BlackBerry Cylance today introduced CylancePERSONA, an AI-driven proactive user and entity behaviour analytics (UEBA) add-on to their platform that adds monitoring capabilities that identifies suspicious users in real time.
UEBA products started out as standalones aimed at larger enterprises, and some of the startups who made them have been acquired and their technology integrated into other people’s SIEMs.
CylancePERSONA adds user monitoring to the company’s expansive defense of the enterprise and augments the AI-driven prevention, detection, and response capabilities of the Cylance native AI platform. This lightweight solution combines continuous biometric behaviour and user conduct monitoring designed to identify suspicious users in real-time to prevent compromises.
“Every day, rogue insiders and external threat actors exploit valid user credentials to launch cyber attacks, so there is a clear need for organizations to ensure every user logged into their network can be trusted anytime and at all times,” said Eric Cornelius, Chief Product Officer at BlackBerry Cylance.
“CylancePERSONA addresses this challenge. With a combination of flexible initial authentication, user-centric biometrics, AI behavioral monitoring, and automated active responses, CylancePERSONA delivers a scalable, efficient, effective solution that can ensure trust of the user is continuous.”
Unlike other user monitoring solutions that rely on network traffic analysis or focus on detection without the ability to respond automatically, CylancePERSONA sensors are able to detect and score both malicious and anomalous conduct.
CylancePERSONA monitors user activity and calculates a Cylance Trust Score; if the user trust score drops below a given threshold, step-up authentication action or suspension can be automatically initiated.
“Stealing valid credentials and impersonating users are two of the most successful vectors used by attackers,” said Rob Davis, Founder and Chief Executive Officer of Critical Start.
“CylancePERSONA is the first solution to provide organizations a technology that can detect and respond to the use of stolen credentials on the endpoint—both on and off the corporate network.”
Key features of CylancePERSONA include:
- Behavioral biometric analysis: Continuous monitoring of user behavior with real-time detection of suspicious keyboard and mouse actions that could indicate an imposter.
- User conduct monitoring and analysis: Real-time monitoring of user actions with instant identification of anomalous user activity to indicate a possible remote account takeover.
- Contextual authentication analysis: Making use of previous user login activity such as location, time, or method to ensure current login attempts are valid.
- Automated user-centric response: Ability to interrupt user activity automatically upon detection of anomalous or suspicious actions with responses such as user logoff, suspended processes, and step-up authentication.
- Malicious and anomalous conduct detection: Ability to reduce false positives using baseline user activity.
- Cloud-based APIs: Enablement of zero-trust integration to third-party products using the Cylance Trust Score.
CylancePERSONA will be sold as an upsell to customers who have already bought their software, since it uses the same agent.
To learn more about CylancePROTECT® and the full potential of AI to prevent future threats, you can speak to Cylance’s experts in the North Hall of the Moscone Center at booth #6145 from March 4th-7th, 2019.