Blackberry Optics Review

Intelligent intrusion detection and response for small and medium enterprise clients at a reasonable cost

What is our primary use case?

The primary use would mainly be for intelligent intrusion detection and response. Our biggest customers are two pharmacies and a bank, so it would be applied in the financial and healthcare industries.  

What is most valuable?

The most valuable part of this solution is that it is advanced technology. Cylance is an engine, it is not a signature-based antivirus protection solution. It is based on the AI (Artificial Intelligence) and the ML (Machine Learning) models. Apart from the issue with the false positives — which is a known issue — the product could really not be more proactive in the way works.  

A signature-based protection solution goes out to a central server and picks up whatever the latest antivirus definition is that is out there and uses it as a blueprint to see if you have anything that is running that is included in the definition. This is a pre-defined list of malware processes and even if it is updated frequently, it is static.  

What Cylance does that is different than signature-based systems is that it is processor-powered monitoring. It remains on guard looking to see if there is something that is running that is out of the ordinary on your machine. It basically looks for anomalies. So if there is a behavior that raises a flag and that something is going on that should not be happening — it discovers an inconsistent behavior that does not look kosher — it will cancel the process. That is basically how it works.  

So, for example, if you can imagine if something malicious enters your system and it wants to read something from the registry. Maybe for you and me reading from the registry is fine, but for this other entity (or program or malware), Cylance detects the unusual behavior and makes a decision. In this case, it might decide this entity is not supposed to be reading the registry because it might want to change something inside of it. If it wants to change something, then it is a malware or some other type of intrusion. So Cylance stops the process as it is happening and blocks whatever is making the bad action. That is actively patrolling for malicious behavior.   

What needs improvement?

False positives could be improved. Cylance picks up a lot of them.  

If the people who are looking for this type of review are more into the business perspective and they are from an SME (Small and Medium Enterprise), then it is a fine solution. But let's say it is an SMB (Small to Medium-sized Businesses). In that case, Cylance might seem pretty pricey. A cost of $55 per user is a lot for anybody, and imagine you are a small business paying that amount for 70 users monthly.  

Whether the added security is worth it would probably depend on what type of data you are protecting.  

It is hard to say what additional features I would like to see included in the next release. I do not think about features so much in an antivirus solution as I do functionality. The thing is that when you try and combine too much in one product, you might sometimes end up affecting the product as a whole. If you are a home user, having a lot of features is great, because then you say to yourself once a year you pay a fee for protection to Norton or Avast or whatever consumer antivirus vendor. At that point, you are covered in a variety of ways with one payment and you do not have to think about multiple solutions. I think those consumer products naturally have to do more to attract their audience. You could be fine with that because it does everything for you. It does the firewall. It does the VPN. It does the antivirus. It does internet security. It does a whole list of things. But when you are in an organization like an SMB or SME, the management of all of those things is decentralized.  

So I would say, from my perspective, what Cylance can work on that would be the best effort would be to fix their alerting system so that the endpoint reporting is a bit more streamlined.  

A second thing to do is to do a little bit more advertisement because not many people in the world even know that these solutions are available. It really almost gives them a license to freely broadcast that they are one of the best solutions. They are depending too much currently on word of mouth.  

For how long have I used the solution?

I have been working with Blackberry Cyclance for about a year now.  

What do I think about the stability of the solution?

The stability of Cylance seems perfect. Compared to what McAfee was doing, we have left some boundaries behind. The good thing is that we did not have any breaches, ever, while using McAfee, so knock on wood for that. But Cylance found flaws inside of our security procedures that we had left vulnerable and the discoveries enabled us to close those holes and improve the reliability of our procedures.  

So, with McAfee, we did not have as good of a solution as we thought. It is not a solution that is proactive. I think that is a fair enough criticism of the product.  

What do I think about the scalability of the solution?

From what we were told, we are going to keep on adding more licenses for our clients. The only thing that we might have to do is increase the capacity for the virtual machines, but that is about all that has to be done to increase the usage and scale up.  

Which solution did I use previously and why did I switch?

We were actually using McAfee first and now we switched to Cylance last year. Cylance is a more advanced technology and that is why we chose to go with it.  

How was the initial setup?

We engage with professional services to do the setup and deployment. On our side, there is not really much need for our input or involvement at that stage. But from what I know it is pretty straightforward for the clients.  

As far as the deployment, they put it on a virtual machine. Considering that, the deployment only takes about an hour. We have about 70 machines in total on the product at the bank. In order to have everything installed and everything running, it took about two days.  

What about the implementation team?

I am the consultant, so I am just an intermediary. The clients have their own IDE (Integrated Development Environment). I do not have to get involved with that part of the implementation.  

What's my experience with pricing, setup cost, and licensing?

For the license, we just paid for the number of endpoints we have and that is about it. In the end, the cost is about the same amount as McAfee, so they are definitely competitive when it comes to pricing.  

On a monthly basis, the licensing cost is $55 per user.  

Which other solutions did I evaluate?

We had been using McAfee for some time before considering Cylance. McAfee's performance seemed good and the support and everything are fine for us here. I have never had issues with them.  

But we saw a product demo of Cylance and we thought it was an interesting product and concept. We also know that the G7 countries in the world were the ones that used Cylance the most. We knew that was the case even before Cylance was bought over here by Blackberry. So the company already had a good standing and reputation before they started presenting demos. What had happened with the WannaCry ransomware virus about two or three years ago affected a lot of organizations. The people that were on Cylance were the ones who were not affected. So that fact alone was enough for us to strongly consider switching solutions. We ended up making the decision to migrate.  

What other advice do I have?

Advice that I would give to anyone considering switching to this solution is you should go for it if you have the money set aside to switch. But also I would spend additional for professional services to handle your migration.  

On a scale of one to ten where one is the worst and ten is the best, I would rate the product as eight-and-a-half. That is because of all that it does, the comparison between the other products, and the fact that it is a vigilant AI / ML tool that proactively guards your system.  

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

Release 1450
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Blackberry Optics reviews from users
...who compared it with Symantec End-User Endpoint Security
Find out what your peers are saying about BlackBerry, Microsoft, Carbon Black and others in Endpoint Detection and Response (EDR). Updated: September 2021.
534,768 professionals have used our research since 2012.
Add a Comment
ITCS user