User Manual Q&AAnswer
Feb 07, 2025 - 09:50 PM
Cylance Endpoint Security products, such as CylancePROTECT Desktop, CylancePROTECT Mobile, CylanceOPTICS, CylancePERSONA Desktop, and CylanceGATEWAY, collect and use data to provide effective security measures. The specific data collected and used vary depending on the product. Here is a summary of the data collection and usage for each product:
1. CylancePROTECT Desktop:
- Collects potentially malicious executable files based on your product configuration.
- Transfers these files to the CylancePROTECT cloud services for scoring and analysis.
- Collects endpoint data, including hostname, FQDN, IP addresses, MAC addresses, and the name of the most recently logged-in user.
- Uses the collected data to identify and protect endpoints from threats.
- Data is stored in Amazon Web Services in a location chosen by the customer.
2. CylancePROTECT Mobile:
- Regularly scans apps on Android devices and uploads .apk files for analysis.
- Analyzes app packages using AI and machine learning to provide a confidence score.
- Collects SMS text messages containing URLs and sends them to the cloud services for real-time assessment.
- Collects mobile endpoint data, including device name, IP addresses, MAC addresses, OS type, and more.
- Data is stored in Amazon Web Services in a location chosen by the customer.
3. CylanceOPTICS:
- Collects and analyzes forensic data from Windows, macOS, or Linux devices.
- Monitors and collects various types of data, such as process artifacts, file artifacts, user artifacts, network artifacts, and event data.
- Uses the collected data to detect and respond to potential threats.
- Data is stored in the CylanceOPTICS cloud database or locally on the device, depending on the agent version.
4. CylancePERSONA Desktop:
- Collects behavioral data, including keyboard strokes, mouse clicks, and mouse movements.
- Uses machine learning and AI to analyze user behavior and generate a trust score.
- Collects process activity, network activity, logon events, and more.
- Data is processed in memory and not stored on the endpoint.
5. CylanceGATEWAY:
- Collects device data, including hostname, OS, and last connected date and time.
- Collects network activity data, such as DNS activity, destination IP addresses, and data transferred.
- Collects information about alerts and events related to network activity and potential threats.
- Data is stored in Amazon Web Services in a location chosen by the customer.
It's important to note that BlackBerry, the provider of Cylance Endpoint Security, takes data privacy seriously. They do not sell, lease, or distribute collected data, and data is retained for specific periods according to the terms of the contract. Additionally, data storage locations are chosen by the customer to ensure compliance with regional data protection regulations. For more detailed information, please refer to the BlackBerry Cylance Endpoint Security User Guide.
Add New Comment