Status
Not open for further replies.

ticklemefeet

Level 21
Verified
Slyguy, is fort knox firewall any good? That is what I used along with cylance protect. Along with appguard, voodooshield and mb antiexploit, windscribe vpn and shadow defender.
 
  • Like
Reactions: Slyguy

Slyguy

Level 40
Slyguy, is fort knox firewall any good? That is what I used along with cylance protect. Along with appguard, voodooshield and mb antiexploit, windscribe vpn and shadow defender.
Holy protection batman!

I haven't evaluated Cylance with adjunct technologies other than hardware technologies. We tested it behind a UTM with the UTM providing DNS, Web, Application Filtration and the heavy lifting involved with all of that. Cylance was quite nice behind a qualified, effective UTM appliance. In fact, it's a great setup IMO. (assuming you won't have lateral attacks) But I personally wouldn't run it without adjunct technologies as a normal consumer, so you are probably doing the right thing there if not stacking a few too many things perhaps?

I'm thinking for home users, tossing Cylance behind Gryphon, Dojo, F-Secure Sense, Cujo, Firewalla, Norton Sphere, Bit Defender Box or some other UTM/UTM-Like appliance would be pretty decent. All of the filtration of websites, DNS and traffic scanning would be offloaded to hardware, and Cylance could run as the exclusive and only solution on the desktops and probably still be fairly protected. That is decent until one of your IoT devices decides to move laterally and attack your systems.

I'm envisioning this for the average consumer; You have a Gryphon your gateway. It's filtering all of the web traffic (thank's to ESET/Zvelo), offering parental controls, and scanning for traffic anomalies (ML/AI IPS System). That closes off almost all vectors from 80/443 (etc) without any load on any devices AND providing some level of lateral network attack protection. Toss Cylance on the endpoints for a near-zero weight solution that's probably secure enough for anyone.
 

rsonic

Level 2
I haven't evaluated Cylance with adjunct technologies other than hardware technologies. We tested it behind a UTM with the UTM providing DNS, Web, Application Filtration and the heavy lifting involved with all of that. Cylance was quite nice behind a qualified, effective UTM appliance. In fact, it's a great setup IMO. (assuming you won't have lateral attacks) But I personally wouldn't run it without adjunct technologies as a normal consumer, so you are probably doing the right thing there if not stacking a few too many things perhaps?

I'm thinking for home users, tossing Cylance behind Gryphon, Dojo, F-Secure Sense, Cujo, Firewalla, Norton Sphere, Bit Defender Box or some other UTM/UTM-Like appliance would be pretty decent. All of the filtration of websites, DNS and traffic scanning would be offloaded to hardware, and Cylance could run as the exclusive and only solution on the desktops and probably still be fairly protected. That is decent until one of your IoT devices decides to move laterally and attack your systems.

I'm envisioning this for the average consumer; You have a Gryphon your gateway. It's filtering all of the web traffic (thank's to ESET/Zvelo), offering parental controls, and scanning for traffic anomalies (ML/AI IPS System). That closes off almost all vectors from 80/443 (etc) without any load on any devices AND providing some level of lateral network attack protection. Toss Cylance on the endpoints for a near-zero weight solution that's probably secure enough for anyone.
Those are expeeeeensive
 
  • Like
Reactions: tonibalas

Slyguy

Level 40
I like Fort Knox from what little I have played with it. There's a lot under the hood of it.

I'm skeptical of the claims in this video. Mostly because of the 'Once Cylance is installed, you don't care what your employees browse to and click on'..

 

Kubla

Level 6
Over on Spiceworks Cylance gets some interesting threads from marketing shills, like this:



So my question is - all of these shills and IT guys promoting Cylance - do they not understand the threat vectors of their customers? How are they planning to protect their customers from Phishing or Web Exploits? How about rogue browser extensions? DNS attacks? The list goes on and on, and the more I read the more I feel bad about Cylance.

Tell me I am wrong Lockdown, tell me Cylance is magical unicorn technology. Please. I want to believe.
They must be doing something right:

Cylance® Customers Propel Company Past $100M Revenue

3,800 enterprises think beyond security layers to predict and prevent cybersecurity attacks with next-generation artificial intelligence


The question might be if their product itself is not protecting from all that other stuff what are they running along side it?
 

Slyguy

Level 40
The question might be if their product itself is not protecting from all that other stuff what are they running along side it?
You'd be surprised at how well endpoints are protected behind a higher Gartner Quadrant UTM/NGFW. That's what I was trying to say above. Basically those NGFW's are doing all of the heavy lifting of web scanning (without SSL/MiTM and instead using TLD and SNI), botnet, application control, DNS protection and IPS, and quite likely HTTP antivirus scanning and in some cases gateway sandboxes.


In a previous post I suggested tucking Cylance behind a consumer grade UTM (Like Gryphon) and you are probably well protected since all of the URL scanning, AV(in some cases), IPS, Anti-Botnet, etc is at the gateway level. That's exactly how I would roll with Cylance, similar to how enterprise/corporate locations run it.

That also eliminates bloat from adding additional protection - and the conflicts that could result.. Get all of that crap off your endpoints and offload it to your gateway appliance.
 

Kubla

Level 6
Yes I just read rsonic's post I am really liking that idea, I will spend sometime this weekend researching consumer grade UTM's (y)
 

Slyguy

Level 40
Those are expeeeeensive
In many cases not anymore expensive than a top end consumer router without security features. Consider the Gryphon will likely be twice, if not up to 4 times better than most routers in speed and WiFi range. Not factoring all of the UTM features and incredible app control. $199 is a bargain IMO.

It's quite effective at blocking malicious websites, phishing and malware. Hence, filling the gap of Cylance without burdening your endpoints with extra junk.

Gryphon_Block.png
 
  • Like
Reactions: oldschool
5

509322

'Once Cylance is installed, you don't care what your employees browse to and click on'..

If that is true, then they have discovered the magic bullet and we all need to close up shop and go home - forever.

I know we'll still be open on Monday. (That's a circumlocution calling Cylance liars.)

And the awesome part of U.S. law is that when such an outlandish statement is made, no one can do anything about it because reasonable people know, or should have known, that it is a bogus statement. Just an FYI on U.S. advertising law - of which I know what can and cannot be said and done. ;)
 
D

Deleted member 178

Cylance is just a barebone AV and nothing else, same as Immunet or Avira, people that think and expect it would do more than that are mistaken.

People using cylance will still need complementary softs to cover all attack vectors.

Cylance seems to be efficient on Corporate environment because it is backed up by all those hardware appliances and other tools.

Basically Cylance is a security guard with a brain instead of a huge list of criminals; but still a security guard...not a SWAT officer.

The thing i like in AI/ML softs like Cylance is that they don't use signature databases.

i also like to know its resource usage (not just Cpu/RAM, but also i/o reads and writes bytes and rates ).
 
5

509322

The U.S. enterprise market is all about the decision makers covering their asses. So they gravitate strongly towards solutions that place highest in the AV lab tests. In other words those products with long track records of placing high in AV lab tests. That way, if the company ends up in court - being sued by some party that was harmed because of a data breach - they can say "We used the certified best performing security solution available... we used the best technology available."

Here in the U.S., enterprises assume they will be breached. That a breach is simply a matter of time. Not if, but when. Software selection and purchase has become very defensive with data breach liability issues first and foremost in mind.

And that's actually a big joke because in the U.S. it is extremely difficult to win a case against a firm for a data breach unless they were absolutely negligent with their IT security. SONY was sued by its employees (because their data was stolen and they suffered identity theft and financial harm) for its absolutely dismal IT security - and the employees lost the lawsuit.
 
Last edited by a moderator:
  • Like
Reactions: roger_m and Slyguy

Slyguy

Level 40
The U.S. enterprise market is all about the decision makers covering their asses. So they gravitate strongly towards solutions that place highest in the AV lab tests. In other words those with long track records of placing high in AV lab test. That way, if the company ends up in court - being sued by some party that was harmed because of a data breach - they can say "We used the best performing security solution available..."
This is actually 100% correct. I have a good amount of experience in the enterprise/corporate market. The common thought mentality is - 'We can at least prove we implemented the best solutions!'. That in and of itself absolves them of a good measure of liability.

I cannot even tell you how many times I have heard that sentence in some variance.
 
  • Like
Reactions: roger_m and BryanB
5

509322

This is actually 100% correct. I have a good amount of experience in the enterprise/corporate market. The common thought mentality is - 'We can at least prove we implemented the best solutions!'. That in and of itself absolves them of a good measure of liability.

I cannot even tell you how many times I have heard that sentence in some variance.
It's a falsehood concocted in their own minds. U.S. corporations have little to no liability for a data breach. You have to prove gross negligence and harm. And if a breach is caused by an employee's laptop being stolen and hacked, you cannot prove gross negligence. Likewise, if an employee extracts and launches a malicious file that compromises the entire system, you cannot prove gross negligence if the employer has implemented reasonable IT security. And most data breaches are caused not by direct hacking but by other means. So, except in the most extreme cases of negligence, the plaintiff will lose. If a person has suffered no harm, then there really is no case. A person's passwords and other personal infos being stolen is not a harm; the harm doesn't happen until they have actually incurred financial losses.

First and foremost in every security soft EULA it states "As Is, no guarantee of merchantability or fitness of use." The defendant brings this up, and the case starts to unravel. Because the product and the technology are not guaranteed to protect anyone or anything to begin with. Plus, there is no minimum standard for IT security. You can duke it out in court, default-allow vs default-deny vs actively monitored by humans vs unmonitored vs AI\machine learning vs signature detection - etc -etc - and end up right where you started... there is no minimum standard for IT security. The only thing you do is cause the jury to have a mind-freak.

Define reasonable IT security. Where is a standard, in writing, that establishes minimum IT security according to a very well-defined set of steps , implementation and ongoing actions (such as ISO or engineering standards) that a corporation must take to establish a "reasonable" or "minimum" IT security program ?
 
Last edited by a moderator:
  • Like
Reactions: roger_m and BryanB

artek

Level 3
h all of that. Cylance was quite nice behind a qualified, effective UTM appliance. In fact, it's a great setup IMO. (assuming you won't have lateral attacks) But I personally wouldn't run it without adjunct technologies as a normal consumer, so you are probably doing the right thing there if not stacking a few too many things perhaps?

I'm thinking for home users, tossing Cylance behind Gryphon, Dojo, F-Secure Sense, Cujo, Firewalla, Norton Sphere, Bit Defender Box or some other UTM/UTM-Like appliance would be pretty decent. All of the filtration of websites, DNS and traffic scanning would be offloaded to hardware, and Cylance could run as the exclusive and only solution on the desktops and probably still be fairly protected. That is decent until one of your IoT devices decides to move laterally and attack your systems.
They couldn't make a proper software firewall back in 2014 and you trust them to make secure router firmware?
 
Status
Not open for further replies.