One of the main use cases for CylanceOPTICS is endpoint detection and response, which even works without internet, unlike some other solutions. For example, CrowdStrike only works when connected to the internet, but with BlackBerry Cylance, it's functional offline. Additionally, a key distinction between Arctic Wolf and other products I've worked on is that CylanceOPTICS not only is signature-based but also integrates AI, allowing it to remain effective even without the latest updates. For instance, if Microsoft releases a patch, CrowdStrike might prevent you from reversing the changes, whereas CylanceOPTICS allows you to revert to the last recovery point if something goes wrong, which is a major advantage. As for threat detection, we have not encountered any issues with customers using CylanceOPTICS; everyone has been satisfied with the product. I believe Cylance was renamed Aurora Endpoint last month, as they have shifted from EDR to an MDR model, but I'm still acquiring knowledge on how this changes our approach with customers. In terms of advanced behavioral threat detection, it performs excellently, as we have not faced any problems in that regard.
I might not be the right person to answer questions about risk mitigation as I'm not a technical person and have not handled those aspects directly. We completed the deployment of approximately 300 users in a span of 10 days. There were many dependencies because we had to remove the existing AV product from the systems, and then we had to deploy the agents of CylanceOPTICS. While 10 days is a considerable amount of time, this was not due to CylanceOPTICS. The CylanceOPTICS deployment typically should take approximately two to three days maximum.
The reason why I choose SentinelOne right now is that I can fork timelines. I can create serialization or my own fingerprints for the use cases. Or I can actually look for unknown unknowns. Where in CylanceOPTICS, I don't have that functionality, but what you can do in Cylance is, like, you can create artifacts. Cylance also lets you classify different severities of AV detections, while SentinelOne uses signatures. So, they work slightly differently. In my opinion, Cylance might be lighter, but both are competitors with similar functionality, just a different approach. That's about it.
The solution is mostly for EDR stuff, basically, to protect a company if it got hit by ransomware. That was one of the biggest worries. That was the main use it, was to monitor and protect at this point.
Solutions Architect at a tech services company with 51-200 employees
Real User
Mar 13, 2021
Typically, we use machine learning features that we developed over the last half a dozen years to build this product, and therefore we're not a signature-based solution. If there are some anomalies that are taking place, generally we can raise an alarm and beyond just raising an alarm, we can provide some other kind of mitigation. We can maybe block communications or sandbox communications or send an alert as another aspect of control or protection.
The primary use would mainly be for intelligent intrusion detection and response. Our biggest customers are two pharmacies and a bank, so it would be applied in the financial and healthcare industries.
Cyber Security Consultant at a tech services company with 10,001+ employees
Real User
Feb 9, 2020
We are an IT company and this is one of the solutions that we implement for our customers. I am a pre-sales solution architect in charge of cybersecurity.
Our cloud-native BlackBerry® Optics provide visibility, on-device threat detection and remediation across your organization. In milliseconds. And our EDR approach effectively and efficiently hunts threats while eliminating response latency. It’s the difference between a minor security event—and one that’s widespread and uncontrolled.
One of the main use cases for CylanceOPTICS is endpoint detection and response, which even works without internet, unlike some other solutions. For example, CrowdStrike only works when connected to the internet, but with BlackBerry Cylance, it's functional offline. Additionally, a key distinction between Arctic Wolf and other products I've worked on is that CylanceOPTICS not only is signature-based but also integrates AI, allowing it to remain effective even without the latest updates. For instance, if Microsoft releases a patch, CrowdStrike might prevent you from reversing the changes, whereas CylanceOPTICS allows you to revert to the last recovery point if something goes wrong, which is a major advantage. As for threat detection, we have not encountered any issues with customers using CylanceOPTICS; everyone has been satisfied with the product. I believe Cylance was renamed Aurora Endpoint last month, as they have shifted from EDR to an MDR model, but I'm still acquiring knowledge on how this changes our approach with customers. In terms of advanced behavioral threat detection, it performs excellently, as we have not faced any problems in that regard.
I might not be the right person to answer questions about risk mitigation as I'm not a technical person and have not handled those aspects directly. We completed the deployment of approximately 300 users in a span of 10 days. There were many dependencies because we had to remove the existing AV product from the systems, and then we had to deploy the agents of CylanceOPTICS. While 10 days is a considerable amount of time, this was not due to CylanceOPTICS. The CylanceOPTICS deployment typically should take approximately two to three days maximum.
The reason why I choose SentinelOne right now is that I can fork timelines. I can create serialization or my own fingerprints for the use cases. Or I can actually look for unknown unknowns. Where in CylanceOPTICS, I don't have that functionality, but what you can do in Cylance is, like, you can create artifacts. Cylance also lets you classify different severities of AV detections, while SentinelOne uses signatures. So, they work slightly differently. In my opinion, Cylance might be lighter, but both are competitors with similar functionality, just a different approach. That's about it.
We use it to detect and quarantine malware before it executes in the environment.
We use CylanceOPTICS for malicious URLs and malicious processes. Malicious processes that we're attempting to be notified about, and similar things.
The solution is mostly for EDR stuff, basically, to protect a company if it got hit by ransomware. That was one of the biggest worries. That was the main use it, was to monitor and protect at this point.
Typically, we use machine learning features that we developed over the last half a dozen years to build this product, and therefore we're not a signature-based solution. If there are some anomalies that are taking place, generally we can raise an alarm and beyond just raising an alarm, we can provide some other kind of mitigation. We can maybe block communications or sandbox communications or send an alert as another aspect of control or protection.
The primary use would mainly be for intelligent intrusion detection and response. Our biggest customers are two pharmacies and a bank, so it would be applied in the financial and healthcare industries.
We are an IT company and this is one of the solutions that we implement for our customers. I am a pre-sales solution architect in charge of cybersecurity.