Cylance POC: Customer Testing Guide

Overview

Thank you for taking the time to test Cylance’s award winning next generation endpoint security product(s). At its core, CylancePROTECT is designed to identify and prevent malware, memory-based attacks, unauthorized scripts and dangerous macros regardless of attack foreknowledge or connection state. Conversely CylanceOPTICS enables threat hunting, root cause analysis and sub-second response to anomalous or malicious activity. This guide explains what you can expect from the structured POC testing methodology.

Success Criteria Validation

To ensure that Cylance products meet your needs, it’s imperative that both parties understand the intended goal. This is accomplished by first establishing success criteria. We group success criteria into three core pillars: effectiveness, simplicity and performance. These are the most common claims tested by others:

Effectiveness

• Consistently prevents the execution of previously unknown, known and custom-crafted malware and payloads without the need for signatures
• High offline prevention rates
• Identify the existence of potentially unwanted programs and dual-use toolkits
• Blocks post-exploit memory attacks
• Prevents execution of unauthorized scripts
• Stops malicious Office macros
• Ability to block unauthorized external storage
• Reduces level of effort to detect and respond
• Gain quick visibility for root cause analysis

Simplicity

• Multi-OS support
• Replaces (or if necessary augment) existing anti-malware solutions
• Microsoft approved AV
• No on-premises equipment required thus saving CAPEX and OPEX
• Simple to deploy using GPO, login script or 3rd party software management packages
• Ease of ongoing agent maintenance. Minimal updates
• Uncomplicated and flexible policy options
• Transparent to the end user. No required changes to their processes or training
• Eases coverage for globally roaming users whether they are online or offline. No need to backhaul roaming users through the corporate security stack
• Does not require excessive (or any) policy exceptions for line of business applications to work
• Automate response actions to behavioral threats without human intervention

Performance

• Reduction in security alert “noise” once endpoints are in auto-quarantine mode
• Single console scales to millions of endpoints. No need for additional management components as you grow
• Non-disruptive to the environment. No reboot required including servers
• Does not interfere with the end user experience. Fully autonomous agent with a reasonable systems resources
  footprint:
  • No daily .DAT signature updates
  • Eliminates daily hard disk scans
  • Reduces aggregate CPU usage
  • Reduces Memory usage
  • Increases file transfer speeds
  • Reduces application launch time (Outlook, Word, IE, Chrome, etc.)
  • Extended battery usage through lower power consumption
• Extended system usable lifespan, e.g. older computers can run our lighter weight software longer
• Lowers network bandwidth usage by eliminating legacy solution DAT file distribution challenges
• Returns performance to VDI infrastructure while providing a more complete guest OS-based anti-malware solution compared to hypervisor-level malware-only scanning
• Anomalous behavior visibility
• Enterprise-wide attack indicator queries returned in seconds