What is our primary use case?
Typically, we use machine learning features that we developed over the last half a dozen years to build this product, and therefore we're not a signature-based solution. If there are some anomalies that are taking place, generally we can raise an alarm and beyond just raising an alarm, we can provide some other kind of mitigation. We can maybe block communications or sandbox communications or send an alert as another aspect of control or protection.
What is most valuable?
Their efficacy is pretty good. They're probably in that effectiveness rating of somewhere around 95%. I categorize the solution in that 94% to 97% range in terms of identifying any form of malicious content.
Historically speaking, they were the technology that identified the big OMB cybersecurity event that happened back in 2015 or something like that. They are well-known for their efficacy, which is a huge plus.
The solution has a high level of trust in the industry. For example, they were used for maybe the Democratic party after the 2016 convention. They had high-ranking, well-known customers that they deal with.
They do have some other nice features. They do have some behavior analytics features or UEBA features that I've heard are pretty interesting.
The solution is stable.
I haven't heard anything really negative about technical support.
The initial setup isn't too difficult.
What needs improvement?
One minor issue that somebody mentioned was that they didn't like their management console. I've probably got dozens of people using the product and that was the only negative feedback I've heard. I would try to couch that in terms of saying that that's not the majority that's saying that. That's a small number of customers or even it's really in my case, a single customer kind of thing. However, I'd just like to flag it as a possible issue for some.
Getting into more user-behavior analytics might be interesting. It could, for example, say, "Well gee, what does Steve do on a day-to-day basis?" If I had analytics of that nature, I could see when users log in, check mail, and if they start doing suspicious things, I could get a flag that alerts me. That whole space of behavioral analytics is a hot topic in security and has been for the last half a dozen years. If there are features within the product for behavior analytics, that certainly is interesting.
For how long have I used the solution?
I've been dealing with the solution for as long as I have been at my current job, and that's been about two years at this point.
What do I think about the stability of the solution?
The solution seems to be stable. I haven't heard of any clients complaining. There don't seem to be bugs or glitches. It doesn't crash or freeze. It seems to be reliable.
What do I think about the scalability of the solution?
I haven't heard any negative feedback in regards to scalability. It probably scales to thousands, maybe even tens of thousands in terms of large customer organizations. However, I haven't personally attempted to scale it myself.
How are customer service and technical support?
Overall, the technical support has a pretty good reputation. I've only ever heard one complaint about it out of all the clients we have. My sense is that they are knowledgeable and responsive. I would likely have heard otherwise if they weren't.
How was the initial setup?
As far as I know, the initial setup is pretty straightforward.
What was our ROI?
It's always hard to measure in terms of security. At some level, you think of this as table stakes. I have to have a firewall to get in the game. I have to have end-point protection to get in the game. How are we justifying it? Well, let's say that if we wanted to run the math, what would the risks be if we left ourselves open.
In a simple thought process, let's say a security breach costs us $10 million and there's a possibility we can reach five times in the next 10 years, right? That means our annual exposure is $2 million a year or something like that if we did this math. 30% of the time or 20% of the time that could come from an endpoint kind of exposure.
If we ran the math, maybe we could say, "Well gee, then this thing's worth $400,000 a year if it's 100% effective at reducing endpoint exposures." All right, maybe we take half of that number and say $200,000 a year from a cost-benefit analysis. Well, the product, depending on the size of our user community, the product costs maybe $100,000, so that's a good return on investment. I've got this annualized risk exposure of $200,000 and it's costing me $100,000 to protect against and so some would argue that's good business.
What other advice do I have?
We're a reseller. We don't have a business relationship with Cylance.
I'm not sure which version of the solution our clients are using. It might be different versions.
Our clients use both on-premises and cloud deployments. It depends on the customer and their preference. However, generally, I would say most use on-premises more often.
I'd advise new users that they should always start small or start with a small set before they do a big rollout. It's a good idea to test the waters and get a feel for any type of solution before going big.
In general, I would rate it at an eight out of ten.
Which deployment model are you using for this solution?