- Configuring a new Cylance Endpoint Security tenant
- Cylance Endpoint Security requirements
- Requirements: Cylance console
- Requirements: CylancePROTECT Desktop
- Requirements: CylanceOPTICS
- Requirements: CylancePROTECT Mobile app
- Requirements: BlackBerry Connectivity Node
- Requirements: CylanceGATEWAY Connector
- Requirements: CylanceGATEWAY agents
- Requirements: CylanceAVERT
- Cylance Endpoint Security network requirements
- Cylance Endpoint Security proxy requirements
- Accessing the management console and configuring authentication
- Setting up administrators
- Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Setting up CylancePROTECT Desktop
- Testing your CylancePROTECT Desktop deployment
- Create and manage a device policy
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Require users to provide a password to remove the CylancePROTECT Desktop and CylanceOPTICS agents
- Setting up CylanceOPTICS
- Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Best practices for deploying CylancePROTECT Desktop on Windows virtual machines
- Using RMM solutions to install the Cylance agents on devices
- Installing the BlackBerry Connectivity Node
- Linking to your company directory
- Adding users and devices
- Setting up CylancePROTECT Mobile
- Setting up CylanceGATEWAY
- Defining your private network
- Setting up the CylanceGATEWAY Connector
- Install the CylanceGATEWAY Connector to a vSphere environment
- Install the CylanceGATEWAY Connector to an ESXi environment
- Prerequisites to install CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Microsoft Entra ID environment
- Install the CylanceGATEWAY Connector to a Hyper-V environment
- Install the CylanceGATEWAY Connector to an AWS environment
- Configure the CylanceGATEWAY Connector in the VM environment
- Access the CylanceGATEWAY Connector using OpenSSH
- Configure your firewall for the CylanceGATEWAY Connector
- Enroll the CylanceGATEWAY Connector with the BlackBerry Infrastructure
- View details for an enrolled CylanceGATEWAY Connector
- Configure the CylanceGATEWAY Connector
- Managing CylanceGATEWAY Connectors
- Manage CylanceGATEWAY Connectors
- Update a CylanceGATEWAY Connector
- UDP connectivity test responses
- Specify your private network
- Specify your private DNS
- Specify your DNS suffixes
- Specify private CylanceGATEWAY agent IP ranges
- Bring your own IP addresses (BYOIP)
- Setting up the CylanceGATEWAY Connector
- Network Address Translation with CylanceGATEWAY
- Define network services
- Controlling network access
- Configuring network protection
- Searching ACL rules and Network Services
- Using source IP pinning
- Configuring the Gateway service options
- Gateway Service policy parameters
- Configure Gateway service options
- Specifying how devices activated with an EMM solution use the CylanceGATEWAY tunnel
- Specify which apps use CylanceGATEWAY on iOS devices
- Specify which apps use CylanceGATEWAY on iOS devices in a Microsoft Intune environment
- Specify CylanceGATEWAY options on Android Enterprise devices
- Specify CylanceGATEWAY options on Chromebook devices
- Specify CylanceGATEWAY options on Android Enterprise devices in your Microsoft Intune environment
- Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed
- Installing the CylanceGATEWAY agent
- Defining your private network
- Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Setting up CylanceAVERT
- Connecting Cylance Endpoint Security to external services
- BlackBerry Docs
- Cylance Endpoint Security
- Cylance Endpoint Security
- Cylance Endpoint Security Setup Guide
- Configuring a new Cylance Endpoint Security tenant
Configuring a new Cylance Endpoint Security tenant
Cylance Endpoint Security
tenantWhen you create a new
Cylance Endpoint Security
tenant, or when you reset a tenant to the recommended default state, the tenant includes preconfigured zones and preconfigured device policies that are designed to help you tune your environment to the desired security posture.A new tenant, or a tenant that has been reset to the recommended default state, includes three preconfigured zones, one for each desktop OS (
Windows
, macOS
, and Linux
). These zones are configured to automatically assign new desktop devices to the appropriate OS zone. The preconfigured zones are assigned the stage 1 device policy described below.A new or reset tenant includes three preconfigured device policies to control the features and functionality of
CylancePROTECT Desktop
and CylanceOPTICS
. See Default configuration settings for a new Cylance Endpoint Security tenant for the complete configuration of each preconfigured policy.Preconfigured policy | Description |
|---|---|
Stage 1 | The starter configuration that allows devices to listen for malware threats. Advanced policy settings are turned off. Use this policy in your environment first to observe the initial detections from devices and to configure the appropriate exceptions. When you are comfortable with the performance and impact of this policy, you can progress devices to the stage 2 policy. |
Stage 2 | This device policy enables the detection of a wider range of threats, including abnormal malware, unsafe scripts, and memory exploits. Assign this policy to a small number of devices to gauge the volume and frequency of detections and the level of investigation required. This will allow you to refine the policy configuration before assigning it to more devices. When you are comfortable with the performance of this policy, you can progress devices to the stage 3 policy. |
Stage 3 | This device policy builds on stage 2 by adjusting settings so that devices can can both listen for threats and take certain preventative actions. Use this device policy only after sufficient testing with the stage 2 policy, and only after applying the fine tuning from the stage 2 policy to this policy as well. |
As you test and evaluate the preconfigured zones and device policies, you can adjust the configuration as needed, including making changes to the preconfigured options or copying and modifying a zone or policy to determine the configuration that best suits your organization's environment.
Cylance Endpoint Security
also offers additional options that make it easier for you to quickly configure a new tenant to meet your organization’s needs. You can export the configuration of a tenant and import it to a new tenant, or reset a tenant to the recommended defaults detailed in Default configuration settings for a new Cylance Endpoint Security tenant. For more information, see Export, import, or reset the configuration of a Cylance Endpoint Security tenant.