The solution's contextual analysis is sometimes not very clear compared to some modern EDRs like CrowdStrike. Compared to other EDR tools, CylanceOPTICS lacks some information. It takes more time to investigate or dig up and understand what's going on.
CylanceOPTICS could benefit from more granular control in the timeline-building process. Ideally, users would be able to drill deeper into the analysis rather than have the machine dictate the direction. For example, if you want to open and analyze a specific driver, SentinelOne allows you to do that, but CylanceOPTICS currently doesn't offer that flexibility.
CyclanceOPTICS requires all devices to be online for it to run a search, so it didn't have any information saved up. It doesn't look for devices that are offline at the time of the search.
IT Cyber Security Engineer at a legal firm with 201-500 employees
Real User
2022-11-09T18:52:08Z
Nov 9, 2022
We have been dissatisfied with CylanceProtect and CylanceOPTICS and want to leave within the next several months. It just hasn't been an effective tool. The tools are ineffective. It flags a lot of things. To give you an example, it detected Google Chrome and blocked the user's access to it. That it mistook for malicious, which turned out to be a false positive. When this happened, I had to go in and perform something to get them access to Chrome; when they submitted the access to Google Chrome, they received a black screen and couldn't do anything whatever. As you may expect, I received a lot of tickets for that. It had to be addressed in order for the user to be able to go to what they were attempting to get to. I had to go in and temporarily apply for exclusion and open a ticket. I don't feel like it is actually protecting us against anything, It provides too many false positives.
The biggest thing about CylanceOPTICS is that it's really not that scalable for larger companies. We usually have a lot of large, really large companies. Even though some of them went to Cylance, they usually just use the PROTECT piece, and they couldn't scale it. They kept whatever they had - Symantec, McAfee, whatever it was. They went to Cylance due to the fact that it was effective, however, it's hard to segment into groups. It's just not as scalable as some of the more established tools. Most companies will use it as another protection piece, not a replacement. Just a second level. The reporting is very weak and not very good at all.
Solutions Architect at a tech services company with 51-200 employees
Real User
2021-03-13T00:36:42Z
Mar 13, 2021
One minor issue that somebody mentioned was that they didn't like their management console. I've probably got dozens of people using the product and that was the only negative feedback I've heard. I would try to couch that in terms of saying that that's not the majority that's saying that. That's a small number of customers or even it's really in my case, a single customer kind of thing. However, I'd just like to flag it as a possible issue for some. Getting into more user-behavior analytics might be interesting. It could, for example, say, "Well gee, what does Steve do on a day-to-day basis?" If I had analytics of that nature, I could see when users log in, check mail, and if they start doing suspicious things, I could get a flag that alerts me. That whole space of behavioral analytics is a hot topic in security and has been for the last half a dozen years. If there are features within the product for behavior analytics, that certainly is interesting.
False positives could be improved. Cylance picks up a lot of them. If the people who are looking for this type of review are more into the business perspective and they are from an SME (Small and Medium Enterprise), then it is a fine solution. But let's say it is an SMB (Small to Medium-sized Businesses). In that case, Cylance might seem pretty pricey. A cost of $55 per user is a lot for anybody, and imagine you are a small business paying that amount for 70 users monthly. Whether the added security is worth it would probably depend on what type of data you are protecting. It is hard to say what additional features I would like to see included in the next release. I do not think about features so much in an antivirus solution as I do functionality. The thing is that when you try and combine too much in one product, you might sometimes end up affecting the product as a whole. If you are a home user, having a lot of features is great, because then you say to yourself once a year you pay a fee for protection to Norton or Avast or whatever consumer antivirus vendor. At that point, you are covered in a variety of ways with one payment and you do not have to think about multiple solutions. I think those consumer products naturally have to do more to attract their audience. You could be fine with that because it does everything for you. It does the firewall. It does the VPN. It does the antivirus. It does internet security. It does a whole list of things. But when you are in an organization like an SMB or SME, the management of all of those things is decentralized. So I would say, from my perspective, what Cylance can work on that would be the best effort would be to fix their alerting system so that the endpoint reporting is a bit more streamlined. A second thing to do is to do a little bit more advertisement because not many people in the world even know that these solutions are available. It really almost gives them a license to freely broadcast that they are one of the best solutions. They are depending too much currently on word of mouth.
Manager - Information Security & Projects at a insurance company with 201-500 employees
Real User
2020-03-05T08:39:34Z
Mar 5, 2020
The detection component is something that they have to work on. The monitoring management is in need of improvement. The detection and response are a little bit slow.
Our customers would like to see more automation with respect to how threats are handled once they have been detected. More advanced machine learning capability would improve Cylance.
Our cloud-native BlackBerry® Optics provide visibility, on-device threat detection and remediation across your organization. In milliseconds. And our EDR approach effectively and efficiently hunts threats while eliminating response latency. It’s the difference between a minor security event—and one that’s widespread and uncontrolled.
The solution's contextual analysis is sometimes not very clear compared to some modern EDRs like CrowdStrike. Compared to other EDR tools, CylanceOPTICS lacks some information. It takes more time to investigate or dig up and understand what's going on.
CylanceOPTICS could benefit from more granular control in the timeline-building process. Ideally, users would be able to drill deeper into the analysis rather than have the machine dictate the direction. For example, if you want to open and analyze a specific driver, SentinelOne allows you to do that, but CylanceOPTICS currently doesn't offer that flexibility.
The product's technical support is slow.
The product's initial setup process could be easy.
CyclanceOPTICS requires all devices to be online for it to run a search, so it didn't have any information saved up. It doesn't look for devices that are offline at the time of the search.
We have been dissatisfied with CylanceProtect and CylanceOPTICS and want to leave within the next several months. It just hasn't been an effective tool. The tools are ineffective. It flags a lot of things. To give you an example, it detected Google Chrome and blocked the user's access to it. That it mistook for malicious, which turned out to be a false positive. When this happened, I had to go in and perform something to get them access to Chrome; when they submitted the access to Google Chrome, they received a black screen and couldn't do anything whatever. As you may expect, I received a lot of tickets for that. It had to be addressed in order for the user to be able to go to what they were attempting to get to. I had to go in and temporarily apply for exclusion and open a ticket. I don't feel like it is actually protecting us against anything, It provides too many false positives.
The biggest thing about CylanceOPTICS is that it's really not that scalable for larger companies. We usually have a lot of large, really large companies. Even though some of them went to Cylance, they usually just use the PROTECT piece, and they couldn't scale it. They kept whatever they had - Symantec, McAfee, whatever it was. They went to Cylance due to the fact that it was effective, however, it's hard to segment into groups. It's just not as scalable as some of the more established tools. Most companies will use it as another protection piece, not a replacement. Just a second level. The reporting is very weak and not very good at all.
One minor issue that somebody mentioned was that they didn't like their management console. I've probably got dozens of people using the product and that was the only negative feedback I've heard. I would try to couch that in terms of saying that that's not the majority that's saying that. That's a small number of customers or even it's really in my case, a single customer kind of thing. However, I'd just like to flag it as a possible issue for some. Getting into more user-behavior analytics might be interesting. It could, for example, say, "Well gee, what does Steve do on a day-to-day basis?" If I had analytics of that nature, I could see when users log in, check mail, and if they start doing suspicious things, I could get a flag that alerts me. That whole space of behavioral analytics is a hot topic in security and has been for the last half a dozen years. If there are features within the product for behavior analytics, that certainly is interesting.
False positives could be improved. Cylance picks up a lot of them. If the people who are looking for this type of review are more into the business perspective and they are from an SME (Small and Medium Enterprise), then it is a fine solution. But let's say it is an SMB (Small to Medium-sized Businesses). In that case, Cylance might seem pretty pricey. A cost of $55 per user is a lot for anybody, and imagine you are a small business paying that amount for 70 users monthly. Whether the added security is worth it would probably depend on what type of data you are protecting. It is hard to say what additional features I would like to see included in the next release. I do not think about features so much in an antivirus solution as I do functionality. The thing is that when you try and combine too much in one product, you might sometimes end up affecting the product as a whole. If you are a home user, having a lot of features is great, because then you say to yourself once a year you pay a fee for protection to Norton or Avast or whatever consumer antivirus vendor. At that point, you are covered in a variety of ways with one payment and you do not have to think about multiple solutions. I think those consumer products naturally have to do more to attract their audience. You could be fine with that because it does everything for you. It does the firewall. It does the VPN. It does the antivirus. It does internet security. It does a whole list of things. But when you are in an organization like an SMB or SME, the management of all of those things is decentralized. So I would say, from my perspective, what Cylance can work on that would be the best effort would be to fix their alerting system so that the endpoint reporting is a bit more streamlined. A second thing to do is to do a little bit more advertisement because not many people in the world even know that these solutions are available. It really almost gives them a license to freely broadcast that they are one of the best solutions. They are depending too much currently on word of mouth.
The detection component is something that they have to work on. The monitoring management is in need of improvement. The detection and response are a little bit slow.
Our customers would like to see more automation with respect to how threats are handled once they have been detected. More advanced machine learning capability would improve Cylance.