Dave CundiffSenior Director, CylanceGUARD
The Dilemma of Combatting Threats
Alert Fatigue Sophisticated and Evolving Attacks
Skills and Resource Gaps
Network Economics
10%SPECIFIC TO A CUSTOMER’s EVENTS99% of these can be classified as GOOD
ONLY 1%NEED TO BE INVESTIGATED
Which means..
A situation in which a business will benefit through the feedback provided by those who use the product or service.
COMMON SECURITY EVENTS
Why waste time investigating
90%
ONLY .1%NEED YOUR ATTENTION
The majority of events are common across customers.
What is Needed
MOBILITY
We are concerned busy security analysts won’t see alerts due to the volume of email the receive.
We don’t expect our customers to sit glued to a monitor 24X7X365.
Our customers don’t have that kind of time.
MOBILE WARNING
WORKFLOWVISIBILITY
VISIBILITY
Time is of the essence. Need to eliminate where an alert is sent but no one responds.
What is CylanceGUARD
Analyst and Threat Hunters
A 24X7 managed detection and response offering Transparent portal interaction Mobile flexibility
A solution to handled sophisticated and evolving attacks, alert fatigue, and our customers skill or resource gaps
A combination of several technologies and skilled resources to provide our customers a managed solution for prevention
Analyzes and prioritizes Automates analyst and incident
engagement
Proactive alerting at the fingertips Context to streamline investigation Customer interaction with triage and
response
Skilled Cylance Hunting Experts Prevent zero-day threats
Threat Validation and Triage
Mobile Warning and Interaction
Optics and Visibility
CylanceGUARD Components
ThreatZERO Prevention Expertise Prevent 99.9% of software
related threats
MOBILE WARNING
ONGOING PREVENTION
VALIDATE & TRIAGE
USER PORTAL
ThreatZERO
Triage
Mobile
Hunting
Cylance GUARDPortal
24x7 User Interaction
24x7 Threat Hunting
Email Alerts
Mobile Alerts and Escalation Management Proactive Threat Hunting 24X7
(Alert, Intelligence, and Methodology Hunting)
Proactive Outreach forCritical Alerts
Quarterly Prevention Review (Ongoing review withCylance experts)
CylanceGUARD Reports (Monthly Reports on Activityand Threat Landscape)
Access to GUARD Analysts (Incident ResponseGuidance and Strategy)
CylanceGUARD
CylanceGUARD Advanced
CylanceGUARD Tier Comparison
CylanceGUARD provides a foundation.
CylanceGUARD Advanced is a comprehensive solution that meets an organization needs for threat hunting.
Both offerings leverage the pre-execution abilities of CylancePROTECT and the post-execution of monitoring and blocking associated with CylanceOPTICS.
ThreatZERO Configurationand Assurance (Including Cylance Product On-boarding)
Defined SLAs for CriticalAlerts
CylanceGUARD
Capability Comparison Competition Cylance
Security Device Management (Firewall, SIEM, etc.)
Security Device Monitoring (alert forwarding)
Automated Alert Processing
24X7 monitoring by Cybersecurity Analysts
Advanced Threat Detection and Hunting
Security Alert Investigation and Notification performed by Security Analyst
Service Level Agreement for Alert Response
Analyst will proactively respond (isolate, whitelist, etc.)
Security Orchestration and Automation and Response
Alert Notifications include short and long term recommendations
Transparent view to rules, comments, audit logs and metrics
Native iOS and Android applications for alert investigation and collaboration
Multi-Tenant so customer can have multiple organizations with centralized parent
Prevention First Approach Disrupts the Kill chain
MDR/ EDR are Reactive by Nature
Transparency of Activity Event Reduction Efficacy and Visibility
into the Workflow
Clear Knowledge of MTTD (Mean Time to Discovery) and MTTR (Mean Time to Response)
How We Do It Better Mobile Application Security Convenience Orchestration Capability
Customer specific workflow
Event reduction to focus on critical alerts
Package Deployment Advanced Threat Hunting
Intelligence
Methodology
Compliance and Privacy CylanceGUARD will be available world-wide but data
sets and analysts will reside in the U.S. initially.
The initial offering will have English-speaking analysts only.
Expansion is planned for future data centers and analyst residence in other regions (i.e. Europe, APAC, etc.).
Individual country and state regulations must be considered when selling this offering
Cylance AI Platform SolutionsBelow are the list of packages for the Endpoint solutions offered by Cylance.
LEVEL OF PACKAGE SOLUTION - CURRENT DESCRIPTION
EDR Solution, Total Endpoint Security Solution
Premium Protect + Optics + Guard Advanced One SKU (1 or 3 year Options)
Standard Protect + Optics + Guard One SKU (1 or 3 year Options)
Basic Protect + Optics + ThreatZERO Managed Prevention
Multiple Sku Solution
NGAV Solution
Premium Protect + ThreatZERO Managed Prevention Multiple SKU Solution
Standard Protect + ThreatZERO Foundational Multiple SKU Solution
Basic Protect Single SKU Solution
Best
Good
CylanceGUARD Service Descriptions
Triggering events from CylancePROTECT and CylanceOPTICS products initiate an alert to be followed up on by a CylanceGUARD analyst.
Customers receive alert email notifications based on escalation tiers defined during the onboarding process.
Customers receive mobile alert notifications using the CylanceGUARD iOS or Android application and can interact with analysts through defined escalation tiers.
Leverages Cylance technological expertise and personalized, white glove service to optimize Cylance security solutions.
ThreatZERO Configuration and Assurance
Email Alerts
24x7 Threat Hunting
Mobile Alerts and Escalation Management (iOS, Android)
CylanceGUARD Advanced Service Descriptions
Threat hunting occurs using various different methods including Alert based, intelligence, and methodology leveraging proven methods that identify potential attacks, data exfiltration, unauthorized access or other potential vectors of compromise in the environment.
Access to Cylance professionals to enhance a security teams’ response and hunting operations by providing guidance and expertise when needed.
Monthly reports on activity and threat landscape.
Ongoing review with our ThreatZERO experts providing the insight and knowledge required to obtain and maintain a state of prevention.
In the event of a critical alert, CylanceGUARD Analyst follows up with a proactive phone notification 24X7 to ensure the customer is aware of a potential threat.
Access to Analysts for IR Guidance and Strategy
Proactive Threat Hunting 24X7 (Alert, Intelligence, and Methodology Hunting)
Quarterly Prevention Review
CylanceGUARD Reports
Proactive Outreach for Critical Alerts
CylanceGUARD Advanced Service Descriptions
Leverages a fixed set of defined SLAs including security event investigation, median incident resolution time, failed email security event receipt notification, and GUARD monthly report.
Leverages Cylance technological expertise and personalized, white glove service to optimize Cylance security solutions.
Customers receive mobile alert notifications using the CylanceGUARD iOS or Android application and can interact with analysts through defined escalation tiers.
Customers receive alert email notifications based on escalation tiers defined during the onboarding process.
Triggering events from CylancePROTECT and CylanceOPTICS products initiate an alert to be followed up on by a CylanceGUARD analyst.
Defined SLAs for Critical Alerts
ThreatZERO Configuration and Assurance
Mobile Alerts and Escalation Management (iOS, Android)
Email Alerts
24x7 Threat Hunting
The Cylance Prevention Platform
TechnologyUses AI to deliver prevention
Holistic Embedded Program
Preventative Consulting Services
CylancePROTECTAI-threat prevention
Security ServicesSecurity optimization,
assessments, and management
CylanceOPTICSAI-incident prevention
Delivering Prevention-Based Security Solutions
THREATZERO™
INDUSTRIAL CONTROL SYSTEMS
EDUCATION
IoT /EMBEDDED SYSTEMS
RED TEAMSERVICES
INCIDENT CONTAINMENT& FORENSICS
STRATEGIC SERVICES
Creation of Integrated Practice Areas
Best in Class Security Authorities
Dedicated Engagement Manager
Customized Solutions
Global Coverage with Local Attention
Portal Dashboard
Portal Alerts
Portal Reports
Portal Orchestration Filters
Portal Orchestration Lists
Portal Orchestration Feeds
Portal Notifications
Mobile Dashboard
Mobile Alerts
Mobile Alert Detail
Mobile Audit Logs
Mobile Comments
Mobile Alert Escalation
Mobile Saved Searches
Mobile Notifications