BlackBerry Cylance ThreatZERO
Delivering Provable Prevention

Benefits:

• Accelerated pathway to prevention from cyber attacks
• Measurable prevention is demonstrated throughout the process
• Expert solution tuning for CylancePROTECT and CylanceOPTICS
• Reduced overhead through expert guidance and knowledge transfer to staff
• Separates the signal from the noise of commodity malware and adware
• Maintains prevention status through quarterly maintenance and remediation
• Advanced EDR tuning to provide visibility into TTPs and interesting artifacts

Service Components:

Service Options To Meet Your Needs

Map Our Service Benefits to Your Requirements

ThreatZERO (Foundational):

Delivering Provable Prevention

While implementing new security solutions can be exciting for a company, optimizing them for specific environments can put a stress on already limited IT resources. The need to protect, identify, and act on progressive threats can be challenging for even the most experienced security teams. Cylance Consulting’s proven methodologies ensure maximum value and security are achieved as quickly as possible with little to no disruption to systems or vital processes.

That’s where ThreatZERO Services can help. Cylance Consulting experts provide a refreshing mix of technological expertise and personalized white glove service to optimize CylancePROTECT and CylanceOPTICS™ and move environments into prevention while providing measurable results of progress throughout the process.

Benefits:

Service Overview

Facilitated through a dedicated Engagement Manager, ThreatZERO Services provide a collaborative environment to assist clients in optimizing the installation, reviewing best practices, delivering training, supplementing internal resources, and receiving expert guidance in mitigating any risks that are identified. The phases of a ThreatZERO Services engagement include:

CylancePROTECT

At the conclusion of the engagement, clients are brought to a state of zero active threats and can move into a state of prevention.

CylanceOPTICS

• Console setup
• Build InstaQueries
• Configure rules and actions utilizing the Context Analysis Engine
• General best practice and interface navigation

ThreatZERO Add-ons

ThreatZERO Resident Expert
This low-cost solution provides a dedicated, on-site administrator to support unique security requirements and help shut down critical incidents in less time.

Managed Prevention
An ongoing care strategy that assesses and remediates issues, and ensures maximum security and continued return on investment.

ThreatZERO Assurance
Assists existing ThreatZERO clients in re-establishing their prevention status and maintaining that status moving forward through monthly/quarterly checks.

ThreatZERO Training Services
Learn to maintain ThreatZERO status and respond to threats in the environment utilizing best practices.

ThreatZERO + Compromise Assessment:

Discover Critical Unknowns Lurking in Systems

Many organizations assessing their security posture may be unaware of the overall state of their environment, that they have been breached, or that credentials are being misused. Cylance Consulting can help these organizations conclusively determine if their network has been compromised.

ThreatZERO + Compromise Assessment was designed to help organizations discover critical unknowns that may be lurking in systems, waiting to be the source of a future compromise. Using artificial intelligence with proven methodologies, Cylance Consulting experts quickly determine if an environment has been the victim of a security breach and if sensitive data has been exfiltrated from your networks.

Benefits

• Conclusively determine if there has been an existing, undetected compromise
• Learn if user credentials have been stolen or misused
• Identify any potentially unwanted programs that may have been used maliciously on your network
• Quickly identify and remediate any issues identified with actionable data for improvement
• Move networks into a state of prevention

Service Overview

With ThreatZERO + Compromise Assessment, organizations will receive:

• AV Rip and Replace
• Operationalization of and CylancePROTECT and CylanceOPTICS
• Delivery and full review of the ThreatZERO HealthCheck Report
• Policy review showcasing best practices, suggested modifications, and further recommendations to establish prevention status
• Full malware status review during which threats are identified
• Full review of potentially unwanted programs (PUPs)
• Full review of memory exploit attempts and exclusions
• Full review of script control events and exclusions
• Thorough review of deployed agent version and update statuses
• Thorough review of new product features and upgrades

Additionally, the Compromise Assessment analyzes and addresses core problems such as:

• Data exfiltration and sabotage
• Command and control activities
• User account anomalies
• Malware and persistence mechanisms
• Network, host, and application configurations

Shortly after beginning the project, clients will be positioned into a preventative posture to prevent future threats and minimize the need to respond to incidents.

How confident are you in knowing whether or not your organization has been compromised? Contact Cylance Consulting or your technology provider about ThreatZERO + Compromise Assessment.

Managed Prevention:

Maintain Your Prevention Status

Cylance believes that every great product should be backed by outstanding technical support. Leveraging ThreatZERO Services with CylancePROTECT brings organizations to a zero-threat level and moves environments into a state of prevention. Unfortunately, as new endpoints or applications are added, new CylancePROTECT features or agent versions are released, or technology refreshes occur, an environment’s prevention status may become degraded.

To ensure environments never fall too far out of prevention, ThreatZERO Maintenance Plans provide an ongoing care strategy that assesses and remediates any issues that arise, providing maximum security and continued return on investment.

Benefits

• Provides awareness of the prevention status of the CylancePROTECT environment
• Address new malware and PUP threats
• Review memory exploit and script control features
• Maintain agent status and versioning
• Understand and enable new features
• Environments remain in a state of prevention

Service Overview

ThreatZERO Maintenance Plans offer:

• Generation, delivery, and full review of the ThreatZERO HealthCheck Report
• Policy review showcasing best practices, suggested modifications, and further recommendations to re-establish prevention status
• Full malware status review during which threats are identified
• Full review of potentially unwanted programs (PUPs)
• Full review of memory exploit attempts and exclusions
• Full review of script control events and exclusions
• Thorough review of deployed agent version and update statuses
• Thorough review of new product features and upgrades

Clients are brought back to a state of zero active threats, and prevention is re-established.

Available Plans

ThreatZERO Maintenance Plans are available for either monthly or quarterly status checks.

• Managed Prevention combines ThreatZERO (Foundational) Services with a monthly/quarterly maintenance subscription (intended for new CylancePROTECT clients)
• ThreatZERO Assurance assists existing ThreatZERO clients in re-establishing their prevention status and maintaining that status moving forward through monthly/quarterly checks

Ensure your environment remains in a state of prevention by maintaining your prevention status. Contact Cylance Consulting or your technology provider for details on ThreatZERO Maintenance Plans.

ThreatZERO Resident Expert:

Dedicated On-site Resources

Companies are driven to reduce costs and improve operational efficiencies through technological innovation. This has translated into a growing number of IT projects on which success or failure can hinge on the ability to complete these projects on time, within budget, and to specification. For customers with complex environments or minimal staff to manage an implementation or lengthy rollout process, the process can be overwhelming for even the most experienced security team.

That’s where ThreatZERO Resident Expert services can help. When customers hire a Resident Expert, they get a long-term, highly-trained staff augmentation resource to deploy, manage, and operationalize CylancePROTECT and CylanceOPTICS™ - helping them get to a state of prevention.

Benefits

• Provides dedicated long-term on-site staff augmentation
• Highly trained expert implements best practices tailored to specific environments
• Frees up internal resources to manage other projects
• Expedites product deployment and ensures immediate ROI
• Mitigates risk immediately and brings environment to a state of prevention
• Long-term solution strategy and maintenance

Service Overview

A ThreatZERO Resident Expert provides:

• On-site consulting
• Project planning and engagement management
• Deployment and configuration
• Legacy AV rip and replace
• Best practices knowledge transfer and training
• Handling of all malware
• Handling of all potentially unwanted programs (PUPs)
• Weekly implementation progression review meetings
• Policy and zone development
• Movement to Auto Quarantine mode
• Memory protection and exclusion development
• Script and application control
• Full operationalization of CylancePROTECT and CylanceOPTICS
• Augmentation of existing security staff to support prevention and threat hunting operations
• Review and implementation of solutions to critical security use cases within the environment

Once the organization has achieved protection status, the Resident Expert will provide the expert staffing needed to maintain a state of prevention through:

• Weekly technical and executive status briefing and trending report delivery
• Solution operational support
• Product optimization and ongoing security recommendations
• Troubleshooting and on-site support
• Management of CylancePROTECT and CylanceOPTICS software upgrades
• Operationalization of new features

Ensure your environment stays in a state of prevention with dedicated on-site resources. Contact Cylance Consulting or your technology provider for details.

Documentation:

Download the BlackBerry Cylance ThreatZERO™ (Foundational) Datasheet (.PDF)

Download the BlackBerry Cylance ThreatZERO™+ Compromise Assessment Datasheet (.PDF)

Download the BlackBerry Cylance ThreatZERO™ Maintenance Plans Datasheet (.PDF)

Download the BlackBerry Cylance ThreatZERO™ Resident Expert Datasheet (.PDF)