CylancePROTECT – Product overview
Malicious code can have a devastating effect on organizations. This has been clearly demonstrated again and again in recent cases such as the ransomworm WannaCry, which in 2017 exploited the vulnerability known as EternalBlue and infected more than 200,000 computers in 150 countries. Another ransomware that had a strong impact last year, Petya, infected the Danish company A.P. Moller-Maersk, resulting in losses estimated between $250 million and $300 million.
In fact, these two examples do not even represent a worst-case scenario. It is reasonable to imagine a situation where a stealthy piece of malware spreads across any organization's computers, allowing them to be controlled by a remote attacker and leading to scenarios such as information leakage or destruction, critical infrastructure outages or even making the corporate infrastructure part of a botnet that will serve to spread new attacks.
What should you learn next?
With the continuing emergence of new threats, it is necessary to adopt different tactics capable of dealing even with the unknown. This is exactly what CylancePROTECT proposes.
What Is CylancePROTECT?
CylancePROTECT is an advanced threat protection solution that, unlike other traditional endpoint protection software, makes no use of malware signatures. Instead, it employs techniques such as machine learning and artificial intelligence, which allows the identification of malicious code based on its behavior. In theory, this ensures protection even against zero-day codes, malware that has never been seen before.
Among its key features, Cylance includes:
- True zero-day prevention
- AI-driven malware prevention
- Script management
- Device usage policy enforcement
- Memory exploitation detection and prevention
- Application control for fixed-function devices
Understanding how CylancePROTECT works
Configuration and distribution: Cylance makes use of a centralized cloud console where you can define all the policies for the aforementioned key features. From here you can create custom installation packages, which greatly facilitates the software distribution if you have a large number of endpoints to protect.
Once installed, CylancePROTECT performs an initial scan on all files on the computer to identify potential malware. In theory, this is the only scan needed and further scans are not performed, except when there is a significant change to Cylance AI algorithms. For organizations subject to specific regulations such as PCI-DDS, which require periodic scans, you can enable this functionality manually.
Since it does not need to perform regular scans or check a malware signature database when properly configured, CylancePROTECT consumes far less resources than the conventional anti-virus software, taking far less time to analyze threats and making distribution easier on older computers with limited capacity. The Cylance compatibility list includes Linux Red Hat/CentOS versions 6 and 7, Mac OS X and MacOS 10 and Windows releases all way back to Windows XP SP3.
True Zero-Day prevention: One of the great advantages of using a solution that is not based on malware signatures is the possibility of ensuring protection against Zero-Day (unknown threats). Since Cylance makes use of artificial intelligence models for threat prevention, it is possible to prevent Zero-Days from being executed.
AI-driven malware prevention: The most popular feature of CylancePROTECT is its use of artificial intelligence and machine learning for advanced threat prevention. The fact that the solution does not have to identify malware using signatures not only allows blocking of Zero-Day threats, but also makes the solution more efficient in the use of resources such as processor and memory while providing a high level of protection.
Script management: Many threats are distributed through the execution of scripts. CylancePROTECT allows complete control of script execution, identifying those that are authorized and ensuring that no other scripts are executed.
Device usage policy enforcement: Removable storage devices, such as USB sticks, portable disks or even smartphones, are a common vector for spreading threats. CylancePROTECT allows you to perform policy-based management, defining which devices can be used and blocking everything else. Simple as that.
Memory exploitation detection and prevention: Fileless malware limits its activities to the memory of the infected device, as no writing is done on the computer's disk. This type of threat is quite elusive, making it difficult not only to detect but also limiting other security-related activities such as forensics. CylancePROTECT can be used to identify malicious memory usage, such as malware using PowerShell scripts, and immediately prevent the threat from being executed.
Application control for fixed-function devices: At its highest level of protection, CylancePROTECT policies can be set so that no unknown application or executable can be run. Obviously, this approach may not work well for all of the organization's endpoints, but those with a fixed role (such as the computers used by critical infrastructure solutions) can benefit greatly from this type of protection.
Integrating CylancePROTECT with education and user awareness
CylancePROTECT is an excellent solution for advanced threat protection, but not even the most advanced technology can guarantee 100% protection. One point that should never be overlooked is the need to continuously educate users, ensuring that they are not only able to recognize situations that may compromise information security but known how to deal with them. This, of course, includes dealing with malware.
One smart way to do this is to integrate employee training with real events such as threats that have attempted to exploit enterprise security flaws. This is possible by integrating Cylance with SecurityIQ, InfoSec Institute's anti-phishing and security awareness training platform.
SecurityIQ uses an Event-Activated Learning approach, which integrates leading Endpoint Protection (EPP) solutions, and instantly enrolls users in training when they perform actions such as attempting to download or run malware, fall for phishing, run hostile browser add-ons, open macro- or malware-embedded attachments or fall victim to any other EPP-monitored security event.
Concluding thoughts
CylancePROTECT is one of the best endpoint protection solutions currently available in the market. The combination of features such as easy distribution and management, low hardware resource consumption and high threat detection/prevention capability is undoubtedly something highly sought-after by organizations wishing to be free of advanced malware.
A key point about CylancePROTECT is to understand how its artificial intelligence-based approach works: If something behaves like a malware, it will be treated as malware. Unfortunately, this can lead to false positives, especially in the case of legacy applications or even valid applications that behave outside of what is expected because of a bad development cycle. Like any AI-based solution, CylancePROTECT will need some time to “learn” the specifics about your environment, requiring the support of the security team to avoid blocking valid applications.
In times where new security threats do not stop being developed, linking your endpoint protection platform to employee education is a strategy that will significantly elevate corporate data protection levels. This is an approach that every CISO should consider seriously; the alternative is risking becoming a possible victim of the next advanced malicious code that might be launching right now.
What should you learn next?
Sources
NotPetya Ransomware Attack Cost Shipping Giant Maersk Over $200 Million, Forbes
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- CylancePROTECT – Product overview
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security