?

Cylance Sandbox

Bookmark
6 people launched
Solution Overview
WWT's Cylance Lab exists to provide a sandbox environment that can be used to evaluate the Cylance solution suite across a wide variety of endpoints, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux, with which to test the efficacy of these tools using benign, non-weaponized malware. 
 
Cylance uses artificial intelligence (AI) to deliver security solutions that change how organizations, governments and end users approach endpoint security. Cylance’s security solutions combine AI-driven predictive prevention with dynamic threat detection and response to deliver full-spectrum threat prevention and threat visibility across the enterprise. 
 
Cylance’s next-generation antivirus product, CylancePROTECT, delivers industry-leading malware prevention powered by AI, combined with application and script control, memory protection and device policy enforcement to prevent successful cyber attacks. 
 
Augmenting CylancePROTECT prevention, CylanceOPTICS is an endpoint detection and response (EDR) component that enables easy root cause analysis, threat hunting and automated threat detection and response. Unlike other EDR products that require organizations to (a) make a significant investment in on-prem infrastructure and/or stream data continuously to the cloud, and (b) employ highly skilled security resources, CylanceOPTICS is designed to automate threat detection and response tasks using existing resources.
 
You will access the environment using a Windows-based jumphost from which you can browse web consoles, open RDP/SSH sessions, etc. See topology diagram above and to the right.

Goals & Objectives

Lab Details

  • Platform access: http://login.cylance.com
  • Platform credentials: atcdemo-esa@wwt.com/ WWTwwt1!
  • Windows credentials: administrator / WWTwwt1!
  • Linux credentials: root / WWTwwt1!

Hardware & Software

This lab consists of the following hardware and software: 
 
Software 
  • No security software included in this lab.
 
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016).
  • 1x Generic Server (Windows Server 2012).
  • 1x Generic Server (Windows Server 2016).
  • 1x Generic Server (Red Hat Enterprise Linux 7).
  • 1x Generic Server (CentOS 7).
  • 1x Generic Server (Solaris 11).
 
Client Devices 
  • 1x Attack Client (Windows 10 Enterprise).
  • 1x Generic Client (Windows 7 Enterprise).
  • 1x Attack Host (Kali Linux 2018).

Technologies