It's the whole suite. Like, you can't really use one aspect of it without having to use the other. Unless you can resolve it using the built-in AV detector.

In future releases, I would like to see more features around analysis for remote devices. 

It's pretty unintrusive. It's light and it's pretty effective in the level of response.

The tool itself, it's really good. The client never had any issues afterward.

Their efficacy is pretty good. They're probably in that effectiveness rating of somewhere around 95%. I categorize the solution in that 94% to 97% range in terms of identifying any form of malicious content. 

Historically speaking, they were the technology that identified the big OMB cybersecurity event that happened back in 2015 or something like that. They are well-known for their efficacy, which is a huge plus.

The solution has a high level of trust in the industry. For example, they were used for maybe the Democratic party after the 2016 convention. They had high-ranking, well-known customers that they deal with. 

They do have some other nice features. They do have some behavior analytics features or UEBA features that I've heard are pretty interesting. 

The solution is stable.

I haven't heard anything really negative about technical support.

The initial setup isn't too difficult.

The product's most valuable features are auto-containment and script control. It automatically blocks the threats, helping us investigate if they harm the environment. It can also lock down the machine for investigation purposes.

The most valuable part of this solution is that it is advanced technology. Cylance is an engine, it is not a signature-based antivirus protection solution. It is based on the AI (Artificial Intelligence) and the ML (Machine Learning) models. Apart from the issue with the false positives — which is a known issue — the product could really not be more proactive in the way works.  

A signature-based protection solution goes out to a central server and picks up whatever the latest antivirus definition is that is out there and uses it as a blueprint to see if you have anything that is running that is included in the definition. This is a pre-defined list of malware processes and even if it is updated frequently, it is static.  

What Cylance does that is different than signature-based systems is that it is processor-powered monitoring. It remains on guard looking to see if there is something that is running that is out of the ordinary on your machine. It basically looks for anomalies. So if there is a behavior that raises a flag and that something is going on that should not be happening — it discovers an inconsistent behavior that does not look kosher — it will cancel the process. That is basically how it works.  

So, for example, if you can imagine if something malicious enters your system and it wants to read something from the registry. Maybe for you and me reading from the registry is fine, but for this other entity (or program or malware), Cylance detects the unusual behavior and makes a decision. In this case, it might decide this entity is not supposed to be reading the registry because it might want to change something inside of it. If it wants to change something, then it is a malware or some other type of intrusion. So Cylance stops the process as it is happening and blocks whatever is making the bad action. That is actively patrolling for malicious behavior.   

CylanceOPTICS is easy to use. 

The most valuable feature is the sandboxing.

The most valuable feature is the ability to respond to zero-day and unknown threats. This is what is most often talked about by our customers. They want to pay to protect their endpoints.