BlackBerry Cylance Extends Capabilities with Solution Enhancements and Linux Coverage

The BlackBerry team is pleased to announce the addition of exciting new enhancements to our endpoint protection, detection and response solutions CylancePROTECT® and CylanceOPTICS™, two of the six core solution pillars in the BlackBerry Spark Platform for Unified Endpoint Security (UES).

Key features include a single-agent and installer for both solutions as well as custom Role-Based Access Controls (RBAC), accelerated incident investigation, increased search parameter flexibility, alignment with the MITRE ATT&CK Framework, and expanded automated response via CAE rules.

This lightweight, single-agent deployment enhancement allows centralized management from a single console for both the Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR) solutions, helping organizations maximize the return from their security investment.

Whats New in CylancePROTECT?

  • Role-Based Access Controls (RBAC): RBAC is an approach to restricting system access based on the roles of individual users to only the information required to perform their jobs, and provides an additional layer of controls by limiting access to sensitive information.
  • User Interface Modernization: Driven by customer demand, this latest release includes an updated look and feel for the UI, including new colors, fonts, an updated login page, and the addition of a left-side navigation bar.  

Whats New in CylanceOPTICS v2.4?

  • Registry Introspection Enhancements: Provides increased visibility into common Windows Registry persistence points, including memory attacks via Focus View, InstaQuery, or CAE detection logic. 
  • DNS Visibility: Enables the endpoint agent to sense and record what has instigated a DNS query, by which IP address and domain it was initiated, when it was initiated, and artifacts of the initiation via Focus View, InstaQuery, or CAE detection logic.  
  • Windows Logon Event Visibility: Enables the endpoint agent to sense and record what has instigated a Windows Logon event, the user that logged on, by which IP address and domain it was initiated, when it was initiated, and artifacts of the initiation via Focus View, InstaQuery, or CAE detection logic.  
  • Private Address (RFC 1918 / RFC 4193) Space Visibility: Enables the endpoint agent to sense, analyze, and record an event originating from a private internet address on a TCP/IP network via Focus View, InstaQuery, or CAE detection logic.  
  • Enhanced WMI Introspection: Enables the endpoint agent to sense, analyze, and record an MS Windows Management Instrumentation event via Focus View, InstaQuery, or CAE detection logic.  
  • Enhanced PowerShell Introspection: Enables the endpoint agent to sense, analyze, and record a PowerShell event (commonly used to rapidly automate tasks that manage operating systems and processes) via Focus View, InstaQuery, or CAE detection logic. 

Introducing CylanceOPTICS for Linux 

In addition to these new solution features, BlackBerry Cylance is introducing additional enhancements to extend the power of its native AI capabilities. We are also pleased to introduce enhanced CylanceOPTICS functionality optimized for several popular Linux OS versions including RHEL, Ubuntu, CentOS and SUSE. 

In enterprise data centers utilizing X86-based servers, Linux is a widely utilized operating system for both bare-metal machines and virtual machines within hypervisors. This growth is being further accelerated by the movement within data centers to containers. While endpoints are often the initial target of malware attacks, the primary target is the data on the servers, whether in financial services, e-commerce, or other enterprise applications.

With this entry into the Linux computing environment, BlackBerry has extended the reach of AI-based EDR technology to cover a broader set of endpoints in both data centers and industrial environments, including servers, point of sale (POS) devices, ATM terminals, and Linux-based fixed-function devices. The solution includes:

  • Feature and functionality parity of CylanceOPTICS for Windows and Mac with several popular Linux operating system versions including RHEL, Ubuntu, CentOS and SUSE.
  • Partial Device Lockdown to quickly isolate an infected or potentially infected device to stop command and control (C2) activity, exfiltration of data, or lateral movement of malware, giving administrators time to investigate the device or physically remove the device from the network while maintaining uptime for business-critical systems and processes.
  • Remote Response to streamline system information and actions by providing an interface for users to interactively execute scripts and run 'traditional' or 'native' commands to swiftly triage a system in near-real-time within the Console without navigating away to view returned data.

For more information on BlackBerry Spark, please visit: www.blackberry.com/spark.