CylanceOPTICS Valuable Features

Donald Dindial
Owner at Terra Controls
The most valuable part of this solution is that it is advanced technology. Cylance is an engine, it is not a signature-based antivirus protection solution. It is based on the AI (Artificial Intelligence) and the ML (Machine Learning) models. Apart from the issue with the false positives — which is a known issue — the product could really not be more proactive in the way works. A signature-based protection solution goes out to a central server and picks up whatever the latest antivirus definition is that is out there and uses it as a blueprint to see if you have anything that is running that is included in the definition. This is a pre-defined list of malware processes and even if it is updated frequently, it is static. What Cylance does that is different than signature-based systems is that it is processor-powered monitoring. It remains on guard looking to see if there is something that is running that is out of the ordinary on your machine. It basically looks for anomalies. So if there is a behavior that raises a flag and that something is going on that should not be happening — it discovers an inconsistent behavior that does not look kosher — it will cancel the process. That is basically how it works. So, for example, if you can imagine if something malicious enters your system and it wants to read something from the registry. Maybe for you and me reading from the registry is fine, but for this other entity (or program or malware), Cylance detects the unusual behavior and makes a decision. In this case, it might decide this entity is not supposed to be reading the registry because it might want to change something inside of it. If it wants to change something, then it is a malware or some other type of intrusion. So Cylance stops the process as it is happening and blocks whatever is making the bad action. That is actively patrolling for malicious behavior. View full review »
reviewer1278807
Cyber Security Consultant at a tech services company with 10,001+ employees
The most valuable feature is the ability to respond to zero-day and unknown threats. This is what is most often talked about by our customers. They want to pay to protect their endpoints. View full review »
reviewer1292046
Manager - Information Security & Projects at a insurance company with 201-500 employees
The most valuable feature is the sandboxing. View full review »
Find out what your peers are saying about Cylance, Carbon Black, SentinelOne and others in Endpoint Detection and Response (EDR). Updated: October 2020.
442,845 professionals have used our research since 2012.