Details on Cylance Offering

 

Tier 1 Offering – PREVENTION

This entry level Cylance offering is designed to provide AI prevention from malicious malware.

- Full Licensing, Training and Support for CylancePROTECT

  • Support available Mon-Fri 8:00am to 8:00PM EST

- Set up of individual Cylance Tenant, with 24x7 administrative access

 

Tier 2 Offering – PREVENTION/EDR/BASIC SOC SERVICES

This mid-tier Cylance offering is designed to provide AI prevention, EDR detections, and Security Operation Center services.

- Full Licensing, Training, and Support for CylancePROTECT & CylanceOPTICS

  • Support available Mon-Fri 8:00am to 8:00PM EST

- Set up of individual Cylance Tenant, with 24x7 administrative access

- SOC Services

  • Our AI driven SIEM analyzes the Cylance logs from your Cylance tenant
  • Our aiSIEM will generate alerts for our SOC Analysts based off pre-defined attack surfaces
    • - These include malware being quarantined, abnormal amount of quarantines in a 30min period, specific tools, etc.

      - If an alert is generated one of our SOC Analyst will triage the incident to determine if further action is needed

        • If we find there is suspicious, abnormal, or malicious activity we will contact you with our findings
        • We will provide guidance on our recommendation on starting your remediation
  • Monthly reporting of duplicate entities within your portal
  • TPF Report Cards twice a month that report on best practice compliance within your Cylance implementation
 

Tier 3 Offering – PREVENTION/ADVANCED EDR/ADVANCED SOC SERVICES

This all-inclusive Cylance offering is designed to provide AI prevention, customized EDR detections/responses, and advanced Security Operation Center services.

- Full Licensing, Training, and Support for CylancePROTECT & CylanceOPTICS & aiSIEM

  • Unlimited Support 24x7

- Set up of individual Cylance Tenant, with 24x7 administrative access

- Direct 24x7 access to aiSIEM Console

- SOC Services

  • Our AI driven SIEM analyzes the Cylance logs from your Cylance tenant
  • Our aiSIEM will generate alerts for our SOC Analysts based off pre-defined attack surfaces

      - These include malware being quarantined, abnormal amount of quarantines in a 30min period, specific tools, etc.

      - If an alert is generated one of our SOC analysts will triage the incident to determine if further action is needed

      • If we find there is suspicious, abnormal, or malicious activity we will contact you with our findings
      • We will provide guidance on our recommendation on starting your remediation
    • - These alerts will also be delivered directly to an alias of your choice

  • Monthly reporting of duplicate entities within your portal
  • TPF Report Cards twice a month that report on best practice compliance within your Cylance implementation

- Active Ready Response

  • Validate if further action is needed based of a Cylance alert

    - Case 1: ARR validates the machine is clean and no further action is needed

    - Case 2: ARR finds footholds in the environment (that caused the Cylance alert) that require quarantining of the endpoint to prevent further propagation.

- Custom OPTICS Rules developed by Solutions Granted, Inc engineers

- We will maintain 1-year worth of Cylance logs for you and your customers (available upon request)

  • This is key to adhere to compliance requirements that mandate you must maintain logging from your AV

“Security is not our job, it is our responsibility!”

Michael Crean, CEO, Solutions Granted, Inc