We just raised a $30M Series A: Read our story

Blackberry Optics OverviewUNIXBusinessApplication

Blackberry Optics is the #17 ranked solution in our list of EDR tools. It is most often compared to Microsoft Defender for Endpoint: Blackberry Optics vs Microsoft Defender for Endpoint

What is Blackberry Optics?

Our cloud-native BlackBerry® Optics provide visibility, on-device threat detection and remediation across your organization. In milliseconds. And our EDR approach effectively and efficiently hunts threats while eliminating response latency. It’s the difference between a minor security event—and one that’s widespread and uncontrolled.

Blackberry Optics is also known as CylanceOPTICS.

Buyer's Guide

Download the Endpoint Detection and Response (EDR) Buyer's Guide including reviews and more. Updated: October 2021

Blackberry Optics Customers

Cerdant, Washoe County School District

Blackberry Optics Video

Pricing Advice

What users are saying about Blackberry Optics pricing:
  • "We pay for the number of endpoints we have and that is about it. On a monthly basis, the licensing cost is $55 per user."

Blackberry Optics Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Donald Dindial
Owner at Terra Controls
Real User
Top 5
Intelligent intrusion detection and response for small and medium enterprise clients at a reasonable cost

Pros and Cons

  • "Cylance is not a signature-based protection solution and instead works proactively using AI and ML models to patrol for malicious behavior."
  • "Too many false positives are reported."

What is our primary use case?

The primary use would mainly be for intelligent intrusion detection and response. Our biggest customers are two pharmacies and a bank, so it would be applied in the financial and healthcare industries.  

What is most valuable?

The most valuable part of this solution is that it is advanced technology. Cylance is an engine, it is not a signature-based antivirus protection solution. It is based on the AI (Artificial Intelligence) and the ML (Machine Learning) models. Apart from the issue with the false positives — which is a known issue — the product could really not be more proactive in the way works.  

A signature-based protection solution goes out to a central server and picks up whatever the latest antivirus definition is that is out there and uses it as a blueprint to see if you have anything that is running that is included in the definition. This is a pre-defined list of malware processes and even if it is updated frequently, it is static.  

What Cylance does that is different than signature-based systems is that it is processor-powered monitoring. It remains on guard looking to see if there is something that is running that is out of the ordinary on your machine. It basically looks for anomalies. So if there is a behavior that raises a flag and that something is going on that should not be happening — it discovers an inconsistent behavior that does not look kosher — it will cancel the process. That is basically how it works.  

So, for example, if you can imagine if something malicious enters your system and it wants to read something from the registry. Maybe for you and me reading from the registry is fine, but for this other entity (or program or malware), Cylance detects the unusual behavior and makes a decision. In this case, it might decide this entity is not supposed to be reading the registry because it might want to change something inside of it. If it wants to change something, then it is a malware or some other type of intrusion. So Cylance stops the process as it is happening and blocks whatever is making the bad action. That is actively patrolling for malicious behavior.   

What needs improvement?

False positives could be improved. Cylance picks up a lot of them.  

If the people who are looking for this type of review are more into the business perspective and they are from an SME (Small and Medium Enterprise), then it is a fine solution. But let's say it is an SMB (Small to Medium-sized Businesses). In that case, Cylance might seem pretty pricey. A cost of $55 per user is a lot for anybody, and imagine you are a small business paying that amount for 70 users monthly.  

Whether the added security is worth it would probably depend on what type of data you are protecting.  

It is hard to say what additional features I would like to see included in the next release. I do not think about features so much in an antivirus solution as I do functionality. The thing is that when you try and combine too much in one product, you might sometimes end up affecting the product as a whole. If you are a home user, having a lot of features is great, because then you say to yourself once a year you pay a fee for protection to Norton or Avast or whatever consumer antivirus vendor. At that point, you are covered in a variety of ways with one payment and you do not have to think about multiple solutions. I think those consumer products naturally have to do more to attract their audience. You could be fine with that because it does everything for you. It does the firewall. It does the VPN. It does the antivirus. It does internet security. It does a whole list of things. But when you are in an organization like an SMB or SME, the management of all of those things is decentralized.  

So I would say, from my perspective, what Cylance can work on that would be the best effort would be to fix their alerting system so that the endpoint reporting is a bit more streamlined.  

A second thing to do is to do a little bit more advertisement because not many people in the world even know that these solutions are available. It really almost gives them a license to freely broadcast that they are one of the best solutions. They are depending too much currently on word of mouth.  

For how long have I used the solution?

I have been working with Blackberry Cyclance for about a year now.  

What do I think about the stability of the solution?

The stability of Cylance seems perfect. Compared to what McAfee was doing, we have left some boundaries behind. The good thing is that we did not have any breaches, ever, while using McAfee, so knock on wood for that. But Cylance found flaws inside of our security procedures that we had left vulnerable and the discoveries enabled us to close those holes and improve the reliability of our procedures.  

So, with McAfee, we did not have as good of a solution as we thought. It is not a solution that is proactive. I think that is a fair enough criticism of the product.  

What do I think about the scalability of the solution?

From what we were told, we are going to keep on adding more licenses for our clients. The only thing that we might have to do is increase the capacity for the virtual machines, but that is about all that has to be done to increase the usage and scale up.  

Which solution did I use previously and why did I switch?

We were actually using McAfee first and now we switched to Cylance last year. Cylance is a more advanced technology and that is why we chose to go with it.  

How was the initial setup?

We engage with professional services to do the setup and deployment. On our side, there is not really much need for our input or involvement at that stage. But from what I know it is pretty straightforward for the clients.  

As far as the deployment, they put it on a virtual machine. Considering that, the deployment only takes about an hour. We have about 70 machines in total on the product at the bank. In order to have everything installed and everything running, it took about two days.  

What about the implementation team?

I am the consultant, so I am just an intermediary. The clients have their own IDE (Integrated Development Environment). I do not have to get involved with that part of the implementation.  

What's my experience with pricing, setup cost, and licensing?

For the license, we just paid for the number of endpoints we have and that is about it. In the end, the cost is about the same amount as McAfee, so they are definitely competitive when it comes to pricing.  

On a monthly basis, the licensing cost is $55 per user.  

Which other solutions did I evaluate?

We had been using McAfee for some time before considering Cylance. McAfee's performance seemed good and the support and everything are fine for us here. I have never had issues with them.  

But we saw a product demo of Cylance and we thought it was an interesting product and concept. We also know that the G7 countries in the world were the ones that used Cylance the most. We knew that was the case even before Cylance was bought over here by Blackberry. So the company already had a good standing and reputation before they started presenting demos. What had happened with the WannaCry ransomware virus about two or three years ago affected a lot of organizations. The people that were on Cylance were the ones who were not affected. So that fact alone was enough for us to strongly consider switching solutions. We ended up making the decision to migrate.  

What other advice do I have?

Advice that I would give to anyone considering switching to this solution is you should go for it if you have the money set aside to switch. But also I would spend additional for professional services to handle your migration.  

On a scale of one to ten where one is the worst and ten is the best, I would rate the product as eight-and-a-half. That is because of all that it does, the comparison between the other products, and the fact that it is a vigilant AI / ML tool that proactively guards your system.  

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SK
Solutions Architect at a tech services company with 51-200 employees
Real User
Top 10
Stable with excellent efficacy and a straightforward setup

Pros and Cons

  • "The solution has a high level of trust in the industry."
  • "One minor issue that somebody mentioned was that they didn't like their management console."

What is our primary use case?

Typically, we use machine learning features that we developed over the last half a dozen years to build this product, and therefore we're not a signature-based solution. If there are some anomalies that are taking place, generally we can raise an alarm and beyond just raising an alarm, we can provide some other kind of mitigation. We can maybe block communications or sandbox communications or send an alert as another aspect of control or protection.

What is most valuable?

Their efficacy is pretty good. They're probably in that effectiveness rating of somewhere around 95%. I categorize the solution in that 94% to 97% range in terms of identifying any form of malicious content. 

Historically speaking, they were the technology that identified the big OMB cybersecurity event that happened back in 2015 or something like that. They are well-known for their efficacy, which is a huge plus.

The solution has a high level of trust in the industry. For example, they were used for maybe the Democratic party after the 2016 convention. They had high-ranking, well-known customers that they deal with. 

They do have some other nice features. They do have some behavior analytics features or UEBA features that I've heard are pretty interesting. 

The solution is stable.

I haven't heard anything really negative about technical support.

The initial setup isn't too difficult.

What needs improvement?

One minor issue that somebody mentioned was that they didn't like their management console. I've probably got dozens of people using the product and that was the only negative feedback I've heard. I would try to couch that in terms of saying that that's not the majority that's saying that. That's a small number of customers or even it's really in my case, a single customer kind of thing. However, I'd just like to flag it as a possible issue for some.

Getting into more user-behavior analytics might be interesting. It could, for example, say, "Well gee, what does Steve do on a day-to-day basis?" If I had analytics of that nature, I could see when users log in, check mail, and if they start doing suspicious things, I could get a flag that alerts me. That whole space of behavioral analytics is a hot topic in security and has been for the last half a dozen years. If there are features within the product for behavior analytics, that certainly is interesting.

For how long have I used the solution?

I've been dealing with the solution for as long as I have been at my current job, and that's been about two years at this point.

What do I think about the stability of the solution?

The solution seems to be stable. I haven't heard of any clients complaining. There don't seem to be bugs or glitches. It doesn't crash or freeze. It seems to be reliable.

What do I think about the scalability of the solution?

I haven't heard any negative feedback in regards to scalability. It probably scales to thousands, maybe even tens of thousands in terms of large customer organizations. However, I haven't personally attempted to scale it myself.

How are customer service and technical support?

Overall, the technical support has a pretty good reputation. I've only ever heard one complaint about it out of all the clients we have. My sense is that they are knowledgeable and responsive. I would likely have heard otherwise if they weren't.

How was the initial setup?

As far as I know, the initial setup is pretty straightforward. 

What was our ROI?

It's always hard to measure in terms of security. At some level, you think of this as table stakes. I have to have a firewall to get in the game. I have to have end-point protection to get in the game. How are we justifying it? Well, let's say that if we wanted to run the math, what would the risks be if we left ourselves open.

In a simple thought process, let's say a security breach costs us $10 million and there's a possibility we can reach five times in the next 10 years, right? That means our annual exposure is $2 million a year or something like that if we did this math. 30% of the time or 20% of the time that could come from an endpoint kind of exposure.

If we ran the math, maybe we could say, "Well gee, then this thing's worth $400,000 a year if it's 100% effective at reducing endpoint exposures." All right, maybe we take half of that number and say $200,000 a year from a cost-benefit analysis. Well, the product, depending on the size of our user community, the product costs maybe $100,000, so that's a good return on investment. I've got this annualized risk exposure of $200,000 and it's costing me $100,000 to protect against and so some would argue that's good business.

What other advice do I have?

We're a reseller. We don't have a business relationship with Cylance.

I'm not sure which version of the solution our clients are using. It might be different versions.

Our clients use both on-premises and cloud deployments. It depends on the customer and their preference. However, generally, I would say most use on-premises more often.

I'd advise new users that they should always start small or start with a small set before they do a big rollout. It's a good idea to test the waters and get a feel for any type of solution before going big.

In general, I would rate it at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Find out what your peers are saying about BlackBerry, Microsoft, Carbon Black and others in Endpoint Detection and Response (EDR). Updated: October 2021.
541,108 professionals have used our research since 2012.
CL
Cyber Security Consultant at a tech services company with 10,001+ employees
Real User
Top 10
Good ability to respond to zero-day and unknown threats, but automating the threat response needs improvement

Pros and Cons

  • "The most valuable feature is the ability to respond to zero-day and unknown threats."
  • "Our customers would like to see more automation with respect to how threats are handled once they have been detected."

What is our primary use case?

We are an IT company and this is one of the solutions that we implement for our customers. I am a pre-sales solution architect in charge of cybersecurity.

How has it helped my organization?

The primary use of Cylance is endpoint detection and response (EDR). This solution moves away from traditional EDR to more advanced endpoint protection.

What is most valuable?

The most valuable feature is the ability to respond to zero-day and unknown threats. This is what is most often talked about by our customers. They want to pay to protect their endpoints.

What needs improvement?

Our customers would like to see more automation with respect to how threats are handled once they have been detected.

More advanced machine learning capability would improve Cylance.

For how long have I used the solution?

I have six months of experience with Cylance.

What do I think about the stability of the solution?

Our customers use this solution on a daily basis and we haven't heard any complaints about stability.

Which solution did I use previously and why did I switch?

I have worked with solutions from several vendors. The most popular vendor for security among customers is Palo Alto, but that is for next-generation firewall solutions. The Palo Alto endpoint solution, Traps, is never talked about.

Symantec and Trend Micro have traditional endpoint protection solutions but we are focused on Cylance and recommend it. 

What other advice do I have?

I have not received much feedback but Cylance seems to be able to meet our customers' requirements for the time being.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
KK
Manager - Information Security & Projects at a insurance company with 201-500 employees
Real User
Top 10
Good feedback overall during our evaluation period

Pros and Cons

  • "It is a bit early in our evaluation process to give proper feedback, although so far, the overall feedback is good."
  • "The detection component is something that they have to work on."

What is most valuable?

The most valuable feature is the sandboxing.

What needs improvement?

The detection component is something that they have to work on.

The monitoring management is in need of improvement.

The detection and response are a little bit slow.

For how long have I used the solution?

We are currently evaluating Cylance with a few other products in search of a replacement for our existing solution. We have been using it for approximately one month.

How are customer service and technical support?

We have not been in contact with technical support.

How was the initial setup?

The initial setup was of average difficulty. It was not that complex, but not easy, either. It was okay. We deployed it within a matter of hours, although this is not a full deployment. It is only on selected endpoints for evaluation purposes.

Which other solutions did I evaluate?

We are currently evaluating Cisco and Palo Alto Traps, in parallel with Cylance.

What other advice do I have?

In this domain, Cylance is the newcomer. Symantec and Palo Alto Traps have been in operation for quite some time.

It is a bit early in our evaluation process to give proper feedback, although so far, the overall feedback is good.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.