BlackBerry has announced CylanceGUARD, the second new product from the security company it acquired earlier this year. CylanceGUARD is a Managed Detection and Response (MDR) solution. It is a subscription-based service that uses the Cylance AI, to provide continuous threat hunting and monitoring.
Jason Bevis, Vice President of Threat Hunting, BlackBerry Cylance said: “Alert fatigue is a real concern. With CylanceGUARD, organisations can benefit from a unified threat hunting, detection, and response approach, which enables in-house security teams to spend time on other organisational initiatives rather than recovering from breaches.”
What is CylanceGUARD?
As already noted, it is a subscription-based service that does continuous threat hunting and monitoring. So what does this mean:
- The BlackBerry Cylance AI filters all the security reporting data from across your network, refining it to remove the noise and irrelevant alerts. This creates threat intelligence
- BlackBerry Cylance security analysts and the AI investigate the threat intelligence to see what the risk is to the customer.
- Customers get a set of actionable intelligence and alerts using a set of escalation levels. Alerts go to customer mobile devices as well as email.
- CylanceGUARD also monitors changes to the customers environment to detect and prevent attacks automatically.
Customers can buy either the standard or advanced version of CylanceGUARD although no pricing has been made public. One of the differences between the two versions is the level of threat hunting that the product does. Both versions deliver 24×7 basic threat hunting. However, the advanced version has 24×7 proactive threat hunting.
What are the differences between the two? Is basic just passive searching through customer logs? Is monitoring of the customer environment in real-time to detect fileless attacks only available to those with proactive threat hunting? These are questions that many customers will want the answer to before they make a decision. A quick look at other threat hunting services offered by BlackBerry Cylance competitors shows no comparable split between levels of threat hunting.
Enterprise Times: What does it mean
There has been an explosion in the number of companies offering threat hunting services. It is part of the Managed Security Services market that IDC predicts will be worth over $21 billion this year.
Most vendors in this space use some form of AI. This helps reduce the amount of data and get to the threat intelligence quickly. The key difference between MSS providers is what then happens. Are customers given raw threat intelligence or passed actionable intelligence? How much does the security provider do to implement that intelligence on the customer site? Is there automated remediation of customer systems? Does the solution cover ALL the customers systems from onsite to cloud and does it include endpoints?
We already know that BlackBerry Cylance will do some of this but for customers, how much it will do depends on the version you buy. The website does nothing to answer these grey areas. Instead, it is a case of waiting for the webinar that will take place on Thursday 25th July to find out more.