0% found this document useful (0 votes)
16 views2 pages

Cylance Optics Prevention

Cylance Optics Prevention
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
16 views2 pages

Cylance Optics Prevention

Cylance Optics Prevention
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

CylanceOPTICS ™

Prevention-First EDR
What’s New in v2.4

What’s New in CylanceOPTICS v2.4 What is


CylanceOPTICS is an artificial-intelligence-powered endpoint detection and CylanceOPTICS?
response (EDR) solution designed to extend the threat prevention delivered by
CylancePROTECT® to identify and prevent the most challenging security incidents. CylanceOPTICS is an endpoint
CylanceOPTICS provides true artificial intelligence (AI) incident prevention, root detection and response (EDR)
solution designed to extend the
cause analysis, smart threat hunting, and automated detection and response
threat prevention delivered by
capabilities. The 2.4 release of the BlackBerry Cylance EDR solution offers several
CylancePROTECT by using AI
enhancements to the InstaQuery, FocusView, and Context Analysis Engine (CAE) to identify and prevent security
logic of CylanceOPTICS to provide greater visibility capabilities. incidents.

These enhancement vectors include: CylanceOPTICS provides:


•• Registry Introspection Enhancements
• AI-driven incident prevention
•• DNS Visibility
• Automated threat detection
•• Windows Logon Event Visibility and response
•• RFC 1918 Address Space Visibility • On-demand root cause analysis
•• Enhanced WMI Introspection Via Windows API • Smart threat hunting
•• Enhanced PowerShell Introspection Via Windows API • Distributed search and collection

The 2.4 release of CylanceOPTICS brings several product enhancements to aid • Remote investigation capabilities

in both the breadth and depth of EDR search parameters. These enhancements,
which are built on the foundational AI-based protection of CylancePROTECT and
locally stored intelligence, offer real-time confidence to investigate, triage, and
remediate when a CAE rule trigger occurs. This gives EDR practitioners the ability
to search and remediate at the speed of the threat landscape, and not be delayed
by cloud queries, protracted forensic analysis, and other time-wasting processes.
The EDR team can understand all the artifacts that have occurred before and after
the triggering event.

This results in:


•• Increased search parameter flexibility within InstaQuery, FocusView, and CAE rules
•• Faster incident response
•• Alignment with the MITRE ATT&CK framework
•• Expanded automated response via CAE rules

Identifying a potential security issue in any environment is important, however, to


protect from the fallout of a widespread incident, organizations need the ability
and agility to investigate and respond to an attack with speed and certainty. With
CylanceOPTICS v2.4, organizations get several new product enhancements to
accelerate incident investigation and response options that enable them to gather
relevant information about an incident and act fast, either in an automated or
customized manner, to meet their objectives.
About BlackBerry
Feature/Benefit Matrix Cylance
Feature Benefit
BlackBerry Cylance develops
Registry Introspection Enhancements: This enhancement extends the visibility artificial intelligence to deliver
Provides increased visibility into common that CylanceOPTICS has into the Windows prevention-first, predictive
Windows Registry persistence points, Registry. The Windows Registry is commonly security products and smart,
including memory attacks via Focus View, used by malicious actors to store malware simple, secure solutions that
InstaQuery, or CAE detection logic. settings, change system configurations, or change how organizations
establish persistence on a system. To more
approach endpoint security.
efficiently surface high fidelity, actionable
BlackBerry Cylance provides
information, CylanceOPTICS records
registry keys and values that are commonly full-spectrum predictive threat
associated with malware or techniques of prevention and visibility across
malicious actors. These enhancements the enterprise to combat the
can be used with Focus View, InstaQuery, or most notorious and advanced
CAE. This is useful in monitoring for fileless cybersecurity attacks, fortifying
attacks, lateral movement, living off the land endpoints to promote security
attacks, etc. hygiene in the security
operations center, throughout
DNS Visibility: Enables the endpoint agent This enhancement gives standard names to global networks, and even on
to sense and record what has instigated a Internet connections (if available), providing
employees’ home networks. With
DNS query, by which IP address and domain visibility into DNS cache compromises,
AI-based malware prevention,
it was initiated, when it was initiated, and rogue DNS servers, DNS-based data
artifacts of the initiation via Focus View, exfiltration, and connections to web threat hunting, automated
InstaQuery, or CAE detection logic. addresses rather than just IP addresses. detection and response, and
expert security services,
Windows Logon Event Visibility: Enables This new feature enables monitoring of BlackBerry Cylance protects the
the endpoint agent to sense and record a specific user if they access multiple endpoint without increasing staff
what has instigated a Windows Logon event, systems and is helpful in detecting and workload or costs.
the user that logged on, by which IP address mitigating potential insider threats. Further,
and domain it was initiated, when it was this provides visibility to observe where the
initiated, and artifacts of the initiation via attacker went and what he did when moving
Focus View, InstaQuery, or CAE detection laterally through the network.
logic.

Private Address (RFC 1918 / RFC 4193) This feature is extremely valuable when
Space Visibility: Enables the endpoint looking for lateral movement attacks.
agent to sense, analyze, and record an Previous versions could only view movement
event originating from a private Internet through a public network space.
address on a TCP/IP network via Focus View,
InstaQuery, or CAE detection logic.

Enhanced WMI Introspection: Enables This is useful in monitoring for fileless


the endpoint agent to sense, analyze, attacks and lateral movement, living off the
and record an MS Windows Management land attacks, etc.
Instrumentation event via Focus View,
InstaQuery, or CAE detection logic.

Enhanced PowerShell Introspection: This enhancement extends the visibility


Enables the endpoint agent to sense, CylanceOPTICS has into PowerShell
analyze, and record a PowerShell event via events, which are commonly used to rapidly
Focus View, InstaQuery, or CAE detection automate tasks that manage operating
logic. systems and processes.

+1-844-CYLANCE
[email protected]
www.cylance.com

 019 Cylance Inc. Trademarks, including BLACKBERRY, EMBLEM Design, CYLANCE, and CYLANCEPROTECT are trademarks or registered
2
©

trademarks of BlackBerry Limited, its affiliates, and/or subsidiaries, used under license, and the exclusive rights to such trademarks are expressly
reserved. All other trademarks are the property of their respective owners. MKTG 19-0640 20190918

You might also like