I do not have negative aspects, since it is a very well elaborated software, with guarantees of feasibility and adaptation in each company. Primal application to detect and prevent attacks in your organization. It has certain restrictions to folders or files with full control from the "everyone" security group. The initial setup is different than traditional AV, you must run it in test mode to catch false positives and whitelist scripting folders. It is more expensive than traditional AV, but it's the most important security function on any system. it's ram/processor footprint is incredibly small and is very easy to install. Another big bonus is you don't run background scans, Cylance runs one initial background scan and then only scans realtime items when they open. It can dissect what a program is going to do based on an AI algorithm and determine before it runs if it is malicious. Upon installing Cylance, we have not had a single infection. We suffered from infections that were detected after it was too late, such as ransomware, since there is a lag between the release of malware and the updated signatures to detect them. The problem with signature based solutions is they can be easily defeated. Previously our organization used Trend Micro for our AV solution. Very Positive, I believe this is the future of antivirus/antimalware. I guess that's why the marketing initiatives can seem a little over the top, it's hard to get the idea across when some hater says "doesn't detect EICAR!" That's why my MSP pal doesn't have his SMB clients on this product, they can't comprehend the value proposition of something so different to what they're familiar with. In comparison to traditional signature-based (useless) AV, CylancePROTECT and CylanceOPTICS seems expensive. The endpoint is the focus of the last line of defense, so PROTECT is critical in my security posture. I don't see these attacks in my environment, hence the testing. When I throw attacks against old-build agents, and those attacks are obliterated, it helps me sleep better at night. He has had many clients compromised by ransomware, several more than once, with nuke/pave/restore for the entire organization being the typical response. I have tested the Cylance client against true zero day attacks, not recognized on VirusTotal, shared with me by an MSP friend. In the three years we've been protecting our endpoints with CylancePROTECT, we have had ZERO incidents across ~250 endpoints. With three years experience and NO compromised endpoints, I can focus on other security layers instead of faffing around fixing endpoints. Even with excellent email filtering, which we also have, there are just too many things that can go horribly wrong. With a traditional AV client that includes web filtering, which we also have, I would consider those endpoints EXTREMELY vulnerable. I have a significant number of users out in the field with limited or no edge protection, so a cloud based endpoint solution is an obvious first step. Ignore the marketing hype, for endpoint protection this is the real deal
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |