Feature and functionality parity of CylanceOPTICS for Windows and Mac with several popular Linux operating system versions including RHEL, Ubuntu, CentOS and SUSE. With this entry into the Linux computing environment, BlackBerry has extended the reach of AI-based EDR technology to cover a broader set of endpoints in both data centers and industrial environments, including servers, point of sale (POS) devices, ATM terminals, and Linux-based fixed-function devices. While endpoints are often the initial target of malware attacks, the primary target is the data on the servers, whether in financial services, e-commerce, or other enterprise applications. This growth is being further accelerated by the movement within data centers to containers. In enterprise data centers utilizing X86-based servers, Linux is a widely utilized operating system for both bare-metal machines and virtual machines within hypervisors. We are also pleased to introduce enhanced CylanceOPTICS functionality optimized for several popular Linux OS versions including RHEL, Ubuntu, CentOS and SUSE. In addition to these new solution features, BlackBerry Cylance is introducing additional enhancements to extend the power of its native AI capabilities. Enhanced PowerShell Introspection: Enables the endpoint agent to sense, analyze, and record a PowerShell event (commonly used to rapidly automate tasks that manage operating systems and processes) via Focus View, InstaQuery, or CAE detection logic.Enhanced WMI Introspection: Enables the endpoint agent to sense, analyze, and record an MS Windows Management Instrumentation event via Focus View, InstaQuery, or CAE detection logic.Private Address (RFC 1918 / RFC 4193) Space Visibility: Enables the endpoint agent to sense, analyze, and record an event originating from a private internet address on a TCP/IP network via Focus View, InstaQuery, or CAE detection logic.Windows Logon Event Visibility: Enables the endpoint agent to sense and record what has instigated a Windows Logon event, the user that logged on, by which IP address and domain it was initiated, when it was initiated, and artifacts of the initiation via Focus View, InstaQuery, or CAE detection logic.DNS Visibility: Enables the endpoint agent to sense and record what has instigated a DNS query, by which IP address and domain it was initiated, when it was initiated, and artifacts of the initiation via Focus View, InstaQuery, or CAE detection logic.Registry Introspection Enhancements: Provides increased visibility into common Windows Registry persistence points, including memory attacks via Focus View, InstaQuery, or CAE detection logic.
0 Comments
Leave a Reply. |