I just had a conference with a Cylance technician and sales representative, in order to know the product to implement it on my company. I'm talking to an engineer this week, so many things are yet to come, but so far:
- Works 100% on IA
- Needs an update every 6-9 months
- Can work totally offline without limitations
- Does not include firewall
- It does include several components such as Application Control (differing from ordinary Application Controls, it can for example limit the usage of USB's, telling the system it cannot reproduce any USB except the one with this brand and serial number)
- Very very few to none FP
- Needs previous configuration and policies set up (not necessary a Cylance technician)
- IA differs from BB in an exceptional way. To start with, it does not sandbox nor search the cloud for behaviour examples. Everything is done locally. No data is sent nor recieved.
- No telemetry at all (wow)
- CEO is ex McAfee
- Really lightweight and light on system
- 4-5 years they studied malware behaviour
- There's no delay at all (milliseconds) when consulting the IA to execute files
Please drop any questions you may have so I can include them on my next talk with the engineer.
If there is no telemetry whatsoever, then how can one utilize the Cylance console and manage the end-point client.
Silly rabbit marketing... the thing collects at least a minimum of file infos.