CylanceOPTICS Reviews

We use CylanceOPTICS primarily to understand what happened after any of the alerts. You can use the solution to query certain things. If you're looking for a certain hash or file name, we can run searches on it.

I would say it's not the best product. We're currently using CrowdStrike EDR, which is far superior to what CylanceOPTICS offers. What I liked and didn't like about it is that everything runs in real time. If you're searching for something, CylanceOPTICS pulls only on online devices because it doesn't have a database. In a way, it might work to some benefit, but a lot of times, we might not have the full picture.

The solution's contextual analysis is sometimes not very clear compared to some modern EDRs like CrowdStrike. Compared to other EDR tools, CylanceOPTICS lacks some information. It takes more time to investigate or dig up and understand what's going on.

I might not be the right person to answer questions about risk mitigation as I'm not a technical person and have not handled those aspects directly.

We completed the deployment of approximately 300 users in a span of 10 days. There were many dependencies because we had to remove the existing AV product from the systems, and then we had to deploy the agents of CylanceOPTICS. While 10 days is a considerable amount of time, this was not due to CylanceOPTICS. The CylanceOPTICS deployment typically should take approximately two to three days maximum.

CylanceOPTICS has a beautiful behavior analytics feature. I witnessed it when an application was attempting to install itself automatically. It analyzed the behavior and blocked it. This is a very good feature they have.

CylanceOPTICS needs to incorporate a threat kill chain similar to what CrowdStrike offers. It should be presented graphically for users and admins to understand exactly what has occurred.

The reason why I choose SentinelOne right now is that I can fork timelines. I can create serialization or my own fingerprints for the use cases. Or I can actually look for unknown unknowns. Where in CylanceOPTICS, I don't have that functionality, but what you can do in Cylance is, like, you can create artifacts.

Cylance also lets you classify different severities of AV detections, while SentinelOne uses signatures. So, they work slightly differently. In my opinion, Cylance might be lighter, but both are competitors with similar functionality, just a different approach. That's about it.

It's the whole suite. Like, you can't really use one aspect of it without having to use the other. Unless you can resolve it using the built-in AV detector.

In future releases, I would like to see more features around analysis for remote devices. 

CyclanceOPTICS requires all devices to be online for it to run a search, so it didn't have any information saved up. It doesn't look for devices that are offline at the time of the search.

We've used this solution for four years. 

We use CylanceOPTICS for malicious URLs and malicious processes. 

Malicious processes that we're attempting to be notified about, and similar things.

We have been dissatisfied with CylanceProtect and CylanceOPTICS and want to leave within the next several months. It just hasn't been an effective tool.

The tools are ineffective. It flags a lot of things. To give you an example, it detected Google Chrome and blocked the user's access to it. That it mistook for malicious, which turned out to be a false positive. When this happened, I had to go in and perform something to get them access to Chrome; when they submitted the access to Google Chrome, they received a black screen and couldn't do anything whatever.

As you may expect, I received a lot of tickets for that.

It had to be addressed in order for the user to be able to go to what they were attempting to get to. I had to go in and temporarily apply for exclusion and open a ticket.

I don't feel like it is actually protecting us against anything, It provides too many false positives.

Typically, we use machine learning features that we developed over the last half a dozen years to build this product, and therefore we're not a signature-based solution. If there are some anomalies that are taking place, generally we can raise an alarm and beyond just raising an alarm, we can provide some other kind of mitigation. We can maybe block communications or sandbox communications or send an alert as another aspect of control or protection.

Their efficacy is pretty good. They're probably in that effectiveness rating of somewhere around 95%. I categorize the solution in that 94% to 97% range in terms of identifying any form of malicious content. 

Historically speaking, they were the technology that identified the big OMB cybersecurity event that happened back in 2015 or something like that. They are well-known for their efficacy, which is a huge plus.

The solution has a high level of trust in the industry. For example, they were used for maybe the Democratic party after the 2016 convention. They had high-ranking, well-known customers that they deal with. 

They do have some other nice features. They do have some behavior analytics features or UEBA features that I've heard are pretty interesting. 

The solution is stable.

I haven't heard anything really negative about technical support.

The initial setup isn't too difficult.

The solution is mostly for EDR stuff, basically, to protect a company if it got hit by ransomware. That was one of the biggest worries. That was the main use it, was to monitor and protect at this point.

It's pretty unintrusive. It's light and it's pretty effective in the level of response.

The tool itself, it's really good. The client never had any issues afterward.

The primary use would mainly be for intelligent intrusion detection and response. Our biggest customers are two pharmacies and a bank, so it would be applied in the financial and healthcare industries.  

The most valuable part of this solution is that it is advanced technology. Cylance is an engine, it is not a signature-based antivirus protection solution. It is based on the AI (Artificial Intelligence) and the ML (Machine Learning) models. Apart from the issue with the false positives — which is a known issue — the product could really not be more proactive in the way works.  

A signature-based protection solution goes out to a central server and picks up whatever the latest antivirus definition is that is out there and uses it as a blueprint to see if you have anything that is running that is included in the definition. This is a pre-defined list of malware processes and even if it is updated frequently, it is static.  

What Cylance does that is different than signature-based systems is that it is processor-powered monitoring. It remains on guard looking to see if there is something that is running that is out of the ordinary on your machine. It basically looks for anomalies. So if there is a behavior that raises a flag and that something is going on that should not be happening — it discovers an inconsistent behavior that does not look kosher — it will cancel the process. That is basically how it works.  

So, for example, if you can imagine if something malicious enters your system and it wants to read something from the registry. Maybe for you and me reading from the registry is fine, but for this other entity (or program or malware), Cylance detects the unusual behavior and makes a decision. In this case, it might decide this entity is not supposed to be reading the registry because it might want to change something inside of it. If it wants to change something, then it is a malware or some other type of intrusion. So Cylance stops the process as it is happening and blocks whatever is making the bad action. That is actively patrolling for malicious behavior.