1. Dunt Dunt Dunt's Avatar
    We don't really know get. But one of the critical elements to Cylance's approach is understanding "normal" behavior and monitoring for departures from that behavior. The threat of mobile endpoints is not that the phone is compromised. It's that a compromised phone can allow malware to move laterally through a network. By establishing a baseline of how that endpoint is functioning and interacting with enterprise resources, atypical patterns that might represent a malware scan or probe for weaknesses or an attempt to escalate privileges can be spotted quickly.

    By monitoring both the device and the network, Cylance can build a much more robust behavioural model.

    So, for example, if I download an app in my personal space that attempts to access data in my work space, Cylance can quickly compare that behavior with other known techniques. If my credentials are compromised and a script starts scanning the network trying to impersonate me, Cylance will see it doing something that I don't typically do.

    Z10 = BB10 + VKB > iOS + Android
    I think App_Developer's issue is how does a non-root App do all that on Android? DETK is basically a rooted app.... so BlackBerry is able to monitor things at the system level.

    It's like using NetGuard... the product protection is limited because of the limits Google allows to "apps".
    app_Developer likes this.
    02-17-20 10:44 AM
  2. conite's Avatar

    It's like using NetGuard... the product protection is limited because of the limits Google allows to "apps".
    Android 7 and above has always-on VPN, which can block ALL connections not using the VPN.

    "A person using the device (or an IT admin) can force all traffic to use the VPN. The system blocks any network traffic that doesn’t use the VPN."
    02-17-20 11:03 AM
  3. Dunt Dunt Dunt's Avatar
    Android 7 and above has always-on VPN, which can block ALL connections not using the VPN.

    "A person using the device (or an IT admin) can force all traffic to use the VPN. The system blocks any network traffic that doesn’t use the VPN."
    That is a quote on the Android developer site for those wanting to make their apps compatible with the VPN service.

    Even the developer of NetGuard has stated that the hardware manufacture could choose to bypass the Android layer - and that there are other times that the VPN Service goes down - rebooting, updating, power management (controllable). And he has admitted that rooting is better... it's just that with today's devices rooting has become so difficult.

    And he thinks it is crazy that Google has not made use of the Linux kernels firewall or created a more complete system based firewall....


    I think it's a great product, but I don't think it's 100%.... and I sure wouldn't use it to try and make a phone that I didn't trust the manufacture safe.
    02-17-20 12:01 PM
  4. conite's Avatar
    That is a quote on the Android developer site for those wanting to make their apps compatible with the VPN service.

    Even the developer of NetGuard has stated that the hardware manufacture could choose to bypass the Android layer - and that there are other times that the VPN Service goes down - rebooting, updating, power management (controllable). And he has admitted that rooting is better... it's just that with today's devices rooting has become so difficult.

    And he thinks it is crazy that Google has not made use of the Linux kernels firewall or created a more complete system based firewall....


    I think it's a great product, but I don't think it's 100%.... and I sure wouldn't use it to try and make a phone that I didn't trust the manufacture safe.
    If the OEM is actively working against you in a nefarious way, it's not a good situation for sure.
    Dunt Dunt Dunt likes this.
    02-17-20 12:49 PM
  5. bb10adopter111's Avatar
    I think App_Developer's issue is how does a non-root App do all that on Android? DETK is basically a rooted app.... so BlackBerry is able to monitor things at the system level.

    It's like using NetGuard... the product protection is limited because of the limits Google allows to "apps".
    I understand, and the answer is that there is a lot that an app can do without root access to monitor which apps are open and which resources are being requested. None of what I described requires root access.

    The trend in cyber is going to be that EVERY network request goes through a cloud cybersecurity stack as the first hop when leaving any endpoint (including fixed workstations on the corporate network). That will allow products like Cylance to see every single connection request and analyze patterns for suspicious behavior.

    Z10 = BB10 + VKB > iOS + Android
    02-17-20 03:20 PM
  6. app_Developer's Avatar
    I understand, and the answer is that there is a lot that an app can do without root access to monitor which apps are open and which resources are being requested. None of what I described requires root access.

    The trend in cyber is going to be that EVERY network request goes through a cloud cybersecurity stack as the first hop when leaving any endpoint (including fixed workstations on the corporate network). That will allow products like Cylance to see every single connection request and analyze patterns for suspicious behavior.

    Z10 = BB10 + VKB > iOS + Android
    I wasn’t suggesting it requires root, but it does require more than what an app downloaded from the store can see.

    UNless Cylance is planning to provide a VPN also?

    Or it works in the container. But then it can’t see apps outside of it. In theory I understand what you’re saying of course. In practice, though, I think it will be limited unless they get OEM cooperation (which may be the plan)
    02-17-20 03:27 PM
  7. Dunt Dunt Dunt's Avatar
    I wasn’t suggesting it requires root, but it does require more than what an app downloaded from the store can see.

    UNless Cylance is planning to provide a VPN also?

    Or it works in the container. But then it can’t see apps outside of it. In theory I understand what you’re saying of course. In practice, though, I think it will be limited unless they get OEM cooperation (which may be the plan)
    But what OEM? TCL again?

    Enterprise is buying Apple, Google and Samsung.

    I don't see Apple adding Cylance to iOS.
    I don't see Google adding Cylance to the Pixel.
    And I don't see Samsung adding Cylance.

    All three of these have their own AI/ML programs in place.... Cylance might have a head start, but it's amazing how fast you can catch up with a few billion in research and hiring people in the know.

    That said... you start with a "safe" phone, and then add the Cylance app and you monitor the network... that's good enough. As with current UEM policies, you rule out older devices or devcies under a certain update or patch level. And you stick to know products...
    02-17-20 03:58 PM
  8. bb10adopter111's Avatar
    But what OEM? TCL again?

    Enterprise is buying Apple, Google and Samsung.

    I don't see Apple adding Cylance to iOS.
    I don't see Google adding Cylance to the Pixel.
    And I don't see Samsung adding Cylance.

    All three of these have their own AI/ML programs in place.... Cylance might have a head start, but it's amazing how fast you can catch up with a few billion in research and hiring people in the know.

    That said... you start with a "safe" phone, and then add the Cylance app and you monitor the network... that's good enough. As with current UEM policies, you rule out older devices or devcies under a certain update or patch level. And you stick to know products...
    I think you're missing how Cylance works. It's not an OEM solution to secure the phone in isolation. No one is looking for that solution.

    Enterprises need to stop zero day attacks (which can't be detected by traditional antivirus) that enter their networks through endpoints. Without Cylance on the endpoint, they can't detect these until they enter the network and, more importantly, they can't learn anything about the nature of the compromise on the endpoint.

    In physical security terms. I don't need to know what is happening inside a person's mind to protect myself. I can simply monitor their behavior. But, if I can also interview them to learn about their self-reported thoughts and moods, I can improve my ability to predict people becoming a threat to themselves and others.

    Cylance as a mobile app would be most valuable as part of a larger solution, not as a stand-alome product.

    Of course other companies will be investing in AI/ML approaches to cybersecurity, as it's the only possible way to protect against novel threats. However, I wouldn't assume that any company with a few billion dollars to spare would necessarily have both the desire and ability to compete effectively Cylance, as a pioneer, has a few dozen foundational patents that a prospective competitor would need to navigate . And a company like Samsung is going to want to support whatever it's customers believe to be best in breed.

    As for the consumer market, honestly, who cares? Consumers are their own worst enemies. There is no product that can fix stupid. That may sound harsh, but it's simply true. Half of the US population has an IQ < 99 and must be protected by the tech companies and/or government regulation if they are to be protected at all. I don't expect consumers to buy any products that don't give them a jolt of dopamine periodically.

    Z10 = BB10 + VKB > iOS + Android
    idssteve likes this.
    02-18-20 04:33 AM
  9. Dunt Dunt Dunt's Avatar
    I think you're missing how Cylance works. It's not an OEM solution to secure the phone in isolation. No one is looking for that solution.

    Enterprises need to stop zero day attacks (which can't be detected by traditional antivirus) that enter their networks through endpoints. Without Cylance on the endpoint, they can't detect these until they enter the network and, more importantly, they can't learn anything about the nature of the compromise on the endpoint.

    In physical security terms. I don't need to know what is happening inside a person's mind to protect myself. I can simply monitor their behavior. But, if I can also interview them to learn about their self-reported thoughts and moods, I can improve my ability to predict people becoming a threat to themselves and others.

    Cylance as a mobile app would be most valuable as part of a larger solution, not as a stand-alome product.

    Of course other companies will be investing in AI/ML approaches to cybersecurity, as it's the only possible way to protect against novel threats. However, I wouldn't assume that any company with a few billion dollars to spare would necessarily have both the desire and ability to compete effectively Cylance, as a pioneer, has a few dozen foundational patents that a prospective competitor would need to navigate . And a company like Samsung is going to want to support whatever it's customers believe to be best in breed.

    As for the consumer market, honestly, who cares? Consumers are their own worst enemies. There is no product that can fix stupid. That may sound harsh, but it's simply true. Half of the US population has an IQ < 99 and must be protected by the tech companies and/or government regulation if they are to be protected at all. I don't expect consumers to buy any products that don't give them a jolt of dopamine periodically.

    Z10 = BB10 + VKB > iOS + Android
    I was replying to App_Developer's " I think it will be limited unless they get OEM cooperation ".
    02-18-20 07:10 AM
  10. Emaderton3's Avatar
    I think you're missing how Cylance works. It's not an OEM solution to secure the phone in isolation. No one is looking for that solution.

    Enterprises need to stop zero day attacks (which can't be detected by traditional antivirus) that enter their networks through endpoints. Without Cylance on the endpoint, they can't detect these until they enter the network and, more importantly, they can't learn anything about the nature of the compromise on the endpoint.

    In physical security terms. I don't need to know what is happening inside a person's mind to protect myself. I can simply monitor their behavior. But, if I can also interview them to learn about their self-reported thoughts and moods, I can improve my ability to predict people becoming a threat to themselves and others.

    Cylance as a mobile app would be most valuable as part of a larger solution, not as a stand-alome product.

    Of course other companies will be investing in AI/ML approaches to cybersecurity, as it's the only possible way to protect against novel threats. However, I wouldn't assume that any company with a few billion dollars to spare would necessarily have both the desire and ability to compete effectively Cylance, as a pioneer, has a few dozen foundational patents that a prospective competitor would need to navigate . And a company like Samsung is going to want to support whatever it's customers believe to be best in breed.

    As for the consumer market, honestly, who cares? Consumers are their own worst enemies. There is no product that can fix stupid. That may sound harsh, but it's simply true. Half of the US population has an IQ < 99 and must be protected by the tech companies and/or government regulation if they are to be protected at all. I don't expect consumers to buy any products that don't give them a jolt of dopamine periodically.

    Z10 = BB10 + VKB > iOS + Android
    This is what I was trying to get at before
    02-18-20 08:54 AM
  11. app_Developer's Avatar
    I think we're conflating a couple different Cylance products. I agree that Cylance Protect was a product where they had a head start (but even that advantage is evaporating rapidly. I teach an ML course for Women who Code and friends and I know that companies are investing heavily in this space in senior hires as well as training of junior devs )

    ... and then there is Cylance Optics. I don't agree that they ever had ANY head start there. They are catching up with multiple competitors on that product.

    The AWS IoT platform, for example, has come a very long way in the past year wrt to endpoint protection and remediation.

    on Android, there is a big, big, big gap between "root" access to a device and the very limited access that app developers get for apps listed in Play. So I remain quite skeptical that Cylance can do much of anything useful as an app you download from the store. I think there will be more it can do if an OEM gives it elevated permissions compared to a normal app.
    Last edited by app_Developer; 02-18-20 at 02:22 PM.
    Dunt Dunt Dunt likes this.
    02-18-20 02:06 PM
  12. Emaderton3's Avatar
    I think we're conflating a couple different Cylance products. I agree that Cylance Protect was a product where they had a head start (but even that advantage is evaporating rapidly. I teach an ML course for Women who Code and friends and I know that companies are investing heavily in this space in senior hires as well as training of junior devs )

    ... and then there is Cylance Optics. I don't agree that they ever had ANY head start there. They are catching up with multiple competitors on that product.

    The AWS IoT platform, for example, has come a very long way in the past year wrt to endpoint protection and remediation.

    on Android, there is a big, big, big gap between "root" access to a device and the very limited access that app developers get for apps listed in Play. So I remain quite skeptical that Cylance can do much of anything useful as an app you download from the store. I think there will be more it can do if an OEM gives it elevated permissions compared to a normal app.
    Ok so which is the one BlackBerry claims has thousands of customers and is thriving?
    02-18-20 06:14 PM
  13. app_Developer's Avatar
    Ok so which is the one BlackBerry claims has thousands of customers and is thriving?
    We know more about Cylance before BB, than post. BB is usually vague about their "wins". But pre-BB, the mix was heavily Protect and the customer mix was heavily mid-market (I have personal investments in the ML/AI space and I own the ML/AI c4e where I work, so this is stuff I study a lot about).

    The goal for Cylance should be to grow Optics and to move their mix to larger enterprises IMO. How they're doing with that will probably not be very clear now.

    But that's where the big growth is, and if Optics doesn't become their main sale, then they are definitely at risk of being run over in the next few years or sooner. BB themselves are integrating QNX into the AWS IoT platform, which has its own ML/AI driven edge security solutions (this Amazon stuff is NOT Cylance, lest someone start that rumour here). So that gives you an example of how quickly the big guys are moving in.
    02-18-20 06:34 PM
  14. Emaderton3's Avatar
    We know more about Cylance before BB, than post. BB is usually vague about their "wins". But pre-BB, the mix was heavily Protect and the customer mix was heavily mid-market (I have personal investments in the ML/AI space and I own the ML/AI c4e where I work, so this is stuff I study a lot about).

    The goal for Cylance should be to grow Optics and to move their mix to larger enterprises IMO. How they're doing with that will probably not be very clear now.

    But that's where the big growth is, and if Optics doesn't become their main sale, then they are definitely at risk of being run over in the next few years or sooner. BB themselves are integrating QNX into the AWS IoT platform, which has its own ML/AI driven edge security solutions (this Amazon stuff is NOT Cylance, lest someone start that rumour here). So that gives you an example of how quickly the big guys are moving in.
    Ok. Their website claims thousands of user bases. They don't seem to differentiate.
    02-18-20 06:52 PM
  15. bb10adopter111's Avatar
    Gartner has them in the upper right corner of the lower left quadrant, close to the "magic quadrant" for endpoint protection but a bit too low in both "completeness of vision" and "ability to execute." I'm not a huge Gartner fan, but that seems about right to me. They are well positioned, but they have to innovate and execute.

    Z10 = BB10 + VKB > iOS + Android
    Last edited by bb10adopter111; 02-19-20 at 06:17 AM.
    chain13 likes this.
    02-18-20 09:29 PM
  16. chain13's Avatar
    Or it works in the container. But then it can’t see apps outside of it. In theory I understand what you’re saying of course. In practice, though, I think it will be limited unless they get OEM cooperation (which may be the plan)
    I don’t really know about 35.000 endpoints they’ve deployed. Are they all end user’s devices or including routers in the networks?
    02-19-20 05:33 AM
  17. bb10adopter111's Avatar
    I don’t really know about 35.000 endpoints they’ve deployed. Are they all end user’s devices or including routers in the networks?
    Endpoints include PCs, tablets, phones, etc. (i.e., devices used by end users.)

    Z10 = BB10 + VKB > iOS + Android
    02-19-20 06:16 AM
  18. chain13's Avatar
    Ok. Their website claims thousands of user bases. They don't seem to differentiate.
    Cylance is not the big player in this field yet
    02-19-20 07:08 AM
  19. bb10adopter111's Avatar
    Cylance is not the big player in this field yet
    Obviously. They are competing against incumbents that have been around for 20-30 years!

    But their growth has been dramatic. That's why BlackBerry bought them. They are still the most significant player in AI antivirus in the enterprise. Everyone uses AI in their marketing language now, but few are genuinely AI-driven.

    Z10 = BB10 + VKB > iOS + Android
    02-19-20 07:22 AM
  20. chain13's Avatar
    Obviously. They are competing against incumbents that have been around for 20-30 years!

    But their growth has been dramatic. That's why BlackBerry bought them. They are still the most significant player in AI antivirus in the enterprise. Everyone uses AI in their marketing language now, but few are genuinely AI-driven.

    Z10 = BB10 + VKB > iOS + Android
    I think it’s a good vision if blackberry willing to play in cybersecurty fields. It really depends on partnerships and multiplatforms, cybersecurity isn’t only endpoints, but also the networks (servers, multiclouds etc)
    app_Developer likes this.
    02-19-20 07:26 AM
  21. bb10adopter111's Avatar
    I think it’s a good vision if blackberry willing to play in cybersecurty fields. It really depends on partnerships and multiplatforms, cybersecurity isn’t only endpoints, but also the networks (servers, multiclouds etc)
    Correct, but BlackBerry is an endpoint-oriented company. That's the niche they have to win to enable other strategies. It's also the niche that companies are worried about, as 80%+ of cyber loss events begin on the endpoints.

    Z10 = BB10 + VKB > iOS + Android
    02-19-20 07:32 AM
  22. Dunt Dunt Dunt's Avatar
    Cylance is not the big player in this field yet
    They were THE player in AI/ML protection back four or five years ago....

    But traditional security companies have added ML and AI to their existing products. And that's been the recommendation of most in IT... to have both traditional and new ML solutions working together. Cylance has only part of the solution.

    You look at who the enterprise software players in the market are today.... it's the companies that offer a wider range of products under one roof. Microsft, IBM, Citrix, VMware.

    The tiny UEM players like Mobileiron, Sotii, and BlackBery are fading. Adding Cylanc gives BlackBerry another product line to offer. Bu they are still a small specialized company.

    I think at best Cylance might stabilize BlackBerry's Enterprise business for a few years... but long term I see them either being absorbed or fading away. Cylance greater affect may be on BlackBerry's Automotive and IoT endeavors.
    02-19-20 07:43 AM
  23. bb10adopter111's Avatar
    They were THE player in AI/ML protection back four or five years ago....

    But traditional security companies have added ML and AI to their existing products. And that's been the recommendation of most in IT... to have both traditional and new ML solutions working together. Cylance has only part of the solution.

    You look at who the enterprise software players in the market are today.... it's the companies that offer a wider range of products under one roof. Microsft, IBM, Citrix, VMware.

    The tiny UEM players like Mobileiron, Sotii, and BlackBery are fading. Adding Cylanc gives BlackBerry another product line to offer. Bu they are still a small specialized company.

    I think at best Cylance might stabilize BlackBerry's Enterprise business for a few years... but long term I see them either being absorbed or fading away. Cylance greater affect may be on BlackBerry's Automotive and IoT endeavors.
    Strategically, I agree with most of that. But there is a significant quality gap between Cylance and the bolted-on AI/ML capabilities of the legacy antivirus companies. Also, since Cylance and other signatureless AV solutions are lightweight, enterprises find that the cost of running multiple services is a good security investment that doesn't hurt performance. Running multiple AVs is not painful like it has been traditionally with Kaspersky/McAfee type solutuons

    I'd say that Cylance's biggest threat is not that the legacy AV giants will catch up, but that there will continue to be disruptive change affecting all the current incumbents. The move to zero trust and hyper cloud solutions will obliterate the traditional boundaries between being "inside" and "outside" of the network. In that environment, every endpoint, and almost every server will only be connected to a cloud-based security stack. That trend, which we'll see over the next 5-10 years, will be very disruptive.

    This is not meant as investment advice. I'm not talking about cash flows or revenue growth. I don't invest in cybersecurity companies, because the nature of my advisory work requires me to be as free from bias as possible. I simply think Cylance has very valuable IP for the direction in which the industry is moving. We'll see how that translates into strategy and execution.

    Z10 = BB10 + VKB > iOS + Android
    02-19-20 08:13 AM
  24. app_Developer's Avatar
    I'd say that Cylance's biggest threat is not that the legacy AV giants will catch up, but that there will continue to be disruptive change affecting all the current incumbents. The move to zero trust and hyper cloud solutions will obliterate the traditional boundaries between being "inside" and "outside" of the network. In that environment, every endpoint, and almost every server will only be connected to a cloud-based security stack. That trend, which we'll see over the next 5-10 years, will be very disruptive.
    I agree with this. Cylance shouldn't be worried about legacy AV companies. That would be like BB, circa 2007, being worried about Nokia or Motorola. Wrong focus.

    I don't think that disruption is 5-10 years out in enterprise. Certainly not in the enterprise where I work. This is where we are in large parts of our enterprise today!

    We'll see how that translates into strategy and execution.
    Also agree on this. Let's not forget we are only 7-8 month removed from a super trivial and obvious and successful attack on Cylance EPP. The quickness of their response indicates a tuning issue (over-fitting, I think). That's pretty basic stuff for fraud detection ML that I worked on before, or physical hacking protection today for our autonomous driving systems. I'm shocked this type of attack wasn't a core part of normal testing at Cylance for years, and definitely led me to pump the brakes on this "Cylance is ahead of the world" thing.

    So we'll see.
    Dunt Dunt Dunt likes this.
    02-19-20 09:23 AM
  25. Dunt Dunt Dunt's Avatar
    Strategically, I agree with most of that. But there is a significant quality gap between Cylance and the bolted-on AI/ML capabilities of the legacy antivirus companies. Also, since Cylance and other signatureless AV solutions are lightweight, enterprises find that the cost of running multiple services is a good security investment that doesn't hurt performance. Running multiple AVs is not painful like it has been traditionally with Kaspersky/McAfee type solutuons

    I'd say that Cylance's biggest threat is not that the legacy AV giants will catch up, but that there will continue to be disruptive change affecting all the current incumbents. The move to zero trust and hyper cloud solutions will obliterate the traditional boundaries between being "inside" and "outside" of the network. In that environment, every endpoint, and almost every server will only be connected to a cloud-based security stack. That trend, which we'll see over the next 5-10 years, will be very disruptive.

    This is not meant as investment advice. I'm not talking about cash flows or revenue growth. I don't invest in cybersecurity companies, because the nature of my advisory work requires me to be as free from bias as possible. I simply think Cylance has very valuable IP for the direction in which the industry is moving. We'll see how that translates into strategy and execution.

    Z10 = BB10 + VKB > iOS + Android
    Just look at Windows Defenders latest ratings... I don't know how MS brought AI/ML to Defender - rewrite or bolt-on. Either way its a very good solution for individuals. https://www.av-test.org/en/antivirus/home-windows/ or at the least not the joke it once was.

    I see no reason for Cylance to even bother with the consumer Windows or Android markets... other than they make the product they might as well try to monetize it any way they can.

    But Cylance changed in 2018.... IT market recognized that, and I think that was a turning point for them. The went from almost 300% growth in 2017 to only 90% in 2018. Chen's put this year's YoY sales increases for Cylance at 30%... with a market that growing faster than that, they are falling behind.

    I really can't talk to the quality gap between products... I'm just looking at how the business market seems to be reacting. They seem to prefer one stop shops that can offer a wider selection of products under one roof... at one low price.

    Truth is the best product doesn't always win... there is a lot more to selling products.
    02-19-20 10:39 AM
185 ... 5678

Similar Threads

  1. WTS/WTT BlackBerry Classic Cobalt Blue
    By the_boon in forum Buy, Sell, Trade - Sold / Archived
    Replies: 10
    Last Post: 02-18-20, 04:16 PM
  2. BlackBerry suite of apps future?
    By gebco in forum General BlackBerry News, Discussion & Rumors
    Replies: 28
    Last Post: 02-10-20, 03:56 PM
  3. How much for a BlackBerry KEY2 LE replacement screen?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 02-03-20, 03:05 PM
  4. Synchronize Google Contacts with Blackberry 10
    By Bristroh in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 02-03-20, 02:11 PM
LINK TO POST COPIED TO CLIPBOARD