CylanceProtect AI Antivirus

• Is installed on all endpoints (consumes less than 1% of CPU)
• Uses a mathematical formula and artificial intelligence to determine whether or not the application/service that is being requested to be consumed by the end user is safe or not

Protect analyzes the executable (in less than 100 milliseconds) to determine if the application is trying to infect the endpoint with malware. Protect has many benefits, including:

• It’s different than sandboxing where the application is sent to a sandbox and detonates….and then FireEye triages the executable after the detonation to see if the software code is trying install malware
• The solution sits in line, analyzes the executable before it can go into effect, and if the executable is deemed malicious,it’s quarantined
• Protect is able to identify malware that is cleverly obfuscated

Protect + App Control:

This solution provides all of the benefits of Protect but is paired with App Control, a whitelisting feature. Whitelisting can slow down productivity for users who are constantly consuming new applications. When they aren’t able to consume the needed application, they ask IT to fix this problem, however IT administrators aren’t malware analysts, so they aren’t in a good position to make decisions on whether or not an application is safe to use. This extra workload can bog them down quickly.

Cylance suggest that you use AppControl on devices that don’t consume new applications/services regularly (i.e. data center servers, point of sale systems, industrial control systems, ATMs, Kiosks, etc.)