« Back to Blog

CylanceOPTICS v2.1 Delivers AI-Driven Endpoint Detection and Response

By Steve Salinas

We are pleased to announce the release of CylanceOPTICS® version 2.1, an artificial intelligence (AI) driven Endpoint Detection and Response (EDR) component that provides organizations with constant endpoint security visibility, security event root cause analysis, robust and scalable threat hunting, as well as automated threat detection and response.

Augmenting the superior prediction and prevention offered by CylancePROTECT®, CylanceOPTICS provides automated detection and response capabilities to thwart hard-to-find threats across the enterprise, including:

•  Distributed Search and Collection: Our unique approach to data collection that optimizes data collection, search, and analysis

•  Root Cause Analysis: Web-based, on-demand, root cause analysis of attacks blocked by CylancePROTECT as well as other interesting artifacts identified on endpoints

•  Enterprise-wide Threat Hunting: Search endpoint data instantly for potential threats hiding on endpoints

•  Fast Incident Response: Take incident response actions fast, quarantining, acquiring suspicious files, and/or isolating compromised endpoints from the network 

•  Dynamic Threat Detection: Automates potential threat discovery, in real time, using curated detection rules

•  Automated Response: Customize automated response actions, associated with rule set, to eliminate the dwell time between threat detection and incident response action

Unlike other EDR products that require organizations to make significant investment in on-premises infrastructure, CylanceOPTICS is designed to automate the threat detection and response tasks using existing resources, reducing the workload on security analysts without increasing costs. 

The combination of CylancePROTECT and CylanceOPTICS delivers total endpoint security.

EDR Security Challenges

Endpoint security teams are inundated with data from the security products deployed across their network. Unfortunately, due to the need to maintain business continuity above all else these teams have little to no time to perform any proactive threat hunting or strategic security improvements, leaving critical threats unidentified and their security infrastructure at risk.

Compounded by the scarcity of skilled security resources on the market, many organizations must rely on their security tools to provide them the insights they need to identify, detect, and respond to security incidents. Unfortunately, many of these tools are not equipped to handle today’s threats.

While 100% detection and prevention of all threats is not possible, it is important that organizations begin their path to total endpoint security with a strong prevention strategy.

By doing all they reasonably can to prevent threats from impacting their business, they can then turn their attention to layering on technology and process aimed at detecting and responding to hard-to-prevent threats targeting their business.

The CylanceOPTICS EDR Advantage

Unlike other EDR products that require significant investment in on-premises infrastructure or force an organization to stream data continuously to a cloud environment for storage and analysis, CylanceOPTICS is designed to run on the endpoint, using the existing CylancePROTECT agent for collection, and a local database for storage.

Additionally, CylanceOPTICS targets collection of only forensically relevant artifacts, dramatically reducing data storage required to maintain situational awareness of the state of the endpoints in your environment.

With CylanceOPTICS, security teams can dissect any CylancePROTECT detected and blocked attack to determine root cause to improve their overall security framework. CylanceOPTICS also provides enterprise-wide threat hunting capabilities powered by InstaQuery (IQ), the dynamic endpoint data interrogation and visualization layer incorporated into the solution.

With CylanceOPTICS, analysts can perform on-demand enterprise wide threat hunts, searching for files, executables and indicators of compromise. IQ provides instant access to threat hunt results so analysts can quickly determine if any endpoint is at risk, minimizing available attack and dwell time to reduce your attack surface and speeding incident response.

In addition, the built-in automated threat detection and response capabilities, powered by the Context Analysis Engine, will automatically detect suspicious behaviors and other indicators of advanced threats on endpoints and can initiate specific response actions, without any human intervention.

This means your business remains secure 24x7 without disrupting your security team.

Take Them for a Spin – Test for Yourself

CylanceOPTICS is designed for any security operations center (SOC), from the very mature to the nascent. The common denominator is the organizations need to improve their threat hunting, root cause analysis, and incident response capabilities.

The combination of CylancePROTECT and CylanceOPTICS delivers the prevention, detection, and response capabilities needed for total endpoint security. With these powerful technologies in place, organizations can protect their sensitive data, reduce their risk of widespread compromises, and improve their overall security posture.

Organizations can also take advantage of our ThreatZERO™ consulting services, which are designed to institute best practices for prevention, network architecture, internal IR workflows, vulnerability and patch management, and assessment of both internal hosts and externally facing services that attackers use to gain a foothold.

True preventative technology combined with applied artificial intelligence is the future of security, and Cylance provides seamless and silent attack prevention with zero reliance on signatures, the cloud, and reputation lookups.

Contact a Cylance expert to get a demo of our solutions.

Tags: