FYI - starting a couple weeks ago I offered a free copy of Cylance (on my dime) to the hub testers to run through the hoops. So far nobody has taken me up on my offer. I'm actually pretty confident that it wouldn't be a disaster there so I was willing to foot the bill for it to see what would happen. The traditional pundits will come in and bash Cylance, Lockdown promoting SRP, CS promoting the Comodo Religion, etc. (no offense to those players, but that's guaranteed to happen)
I'm actually growing to be a bit of a fan of Cylance right now after being one of it's bigger critics but I only offer my recommendation of it provided there are some important caveats with that recommendation. The primary one being - you should have a URL/Traffic scanner paired with it. We tested Cylance here in the labs, it didn't perform all that astounding on a DMZ. But when we tossed it behind a reasonably qualified UTM/NGFW it was actually an excellent performer and offered some protections against some threats we've observed that few other technologies can address.
So I recommend Cylance be paired with a security focused router. Gryphon is the best. ASUS w/AiProtection, Norton Sphere, Bit Defender Box, F-Secure Sense, whatever.. As long as the router has decent URL filtration, then Cylance can run naked behind it and provide sufficient protection in most cases. Barring a router w/UTM like features I'd recommend pairing Cylance with Heimdal as Heimdal will offer incredibly potent URL/Traffic filtration encompassing one of the gaps in protection of Cylance. Or the hard combo of Cylance+OSArmor+Heimdal if you desire what likely amounts to impenetrable security. I still think Gryphon+Cylance is probably the best advanced combination I have found as that gives you ML/AI protection on your network, along with ML/AL protection on the endpoints, along with ESET/Zvelo for URL filtration.
We've found Cylance capable in an area most traditional suites fail - malware that doesn't exist but the moment it exists, it's usually detected. We've seen this exhibited with update channel compromises, tampered updates, altered malware and other things in testing. It actually appears quite potent in those areas. Coding an evasion to Cylance, I bet, is actually pretty hard for traditional malware coders which generally seem to alter existing malware to bypass traditional AV's since dataset fed into Cylance appears pretty extensive, and should spot it.
FP's with Cylance are infrequent, and should be paid attention to. After putting it on a few well used machines for testing we've only had a couple FP's over the weeks. We've had some extremely suspicious warnings that appeared like they could be FP's, but later evaluation showed us they weren't. So I guess we will see how this pans out. Each time Cylance comes up it causes a controversy..
