BlackBerry has launched BlackBerry Optics 3.0, its next-generation cloud-based endpoint detection and response (EDR) solution and BlackBerry Gateway, the company’s first AI-empowered Zero Trust Network Access (ZTNA) product.
Rooted in a prevention-first and AI-driven approach, BlackBerry says it’s new endpoint and network security capabilities will help differentiate BlackBerry’s extended detection and response (XDR) strategy.
According to Forrester, “XDR unifies EDR with other security and business tooling. EDR gives granular visibility and provides precise response actions for endpoints. However, it lacks visibility and response actions for other parts of the business, like non-endpoint related network telemetry, email behaviours, and cloud environments, leaving security analytics to pick up the slack. XDR provides needed visibility and control to other parts of the business through integrations that combine EDR data with other types of telemetry.”
The new cloud-native architecture and Advanced Query capability that underpins Optics 3.0 is integral to BlackBerry’s XDR strategy. With Optics 3.0, Edge AI threat detection and automated response capabilities execute directly on the endpoint device so an incident can be mitigated in near real-time. The resulting telemetry, alert, and forensic data gets stored in the cloud data lake along with non-endpoint related telemetry data. Security professionals can then query and analyse the multiple source of telemetry data to gain greater visibility and context into an organization’s security environment.
BlackBerry Gateway marks the company’s entry into ZTNA for both SaaS and on-premises applications. Built with a “Prevent First and Protect First” approach, Gateway’s Zero Trust architecture helps organizations reduce network access risk by assuming every user, endpoint, and network is potentially hostile until identity is authenticated. As the company builds out its XDR architecture, Gateway would provide ZTNA telemetry data that would be added to the cloud data lake.
BlackBerry Gateway is a Zero Trust Network Access (ZTNA) solution that mitigates the additional security vulnerabilities created by supporting mobile and remote workers. Trying to pre-emptively verify and protect all possible combinations of home office technology before allowing it on the business network is not viable.
By implementing an AI-empowered Zero Trust framework, BlackBerry Gateway uses continuous authentication to ensure only secure and trusted devices access business resources. Every home office device or app may not be secure, but each one connecting to the business environment must prove their trustworthiness to receive access.
BlackBerry Gateway differs from a VPN in the way it grants access to business resources. A VPN authenticates to a network, offering successful attackers broad access to the environment. Instead, BlackBerry Gateway grants access to an app and offers no greater visibility into the network, drastically reducing the attack surface.
The continuous authentication capabilities of BlackBerry Gateway also differentiate it from the VPN approach. VPNs take a static approach to authentication and authorization. Once an entity passes the initial verification process, VPNs declare them safe for the duration of their connection.
BlackBerry Gateway continuously authenticates external actors. It looks at multiple factors, including user behaviour, device trustworthiness, and
“We are delighted to see our vision for an extended detection and response architecture take shape,” said Billy Ho, EVP of Product Engineering, BlackBerry.
“Traditional endpoint security alone is not enough to tackle the sophisticated threat landscape. Our end-to-end approach to cybersecurity is deeply rooted in Cylance AI and ML to provide enhanced visibility and protection against current and future cyberthreats.
As part of our XDR roadmap, we will continue to add new products and additional sources of security telemetry, such as user behaviour, identity, network, data, application, and cloud to the Optics 3.0 cloud data lake. This will enable data correlation, automated workflows, automated threat hunting, to enable more efficient and effective detection and response.”
BlackBerry Gateway, when integrated with the BlackBerry Protect advanced AI-powered endpoint security product, provides a comprehensive defence against threats targeting devices, networks, and user identity. BlackBerry Protect leverages AI to prevent known, unknown, and zero-day threats, while BlackBerry Gateway ensures business networks are only accessed by trusted and healthy devices.
BlackBerry’s a cloud-native BlackBerry Optics provide visibility, on-device threat detection and remediation across your organization. In milliseconds. Their EDR approach effectively and efficiently hunts threats while eliminating response latency. It’s the difference between a minor security event—and one that’s widespread and uncontrolled.
BlackBerry’s EDR approach is based on three pillars:
BlackBerry Optics applies all detection and response logic at the endpoint, and stores the resulting telemetry, alert, and forensic data in the cloud for off-line analysis.
Intelligent Edge AI
Artificial intelligence (AI), machine learning (ML), and context-driven threat detection rules identify security breaches and trigger automated responses that reduce mean time to detection (MTTD) and mean time to remediation (MTTR).
BlackBerry Optics facilitates threat hunting and root cause analysis by providing analysts with seamless access to correlated and contextualized endpoint data.
BlackBerry Optics Capabilities
Automated forensic events logging
Custom detection rules
Integrated MITRE ATT&CK
Secure remote response
Private Network Visibility
Advanced Scripting Visibility
Deep Insight 30-day retention, included
Deep Insight 90-day, 365-day retention, available
BlackBerry Optics 3.0 will be available in Q2’21 and BlackBerry Gateway is available in May 2021.