Dave CundiffSenior Director, CylanceGUARD

The Dilemma of Combatting Threats

Alert Fatigue Sophisticated and Evolving Attacks

Skills and Resource Gaps

Network Economics

10%SPECIFIC TO A CUSTOMER’s EVENTS99% of these can be classified as GOOD

ONLY 1%NEED TO BE INVESTIGATED

Which means..

A situation in which a business will benefit through the feedback provided by those who use the product or service.

COMMON SECURITY EVENTS

Why waste time investigating

90%

ONLY .1%NEED YOUR ATTENTION

The majority of events are common across customers.

What is Needed

MOBILITY

We are concerned busy security analysts won’t see alerts due to the volume of email the receive.

We don’t expect our customers to sit glued to a monitor 24X7X365.

Our customers don’t have that kind of time.

MOBILE WARNING

WORKFLOWVISIBILITY

VISIBILITY

Time is of the essence. Need to eliminate where an alert is sent but no one responds.

What is CylanceGUARD

Analyst and Threat Hunters

A 24X7 managed detection and response offering Transparent portal interaction Mobile flexibility

A solution to handled sophisticated and evolving attacks, alert fatigue, and our customers skill or resource gaps

A combination of several technologies and skilled resources to provide our customers a managed solution for prevention

Analyzes and prioritizes Automates analyst and incident

engagement

Proactive alerting at the fingertips Context to streamline investigation Customer interaction with triage and

response

Skilled Cylance Hunting Experts Prevent zero-day threats

Threat Validation and Triage

Mobile Warning and Interaction

Optics and Visibility

CylanceGUARD Components

ThreatZERO Prevention Expertise Prevent 99.9% of software

related threats

MOBILE WARNING

ONGOING PREVENTION

VALIDATE & TRIAGE

USER PORTAL

ThreatZERO

Triage

Mobile

Hunting

Cylance GUARDPortal

24x7 User Interaction

24x7 Threat Hunting

Email Alerts

Mobile Alerts and Escalation Management Proactive Threat Hunting 24X7

(Alert, Intelligence, and Methodology Hunting)

Proactive Outreach forCritical Alerts

Quarterly Prevention Review (Ongoing review withCylance experts)

CylanceGUARD Reports (Monthly Reports on Activityand Threat Landscape)

Access to GUARD Analysts (Incident ResponseGuidance and Strategy)

CylanceGUARD

CylanceGUARD Advanced

CylanceGUARD Tier Comparison

CylanceGUARD provides a foundation.

CylanceGUARD Advanced is a comprehensive solution that meets an organization needs for threat hunting.

Both offerings leverage the pre-execution abilities of CylancePROTECT and the post-execution of monitoring and blocking associated with CylanceOPTICS.

ThreatZERO Configurationand Assurance (Including Cylance Product On-boarding)

Defined SLAs for CriticalAlerts

CylanceGUARD

Capability Comparison Competition Cylance

Security Device Management (Firewall, SIEM, etc.)

Security Device Monitoring (alert forwarding)

Automated Alert Processing

24X7 monitoring by Cybersecurity Analysts

Advanced Threat Detection and Hunting

Security Alert Investigation and Notification performed by Security Analyst

Service Level Agreement for Alert Response

Analyst will proactively respond (isolate, whitelist, etc.)

Security Orchestration and Automation and Response

Alert Notifications include short and long term recommendations

Transparent view to rules, comments, audit logs and metrics

Native iOS and Android applications for alert investigation and collaboration

Multi-Tenant so customer can have multiple organizations with centralized parent

Prevention First Approach Disrupts the Kill chain

MDR/ EDR are Reactive by Nature

Transparency of Activity Event Reduction Efficacy and Visibility

into the Workflow

Clear Knowledge of MTTD (Mean Time to Discovery) and MTTR (Mean Time to Response)

How We Do It Better Mobile Application Security Convenience Orchestration Capability

Customer specific workflow

Event reduction to focus on critical alerts

Package Deployment Advanced Threat Hunting

Intelligence

Methodology

Compliance and Privacy CylanceGUARD will be available world-wide but data

sets and analysts will reside in the U.S. initially.

The initial offering will have English-speaking analysts only.

Expansion is planned for future data centers and analyst residence in other regions (i.e. Europe, APAC, etc.).

Individual country and state regulations must be considered when selling this offering

Cylance AI Platform SolutionsBelow are the list of packages for the Endpoint solutions offered by Cylance.

LEVEL OF PACKAGE SOLUTION - CURRENT DESCRIPTION

EDR Solution, Total Endpoint Security Solution

Premium Protect + Optics + Guard Advanced One SKU (1 or 3 year Options)

Standard Protect + Optics + Guard One SKU (1 or 3 year Options)

Basic Protect + Optics + ThreatZERO Managed Prevention

Multiple Sku Solution

NGAV Solution

Premium Protect + ThreatZERO Managed Prevention Multiple SKU Solution

Standard Protect + ThreatZERO Foundational Multiple SKU Solution

Basic Protect Single SKU Solution

Best

Good

CylanceGUARD Service Descriptions

Triggering events from CylancePROTECT and CylanceOPTICS products initiate an alert to be followed up on by a CylanceGUARD analyst.

Customers receive alert email notifications based on escalation tiers defined during the onboarding process.

Customers receive mobile alert notifications using the CylanceGUARD iOS or Android application and can interact with analysts through defined escalation tiers.

Leverages Cylance technological expertise and personalized, white glove service to optimize Cylance security solutions.

ThreatZERO Configuration and Assurance

Email Alerts

24x7 Threat Hunting

Mobile Alerts and Escalation Management (iOS, Android)

CylanceGUARD Advanced Service Descriptions

Threat hunting occurs using various different methods including Alert based, intelligence, and methodology leveraging proven methods that identify potential attacks, data exfiltration, unauthorized access or other potential vectors of compromise in the environment.

Access to Cylance professionals to enhance a security teams’ response and hunting operations by providing guidance and expertise when needed.

Monthly reports on activity and threat landscape.

Ongoing review with our ThreatZERO experts providing the insight and knowledge required to obtain and maintain a state of prevention.

In the event of a critical alert, CylanceGUARD Analyst follows up with a proactive phone notification 24X7 to ensure the customer is aware of a potential threat.

Access to Analysts for IR Guidance and Strategy

Proactive Threat Hunting 24X7 (Alert, Intelligence, and Methodology Hunting)

Quarterly Prevention Review

CylanceGUARD Reports

Proactive Outreach for Critical Alerts

CylanceGUARD Advanced Service Descriptions

Leverages a fixed set of defined SLAs including security event investigation, median incident resolution time, failed email security event receipt notification, and GUARD monthly report.

Leverages Cylance technological expertise and personalized, white glove service to optimize Cylance security solutions.

Customers receive mobile alert notifications using the CylanceGUARD iOS or Android application and can interact with analysts through defined escalation tiers.

Customers receive alert email notifications based on escalation tiers defined during the onboarding process.

Triggering events from CylancePROTECT and CylanceOPTICS products initiate an alert to be followed up on by a CylanceGUARD analyst.

Defined SLAs for Critical Alerts

ThreatZERO Configuration and Assurance

Mobile Alerts and Escalation Management (iOS, Android)

Email Alerts

24x7 Threat Hunting

The Cylance Prevention Platform

TechnologyUses AI to deliver prevention

Holistic Embedded Program

Preventative Consulting Services

CylancePROTECTAI-threat prevention

Security ServicesSecurity optimization,

assessments, and management

CylanceOPTICSAI-incident prevention

Delivering Prevention-Based Security Solutions

THREATZERO™

INDUSTRIAL CONTROL SYSTEMS

EDUCATION

IoT /EMBEDDED SYSTEMS

RED TEAMSERVICES

INCIDENT CONTAINMENT& FORENSICS

STRATEGIC SERVICES

Creation of Integrated Practice Areas

Best in Class Security Authorities

Dedicated Engagement Manager

Customized Solutions

Global Coverage with Local Attention

Portal Dashboard

Portal Alerts

Portal Reports

Portal Orchestration Filters

Portal Orchestration Lists

Portal Orchestration Feeds

Portal Notifications

Mobile Dashboard

Mobile Alerts

Mobile Alert Detail

Mobile Audit Logs

Mobile Comments

Mobile Alert Escalation

Mobile Saved Searches

Mobile Notifications