Requirements: CylanceOPTICS Skip Navigation

Requirements:
CylanceOPTICS

With
CylanceOPTICS
version 3.0 and later, the
CylanceOPTICS
agent sends the device data that it collects to a centralized cloud architecture to be stored in a secure cloud database instead of storing the data locally on the device. This new architecture makes
CylanceOPTICS
cloud-enabled.
To manage this significant change for customers,
BlackBerry
is using the following approach to manage releases of the 3.x agent:
  • For customers who have already contacted
    BlackBerry
    and have been granted the entitlement for
    CylanceOPTICS
    3.x, the latest 3.x version of the agent is available in the management console.
  • For customers who have
    CylanceOPTICS
    agent 2.x and do not have the entitlement for
    CylanceOPTICS
    3.x, contact your
    BlackBerry
    Sales representative (or use the Contact Sales form) to request the latest 3.x agent and the entitlement for 3.x.
Agent version 2.5.x is still supported, but new features will require the latest 3.x agent. For more information about
CylanceOPTICS
agent 2.5.x, see the 2.5.x Administration Guide and Release Notes.

Agents

Agent
Requirements
CylancePROTECT Desktop
agent
  • You must install the
    CylancePROTECT Desktop
    agent on a device before you install the
    CylanceOPTICS
    agent.
  • BlackBerry
    recommends installing the latest available version of the
    CylancePROTECT Desktop
    agent. The
    CylanceOPTICS
    agent version 3.1 and 3.2 require the following minimum versions of the
    CylancePROTECT Desktop
    agent:
    • Windows
      : 2.1.1570.x
      • The optional
        CylanceOPTICS
        API Sensor requires
        CylanceOPTICS
        agent 3.2 or later and
        CylancePROTECT Desktop
        version 3.0.1003 or later.
    • macOS
      : 3.0.1000.x
    • Linux
      : 2.1.1570.x or 2.1.1580.x
      • Due to a known issue,
        CylancePROTECT
        agent 2.1.1574.x is not supported for use with the
        CylanceOPTICS
        agent for
        Linux
      • Devices with
        Ubuntu
        20.04, SUSE Enterprise
        Linux
        15,
        Oracle
        Linux
        Server UEK 8 (
        CylanceOPTICS
        3.2 or later), or
        Oracle
        Linux
        Server 8 (
        CylanceOPTICS
        3.2 or later) require
        CylancePROTECT Desktop
        agent 2.1.1590.x or later
CylanceOPTICS
agent
  • BlackBerry
    recommends installing the latest available version of the CylanceOPTICS agent on each device. The latest version of the agent is 3.2, and is available by contacting
    BlackBerry
    Sales to migrate from
    CylanceOPTICS
    2.x tenant services to
    CylanceOPTICS
    3.x tenant services.
  • CylanceOPTICS
    agent version 3.x is required to support automatically storing collected data in the
    CylanceOPTICS
    cloud database. Earlier versions of the agent store
    CylanceOPTICS
    data in a local database on the device.
  • In agent 3.x, the data that is collected by the
    CylanceOPTICS
    sensors is cached locally before it is sent to the
    CylanceOPTICS
    cloud database. If the device is offline, the data is cached until the device can connect to the cloud database. A maximum of 1 GB of data can be stored locally. If more than 1 GB of data is stored before it can be uploaded, the lowest priority data will be deleted so that higher priority data can be cached.
  • See the Cylance Endpoint Security Release Notes for considerations when upgrading from
    CylanceOPTICS
    agent 2.x to 3.x.
  • When you upgrade from version 2.x to 3.x, the full contents of the
    CylanceOPTICS
    local database are uploaded to the cloud database in batches.
  • After you upgrade to version 3.x, you cannot downgrade the agent to version 2.x. If you want to install version 2.x, you must uninstall version 3.x, then install version 2.x.

OS support and additional requirements

For information about the operating systems that
CylanceOPTICS
supports, see the Cylance Endpoint Security compatibility matrix. To view support timelines for all
BlackBerry
products, see the BlackBerry Software Lifecycle Overview.
The following table lists the supported operating systems that have additional requirements or considerations. Note that this table is not a comprehensive list of supported operating systems. If an operating system is not listed in the table, it means that there are no additional requirements or considerations.
OS
Requirements or considerations
Windows
8.1
Windows
7 SP1
macOS
Monterey (12.x)
macOS
Big Sur (11.x)
macOS
Catalina (10.15)
macOS
Mojave (10.14)
Enable full disk access. For more information, see KB 66427.
RHEL/CentOS 8.x
RHEL/CentOS 7.x
Amazon
Linux
2
Oracle
Linux
Server UEK 8 (64-bit)
Oracle
Linux
Server 8 (64-bit)
Ubuntu
20.04
Ubuntu
18.04
SUSE Enterprise
Linux
15
SUSE Enterprise
Linux
12
  • kernel-headers and kernel-devel are required, and the version must match the running kernel. During the installation, the package manager will indicate the versions that are required.
  • One of the following
    Linux
    sensor suites is required: eBPF, Netlink (with multicast Netlink socket support 3.16 or later, or audit daemon uninstalled), or Auditdsp (with the auditd and auditdsp plugins enabled to start on boot). eBPF is recommended for the best performance with the
    CylanceOPTICS
    agent. If eBPF is not available, the agent tries to use Netlink for the next best level of performance. If Netlink is not available, the agent tries to use Auditdsp. The available sensor suites vary depending on the version of your OS.
  • Firewalld must be enabled and running to support the lockdown device feature. Firewalld is available by default with RHEL/CentOS, SUSE 15, and
    Oracle
    Linux
    and must be installed manually for
    Ubuntu
    and
    Amazon
    Linux
    . The lockdown device feature is not supported for SUSE 12.
  • Ubuntu
    20.04 requires libtinfo5 and linux-headers.
  • For SUSE 12 and 15, policycoreutils is required. For SUSE 15, libncurses5 and kernel-default-devel to match kernel are also required.
  • For
    Amazon
    Linux
    2, RHEL/CentOS 8.x, and
    Oracle
    Linux
    8, ncurses-compat-libs is required.

Compatibility with other EDR solutions

The
CylanceOPTICS
agent is not compatible with other EDR (Endpoint Detection and Response) solutions installed on the same device. Remove any third-party EDR solutions from a device before you install and enable the
CylanceOPTICS
agent.

Hardware

Item
Requirements
Processor (CPU)
  • In general use, as low as 1% additional CPU
  • For heavy sustained workloads, additional 5% to 25% CPU bursts can be required, depending on the workload
Memory (RAM)
The agent requires 0.2 to 1.0 GB of additional memory, depending on the workload.
Disk space (hard drive)
Minimum 1 GB
  • For
    CylanceOPTICS
    agent 2.x and earlier, 1 GB minimum is required for the local database.
  • For
    CylanceOPTICS
    3.0 and later, 1 GB minimum is recommended for caching
    CylanceOPTICS
    sensor data before the device can upload the data to the
    CylanceOPTICS
    cloud database when it is online.

Virtual machines

CylanceOPTICS
is supported for virtual machines. For requirements, deployment guidance, and best practices, see Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines. If you use
CylanceOPTICS
on a virtual machine,
BlackBerry
recommends disabling the WMI enhance introspection sensor to reduce the number of recorded events.