Silencing Cylance: A Case Study in Modern EDRs

[Mikesierra]

Interesting post.

Silencing Cylance: A Case Study in Modern EDRs – MDSec

 

[oldschool]

Nice article, FWIW. I also found this discussion by endpoint users, it's 2 pages of forum posts with some interesting real-world experience with Cylance Protect.

Edit: Notice how the cooler heads mention CP as part of a layered security framework.

Cylance, Will it really protect you?

I am curious what your experience with the CylancePROTECT product is… other than the sales demo, have any of you REALLY tested this product? Basically, has anyone ever taken a system with Cylance installed, remove it from network, go on the internet… then hit every shady infected website you...

community.spiceworks.com

 

[oldschool]

@Pixy Stix - The OP obviously had encountered some info that many people are familiar with, and seemed to feel powerless about what endpoint would be used. What I liked were the system admins who had varied experiences with it, and/or with other vendors, etc. Their replies were level-headed for the most part. And I liked that thread is pretty current, after all the past hoopla that has appeared over the last few months/years.

 

[ForgottenSeer 58943]

I know of an organization with 50,000 endpoints with aggressively managed Cylance Protect. No compromise thus far, all audits are clean. Of course, Cylance Protect is combined with some pretty beefy Fortinet technologies and a properly managed IT infrastructure. But those should be a part of all business IT practices, and if they are, Cylance Protect itself, with nothing else is more than sufficient.

 

[oldschool]

Cylance is just software. All software has warts.

True. I saw it as some system admins sharing their experience, pure & simple. End of story.