Skip Navigation
BlackBerry Blog

BlackBerry – A Better Approach to Cybersecurity

Which Comes First: EPP, EDR or XDR?

Recently there have been a few industry reports that have shed light – perhaps a confusing light – on BlackBerry’s cybersecurity vision. Rest assured, we are not wavering in our beliefs or slowed in our production.

In fact, we’ve doubled the size of our portfolio in the last few months alone. We’ve released a new generation (the seventh) of our Cylance® AI engine math model (although our five-year-old model prevented Darkside just fine). We’re the first to natively integrate MTD within BlackBerry® Protect for mobile devices. We launched BlackBerry® Persona for AI-powered user behavior and risk score analytics, the only solution of its kind. We announced the BlackBerry® Cyber Suite with per-user licensing flexibility for the best total cost of ownership (TCO) for our customers. We’ve announced that we offer the only MDR service, BlackBerry® Guard, that includes MTD and UEBA technology protection. And we released BlackBerry® Optics 3.0 and the all new BlackBerry® Gateway today.

We are not slowing, we are accelerating.

But with all that said, some of the industry observations are understandable. In 2020, BlackBerry finalized the integration of the Cylance product portfolio, which may have led to market and solution confusion. We also continue to pursue, encouraged by our customers but contrary to some analyst opinion, our AI-powered, prevention-first approach to cybersecurity – rather than the fix-the-breach, EDR-first approach pushed by others.

And lastly, we are taking a pragmatic and realistic approach to XDR, while some have overzealously shifted their sights to it. Allow me to elaborate on each of these.

Our Cylance AI Prevent-First Belief

At BlackBerry, we steadfastly believe that malware can be stopped. And to fight bad actors that continually evolve their techniques, and to sustain this fight for evermore, AI automation is the only root-cure. It’s the future, and it never gets tired or suffers from alert blindness. EPP-first to stop threats sooner, stop threats faster. Where an ounce of prevention is worth a pound of cure. EDR-first approaches on the other hand are time consuming for SOC teams. We believe you start with a strong hull, keep buckets handy for emergencies, but don’t start with a leaky hull.

Security-based AI is the reason we acquired Cylance, and why today the Cylance AI engine is at the core of our cybersecurity platform. The chart below shows our number of intellectual property patents relating to the application of AI to cybersecurity.1 AI allows us to work smarter, not harder.

Our Cylance AI engine executes at the edge, enabled by its tiny footprint (<1% CPU utilization) and awesome effectiveness. This Edge AI technology allows for protection when devices are offline, while users are still opening attachments and executing scripts that may contain malicious code. Who else can claim this protection? And since it operates at the edge, it executes at machine speed (50ms time to conviction), is able to protect against attacks pre-execution, and doesn't need to wait for communications to and from the cloud.

The Cylance AI engine is also the most mature in the industry, nine years in the making. Its math model is in its seventh generation, fighting against cyber attacks and protecting against unknown threats years before they become world news. Take a look at our “predictive advantage” chart below. Add DarkSide to the chart: BlackBerry Prevents DarkSide Ransomware – Years Before It Ever Existed. This is why it’s time to replace tired antivirus and out-gunned AI solutions with BlackBerry:

Our modern, prevention-first model to cybersecurity has five layers of security:

  1. BlackBerry Alert – Since you’ll be eventually impacted in some manner, it’s always best to prepare for IT outages, ransomware lockouts, and business disruptions before they happen. We are the only cybersecurity vendor that offers a solution (in SaaS or managed service forms) for critical event preparedness, communications, and first-responder team workflows.
  2. BlackBerry Protect – For our second layer, we are the de facto leader in AI protection against cyberattacks – for desktop, mobile and server – online and offline, at machine speed. We set the AI bar.
  3. BlackBerry Optics – We prevent lateral and more sophisticated attacks with this third layer. Only after all of this prevention is applied, we detect suspicious behavior and security breaches in real-time, as minutes matter. We respond quickly through AI automation and control to effectively protect business and mitigate risks.
  4. BlackBerry Guard – For our fourth layer, meet our world-renowned security and incident response teams. We know a thing or two about security operations center (SOC) teams. In fact, BlackBerry won first place in this year’s SOC X ( world championship, beating out 50 of the best SOC and incident response (IR) teams from around the world in all-day advanced persistent threat (APT) attacks. How? Because of our advanced software solutions and our great in-house security experts.
  5. BlackBerry UEM – For those endpoints that need even more aggressive protection and remediation, we offer full app and data layer encryption and protection, with full device control capabilities.

The customer need is simple: “Give us a powerful EPP solution that’s easy to deploy, and provide us with a managed EDR service (MDR) so that BlackBerry experts can watch our backs.”


XDR – Primetime or Hype?

Extended Detection and Response (XDR) is the promise of a world where telemetry is streaming from a variety of sources, processed with AI in real-time, and resulting in a super cyber defense system that’s prepared to defend against threats across all attack surfaces.

Now that’s actually BlackBerry’s definition of XDR, with those from others roughly following suit. But it’s a vision, and the steps to get there are many and must be thoughtfully navigated.

Who has a powerful AI engine that can work both at the edge, for speed and bandwidth efficiency, and in the cloud, for pan-sensor processing and visibility? The leader will be someone that already has the most evolved AI engine and broadest IP portfolio.

Who is going to make sure mobile devices aren’t a security weak point? Who is going to build tiny sensors or sensor-enable all of these endpoints, because just collecting alert logs isn’t going to be enough if the malicious attack or behavior isn’t triggering alerts in individual systems? It will be someone who has mobile, Internet of Things (IoT) and Real Time Operating System (RTOS) chops.

Who is going to securely store all of that information, and most importantly, how is a customer going to allow and trust a single vendor with all of their most sacred data? How will they deal with user privacy and data sovereignty concerns? It will be someone with global NOC and data security experience with the most secure and data sensitive organizations and agencies in the world.

And who’s smart enough not to make pre-mature XDR promises to customers, along the lines of the over-promises and complex solutions when SIEM started its journey? It will be someone that has lived through decades of IT transformations.

So how is BlackBerry XDR-enabling their customers? We keep it simple and pragmatic. Don’t just jump in and start amassing data that itself takes a lot of energy to defend. Other vendors seem to have taken a more Security Information and Event Management (SIEM) than XDR approach. For pragmatic XDR, start instead within the cybersecurity solutions you’re already investing in today:

  • Powerful AI Engine – The Cylance AI engine is cutting edge AI for EPP and EDR today, and for XDR tomorrow.
  • Smart Data Lake – This week, we released BlackBerry Optics 3.0 in our early adopter program. It delivers a “smart data lake” where relevant, and endpoint telemetry is processed in real-time for predictive analytics. Our objective is to make fighting cyber threats easier, not more complicated. While other XDR vendors race to acquire mass amounts of data for a later promise of AI processing, we’re already there, starting with the optimal amount of the most effective data.
  • Endpoint SensorsBlackBerry Protect provides telemetry from desktops and servers across a broad array of Windows® and Linux® operating systems.
  • Mobile Sensors – Blackberry Protect also provides telemetry from mobile devices – iOS®, Android®, and Chrome OS® (others OEM their MTD solutions).
  • Behavior SensorsBlackBerry Persona provides human behavior telemetry that’s already AI-processed, not a simple identity API (although we have those too).
  • Network Sensors – The newly-released BlackBerry Gateway product line, along with APIs for third party data, will provide Zero Trust Network Access (ZTNA) telemetry at the network layer.
  • Data Sensors – BlackBerry Project Spyglass is an initiative that will harness the experience and technology behind our DLP, identity, and partner solutions and apply them to telemetry at the data layer.
  • IoT Sensors – BlackBerry Project IOTA is an initiative for embedding the Cylance AI engine within OEM devices such as medical equipment, utility plants, printers, and so on for cybersecurity protection and broader XDR telemetry.

We believe the path above is the best path for our customers. It provides a solid investment for immediate application today to combat cyber threats and malicious behavior, while future-proofing those investments for a broader XDR platform in the future. We believe it’s the right balance between reality and hype.

Note 1: Data based on industry standard US/European INPADOC patent families with relevance to AI/ML aspects of security/cybersecurity for BlackBerry and the listed competitors. Percentage distributions provided by Clarivate Analytics, 2021.

Anthony Ricco

About Anthony Ricco

Anthony Ricco is Senior Vice President, Product and Demand Marketing at BlackBerry.