is not blocked. For more information on a list of anomalies and their actions, see viewing network activity. Destination reputation is disabled by default.Risk levels use a combination of machine learning (ML) models and static IP reputation database to determine if a destination might contain potential threats.
- ML models: The ML models assign a confidence level to destinations that your users might access. ML models continuously learn whether a destination might contain potential threats.
- IP reputation databases: The IP reputation database provides a confidence level to IP addresses from open and commercial IP reputation feeds.CylanceGATEWAYreferences the reputation feeds to determine the risk level of an IP address.CylanceGATEWAYconsiders the number of vendors that have convicted a specific destination and the dependability of the sources before it assigns a risk level (for example, if the majority of sources and IP reputation engines identify a destination to contain potential threats,CylanceGATEWAYwill assign the destination a risk level of high. For more information on the risk levels, see Destination reputation risk threshold.