Cylance

Cylance, now part of Arctic Wolf following its acquisition from BlackBerry, is a cybersecurity company that pioneered the use of artificial intelligence (AI) and machine learning for proactive threat prevention. Its core mission has been to protect every computer, user, and object by stopping cyberattacks before they can execute. Cylance aims to revolutionize cybersecurity by moving beyond traditional reactive approaches, focusing instead on predictive analytics to identify and block both known and unknown malware, including zero-day threats and fileless attacks.

Cylance’s goal is to provide a high level of security with minimal system impact, eliminating the need for frequent signature updates that are common with legacy antivirus solutions. The company has focused on delivering endpoint security solutions that offer automated threat detection, prevention, and response capabilities. Market reputation highlights Cylance as an innovator in AI-driven endpoint protection. While it has faced challenges maintaining market share against larger competitors and gone through ownership changes, its technology is recognized for its effectiveness in preventing breaches and its low false positive rate.

Offerings, Capabilities, and Integrations

Cylance, a business unit of BlackBerry, provides a full spectrum of predictive threat prevention and visibility solutions across the enterprise. Its core strength lies in leveraging artificial intelligence (AI) and machine learning to proactively prevent cyber threats, including malware, ransomware, and zero-day attacks, before they can execute. This prevention-first approach, analyzing files at the DNA level, distinguishes Cylance from traditional signature-based or reactive security methods and aims to reduce the time and resources spent on incident response. Cylance’s technology is designed for minimal system impact and simplified security management. Cylance integrates its solutions with various third-party services and platforms, including ConnectWise Automate for managed service providers (MSPs), Securonix for SIEM capabilities, and Thycotic for privilege management, enhancing operational efficiencies and providing a more comprehensive security posture for its users. It also supports integration with MDM solutions like Microsoft Intune and identity providers like Okta. These capabilities allow Cylance to offer scalable solutions adaptable to evolving threat landscapes for diverse IT environments, including public cloud, private cloud, and air-gapped networks.

Products and Services

Cylance offers a suite of AI-driven cybersecurity products and services designed for endpoint protection. Its flagship products are CylancePROTECT and CylanceOPTICS.

• CylancePROTECT: This is a next-generation antivirus (NGAV) and application control solution that uses AI and machine learning to predict and prevent malware, ransomware, viruses, bots, and zero-day attacks from executing on endpoints in real-time. It is designed to operate without signatures, a cloud connection, heuristics, or sandboxes, analyzing files at their core to determine if they are malicious. CylancePROTECT offers versions for desktops (Windows, macOS, Linux) and mobile devices (iOS, Android, Chrome OS). It also includes features for script management and device policy enforcement.
• CylanceOPTICS: An endpoint detection and response (EDR) solution that complements CylancePROTECT. CylanceOPTICS uses AI to identify and prevent security incidents by providing context-driven threat detection, on-demand root cause analysis, enterprise-wide threat hunting, and automated playbook-driven responses. It aims to reduce dwell time and the impact of potential breaches.
• CylanceGUARD: A 24×7 managed detection and response (MDR) service that leverages CylancePROTECT and CylanceOPTICS, supported by a team of BlackBerry Cylance incident responders and prevention experts. It provides actionable intelligence and proactive threat hunting.
• CylanceHYBRID and CylanceON-PREM: These are deployment options for CylancePROTECT designed for organizations with restricted networks, low-bandwidth internet, private clouds, or air-gapped environments. CylanceHYBRID routes communications through a single connection with locally stored threat models, while CylanceON-PREM allows for deployment on completely isolated infrastructures.
• Cylance Smart Antivirus (formerly CylancePROTECT Home Edition): An AI-driven antivirus solution for consumer use on personal Windows and Mac devices, extending enterprise-grade protection to employees’ home networks.
• ThreatZERO: A service where BlackBerry Cylance experts assist with the onboarding and operationalization of CylancePROTECT and CylanceOPTICS to optimize them for a prevention-focused security posture.
• Cylance Endpoint Security: An overarching AI-powered solution for Zero Trust across devices, networks, apps, and people, encompassing products like CylancePROTECT and CylanceOPTICS.

Target Customers

Cylance targets a broad range of customers, from small and medium-sized enterprises (SMEs) to large enterprises, including Fortune 100 and Fortune 500 companies. Its solutions are also utilized by government agencies, financial institutions, healthcare providers, educational institutions, and technology companies. Cylance particularly caters to organizations seeking advanced, AI-driven threat prevention that requires minimal system resources and offers simplified management. Managed service providers (MSPs) and managed security service providers (MSSPs) are also key partners and customers, leveraging Cylance’s products to offer enhanced security services to their own clients, especially in the midmarket and SMB segments. Organizations with strict privacy requirements or those operating in hybrid or isolated network environments can benefit from specific deployment options like CylanceHYBRID and CylanceON-PREM. Ultimately, Cylance aims to serve any organization looking to shift from a reactive to a proactive, prevention-first cybersecurity posture.

Cloud Integrations and Marketplaces

Cylance, as a part of BlackBerry, offers cloud integrations and has a presence on major cloud marketplaces for its AI-driven cybersecurity products.

• AWS Marketplace: CylancePROTECT, an AI-driven endpoint protection solution, is available on the AWS Marketplace. This allows customers to procure and deploy Cylance technology for Windows, Mac, and Linux instances, including Amazon Linux. The CylanceGATEWAY Connector can also be installed in an AWS environment using an AMI from the AWS Marketplace. BlackBerry has expanded its offerings on AWS to include other solutions like BlackBerry Radar, alongside CylancePROTECT. CDW also lists Cylance as a solution that can be procured through its AWS Marketplace Consulting Partner Private Offer program.
• Microsoft Azure Marketplace: BlackBerry Cylance AI-driven cybersecurity solutions are available on the Microsoft Azure Marketplace. This includes CylancePROTECT, which can be integrated with Microsoft Entra ID for user access management and single sign-on. BlackBerry also offers other enterprise software like BlackBerry AtHoc, BlackBerry UEM, and BlackBerry Workspaces on Azure. The Blackberry CylancePROTECT solution can connect its logs with Microsoft Sentinel, utilizing the Syslog solution.
• Google Cloud Marketplace & Integrations: While a direct listing for “Cylance” on the Google Cloud Marketplace was not found via the provided link, BlackBerry Cylance has integrated CylancePROTECT and CylanceOPTICS with Chronicle Backstory, a Google Cloud-based security platform. This integration combines endpoint protection, detection, prevention, and response capabilities with Google Cloud’s security analytics. Cylance also has an integration with Google Security Operations SOAR.
• Other Cloud-Related Integrations: CylancePROTECT and CylanceOPTICS can be integrated with various third-party services, some of which are cloud-based or have cloud components. These include SIEMs and security analytics platforms like Splunk (which can be purchased on AWS Marketplace), Barracuda XDR, Blumira, Sophos Central, and Rapid7 InsightIDR. Cylance Endpoint Security also supports integrations with MDM solutions like Microsoft Intune and identity solutions like Okta. Oomnitza offers an integration to pull asset data from CylancePROTECT, which can be configured for cloud credential storage.

Key People

• Chief Executive Officer and President of its Cybersecurity division, BlackBerry: John Giamatteo
• Senior Vice President of Cylance data science and engineering, BlackBerry: Shil Sircar
• Vice President of threat research and intelligence, BlackBerry: Ismael Valenzuela
• Senior Vice President, Chief Information Officer and Chief Information Security Officer, BlackBerry: Jesse Harold

Key Facts

• Headquarters Location: Irvine, California, United States.
• Number of Employees: Various figures are reported across different sources and timeframes. One source from December 2022 indicated 764 employees. Another source from 2019 mentioned 900 employees before the BlackBerry acquisition. A more recent, undated source lists 187 employees. Another undated source lists 148. Given the recent acquisition by Arctic Wolf, the current number specifically for Cylance as a distinct unit may have changed. BlackBerry, the former parent company, had 2,647 employees in 2024.
• Annual Revenue: One source estimated annual revenue at $41 million per year. Another source mentioned $189 million in 2021. In 2019, Cylance’s annual recurring revenue was approximately $170 million. BlackBerry’s total revenue for fiscal year 2025 was $534.9 million. Revenue for Cylance specifically within BlackBerry was reported as $19 million for the quarter ending November 30, 2024 (this seems to be a quarterly figure, not annual).
• Parent Company: Arctic Wolf.
• Subsidiary Companies: None.
• Publicly Listed: No, Cylance was acquired by BlackBerry in February 2019 and subsequently acquired by Arctic Wolf, a privately-held company, with the deal closing in February 2025. BlackBerry (the former parent company) is publicly traded (TSX: BB; NYSE: BB).

Analyst Recognition

Cylance, primarily through its parent company BlackBerry, has been recognized by several major analyst groups, particularly for its endpoint security and unified endpoint management (UEM) solutions. The acquisition of Cylance by BlackBerry in 2019 means that many recent recognitions refer to BlackBerry Cylance or BlackBerry incorporating Cylance technology.

• Gartner:
  • BlackBerry, with its CylanceENDPOINT™ platform, was named a 2024 Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection Platforms (EPP). This recognition was based on customer reviews and ratings for product capabilities, sales experience, deployment experience, and support.
  • In earlier years, Cylance was recognized as a ‘Visionary’ in the Gartner Magic Quadrant for Endpoint Protection Platforms in 2016 and 2017, noted for its innovative use of artificial intelligence and machine learning in threat prevention. In the 2018 Magic Quadrant for Endpoint Protection Platforms, Cylance was also positioned as a Visionary.
  • More recently, a 2023 Gartner Magic Quadrant for Endpoint Protection Platforms noted that BlackBerry (Cylance) was excluded that year for not meeting updated EPP market definition inclusion criteria.
• Forrester:
  • In 2023, Forrester recognized BlackBerry, which utilizes its AI-based Cylance cybersecurity portfolio, as a Zero Trust platform vendor in its “Zero Trust Platforms Landscape, Q2 2023” report. BlackBerry’s CylanceEDGE™ is highlighted for enabling and protecting hybrid workforces and monitoring/securing network traffic.
  • In 2022, BlackBerry Cylance was identified as one of the 15 most significant endpoint detection and response (EDR) providers in “The Forrester Wave™: Endpoint Detection And Response Providers, Q2 2022”.
  • In 2020, BlackBerry Cylance was named a Contender in “The Forrester Wave™: Enterprise Detection And Response, Q1 2020”.
  • In 2019, Forrester named BlackBerry Cylance Consulting a Strong Performer in “The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2019”.
  • In 2018, Cylance was listed as a Strong Performer in “The Forrester Wave™: Endpoint Security Suites, Q2 2018”. Cylance was also included as one of the 15 most significant endpoint security suite providers in “The Forrester Wave™: Endpoint Security Suites, Q4 2016”.
• IDC:
  • In the 2024 “IDC MarketScape: Worldwide UEM Software for Apple Devices” and “IDC MarketScape: Worldwide Client Endpoint Management Software for Windows Devices,” BlackBerry, leveraging Cylance technology within its UEM solution, was positioned in the Major Players category.
  • In 2022, BlackBerry was named a ‘Leader’ in the “IDC MarketScape: Worldwide UEM Software 2022 Vendor Assessment” and the “IDC MarketScape Worldwide UEM Software for Ruggedized/Internet of Things Device Deployments”. These reports acknowledge the role of BlackBerry’s Cylance cybersecurity products in conjunction with its UEM offerings.
  • In 2021, BlackBerry was positioned in the Contenders category in both the “IDC MarketScape for Modern Endpoint Security for Enterprises” and the “IDC MarketScape for Worldwide Modern Endpoint Security for Small and Midsize Businesses”. These reports note BlackBerry’s entrance into Modern Endpoint Security (MES) through its acquisition of Cylance.
  • IDC has also commented on CylanceMDR Pro, BlackBerry’s managed detection and response service, noting the benefits of its AI-powered Open XDR platform.
• Everest Group:
  • Specific recognitions for Cylance or BlackBerry Cylance by Everest Group were not prominently found in the search results.

It is also important to note that in late 2024, Arctic Wolf announced a definitive agreement to acquire the Cylance endpoint security assets from BlackBerry. This development may influence future analyst recognitions.