Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality. With this feature, if you get infected, with a click, you can go back to the pre-infection state. If Cylance could add this functionality to their offering as well, that would be ideal.
The product needs to continue to offer better alerts. In particular, around false positives. It needs to reduce them from happening. I can't speak to the solution lacking any features per se.
Senior NOC Security Engineer at a wholesaler/distributor with 51-200 employees
MSP
2021-01-05T19:42:15Z
Jan 5, 2021
I'd like them to do software distribution too, but they said that that's architecturally not at the product line. I'd like to see where they can push to avoid using another product to push the agents.
IT Security manager at a energy/utilities company with 201-500 employees
Real User
2020-12-13T10:02:00Z
Dec 13, 2020
They could improve on the false positives, reporting and whitelisting features. For future releases, it would be helpful to have an easy uninstall button. The reason being, unless you connect the system to the internet, which you may not want to do, Cylance cannot be uninstalled easily. They claim it's practically impossible. If you have access to the online admin panel, it's very easy to uninstall Cylance. There is no easy way to uninstall locally. I have read online there is a convoluted way with a series of reboots and safety reboots that you could possibly do it locally.
It would be very important to have any kind of utility in the computer for Cylance to install monitoring into it in a simpler way. A computer should be able to self-scan on command. It is not easy to do that just yet. The company that sells us the licenses sometimes doesn't know how to do certain things. They should be offered more training or something, or maybe we could cover out channels ourselves and could have the knowledge of how to do everything ourselves without a third party needing to be involved.
Learn what your peers think about BlackBerry Cylance Cybersecurity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
OT Cyber Security Principal Consultant at Jacobs Engineering Group Inc.
Real User
2020-12-01T03:07:13Z
Dec 1, 2020
It could have integration with industrial base HMIS or Human Machine Interfaces Solutions. This is the industrial environment where you have a control center for all the automation that's happening, whether it is oil, gas, or chemical manufacturing. They often have to set up a computer at the back and watch the other stuff to get alerts. In these autonomous or on-premises environments, they often don't have access to email readily. Integration with other industrial solutions, such as HMIS, will allow them to communicate and get an alert that something has been found. This way, they can react to it sooner than having somebody watch the screen and keep checking the screen. Rockwell has its own suite. Similarly, Honeywell has its own suite. There's also an independent HMI/historian solution provider out there called VTSCADA. We actually get asked if we can get it to show up on a screen, which is difficult. Getting those alerts to work within an industrial environment would be a huge plus.
VP at a tech services company with 11-50 employees
Reseller
2020-11-02T18:45:06Z
Nov 2, 2020
The process of whitelisting a script that you want to be able to run can be a little bit difficult, or awkward. Some enhancements to this process would be an improvement.
Vice President Operations at a construction company with 11-50 employees
Real User
2020-10-06T06:57:40Z
Oct 6, 2020
I would like to see a little bit of additional reporting or insight as to what it is doing exactly. I do not think I need anything else included in the next release that I know of. Honestly, just improvement in the reporting would be good enough.
Security Domain Architect at a tech services company with 5,001-10,000 employees
MSP
2020-06-15T07:33:55Z
Jun 15, 2020
The user interface could be improved, it's very outdated. The solution could also do with more help actions and explanations such as what has been identified, things like that.
There are a lot of false positives and it takes up a lot of time. This is something that should be improved. I would like to see them fix the alerting system so that the endpoint reporting is a bit more streamlined. The vendor should be more widely advertising this product because not many people know that these types of solutions exist.
Director of IT Operations at a manufacturing company with 1,001-5,000 employees
Real User
2020-01-22T12:44:00Z
Jan 22, 2020
The OPTICS component could be made more user-friendly with respect to giving people more information. There are some issues that we have around our configuration, so I think that more training with respect to setup and configuration would be helpful.
To be honest, I think the product is, overall, quite good. It's working with AI Technology and machine learning that is connected to the Cylance Infinity Cloud. It picked up malicious files that other vendors didn't. It's actually been great on its own. Cylance is also launching mobile protection in 2020. At the moment the Cylance agent supports Windows, Mac OS and Linux devices, but they do not have an app for Android and IOS yet.
Co-Founder, CEO at a tech services company with 11-50 employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019
The downside is that the information displayed is not enriched enough. There was not much information available, that we could see. It should provide more details about the events that they have detected. There should be more information available post-incident. Basically, the user is informed that they have caught a threat, stopped it, and that's it. Users want to know what the threat was, the type of attack, how it got in, which IP address, did it go into lateral movement, etc. The kind of information that could be analyzed by IT experts to take forward and understand whether the attack is continuing, or not. They have some of this information but compared to other products, it's basic.
Wirtschaftsprüfer, CPA, Steuerberater at a financial services firm with 11-50 employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019
Improvements could be made on the user interface of the console. Also, right now it's just an antivirus and there's no firewall or anything. So we have to use the Windows firewall. It's a good firewall. But I think other companies have integrated products. The solution needs better dashboards that are easier to use. Also, a better user interface. Maybe even firewall integration of some kind. It would be helpful if you could see which threats have been detected, and have more information about what is going on. What I'm missing is a backup. In Norton, there was a backup included. In Cylance there is no backup, or at least no backup for the relevant system, programs, or software parts.
Security is an issue because they don't get Powershell. They scan the usual software and they don't scan deeper. The security scripting needs improvement. It needs deeper security for scripting. Also, more speed, less RAM, and less CPU.
BlackBerry Cylance provides endpoint security, threat protection, and antivirus capabilities, using AI and machine learning for protection against malware and ransomware on desktops, servers, and virtual machines worldwide. Its AI-driven threat detection operates even with limited internet, facilitating effective threat management.BlackBerry Cylance's centralized dashboard simplifies threat management and vulnerability protection for organizations globally. The platform combines AI and...
Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality. With this feature, if you get infected, with a click, you can go back to the pre-infection state. If Cylance could add this functionality to their offering as well, that would be ideal.
The product needs to continue to offer better alerts. In particular, around false positives. It needs to reduce them from happening. I can't speak to the solution lacking any features per se.
The implementation was complicated requiring some things that felt unsafe. After that, it was easy
I'd like them to do software distribution too, but they said that that's architecturally not at the product line. I'd like to see where they can push to avoid using another product to push the agents.
They could improve on the false positives, reporting and whitelisting features. For future releases, it would be helpful to have an easy uninstall button. The reason being, unless you connect the system to the internet, which you may not want to do, Cylance cannot be uninstalled easily. They claim it's practically impossible. If you have access to the online admin panel, it's very easy to uninstall Cylance. There is no easy way to uninstall locally. I have read online there is a convoluted way with a series of reboots and safety reboots that you could possibly do it locally.
It would be very important to have any kind of utility in the computer for Cylance to install monitoring into it in a simpler way. A computer should be able to self-scan on command. It is not easy to do that just yet. The company that sells us the licenses sometimes doesn't know how to do certain things. They should be offered more training or something, or maybe we could cover out channels ourselves and could have the knowledge of how to do everything ourselves without a third party needing to be involved.
It could have integration with industrial base HMIS or Human Machine Interfaces Solutions. This is the industrial environment where you have a control center for all the automation that's happening, whether it is oil, gas, or chemical manufacturing. They often have to set up a computer at the back and watch the other stuff to get alerts. In these autonomous or on-premises environments, they often don't have access to email readily. Integration with other industrial solutions, such as HMIS, will allow them to communicate and get an alert that something has been found. This way, they can react to it sooner than having somebody watch the screen and keep checking the screen. Rockwell has its own suite. Similarly, Honeywell has its own suite. There's also an independent HMI/historian solution provider out there called VTSCADA. We actually get asked if we can get it to show up on a screen, which is difficult. Getting those alerts to work within an industrial environment would be a huge plus.
The process of whitelisting a script that you want to be able to run can be a little bit difficult, or awkward. Some enhancements to this process would be an improvement.
I would like to see a little bit of additional reporting or insight as to what it is doing exactly. I do not think I need anything else included in the next release that I know of. Honestly, just improvement in the reporting would be good enough.
The user interface could be improved, it's very outdated. The solution could also do with more help actions and explanations such as what has been identified, things like that.
It should have better support for Windows and Mac.
There are a lot of false positives and it takes up a lot of time. This is something that should be improved. I would like to see them fix the alerting system so that the endpoint reporting is a bit more streamlined. The vendor should be more widely advertising this product because not many people know that these types of solutions exist.
The OPTICS component could be made more user-friendly with respect to giving people more information. There are some issues that we have around our configuration, so I think that more training with respect to setup and configuration would be helpful.
To be honest, I think the product is, overall, quite good. It's working with AI Technology and machine learning that is connected to the Cylance Infinity Cloud. It picked up malicious files that other vendors didn't. It's actually been great on its own. Cylance is also launching mobile protection in 2020. At the moment the Cylance agent supports Windows, Mac OS and Linux devices, but they do not have an app for Android and IOS yet.
The downside is that the information displayed is not enriched enough. There was not much information available, that we could see. It should provide more details about the events that they have detected. There should be more information available post-incident. Basically, the user is informed that they have caught a threat, stopped it, and that's it. Users want to know what the threat was, the type of attack, how it got in, which IP address, did it go into lateral movement, etc. The kind of information that could be analyzed by IT experts to take forward and understand whether the attack is continuing, or not. They have some of this information but compared to other products, it's basic.
Improvements could be made on the user interface of the console. Also, right now it's just an antivirus and there's no firewall or anything. So we have to use the Windows firewall. It's a good firewall. But I think other companies have integrated products. The solution needs better dashboards that are easier to use. Also, a better user interface. Maybe even firewall integration of some kind. It would be helpful if you could see which threats have been detected, and have more information about what is going on. What I'm missing is a backup. In Norton, there was a backup included. In Cylance there is no backup, or at least no backup for the relevant system, programs, or software parts.
Security is an issue because they don't get Powershell. They scan the usual software and they don't scan deeper. The security scripting needs improvement. It needs deeper security for scripting. Also, more speed, less RAM, and less CPU.
I would like to see a better UI in terms of sifting through more specific data and providing analytics. A little bit more would be nice.