Skip Navigation
BlackBerry Blog

Microsoft Defender vs. CylanceENDPOINT

CYBERSECURITY / 08.22.23 / Paul Zimski

What’s the difference between Microsoft Defender for Business (“Microsoft Defender”) and BlackBerry’s CylanceENDPOINT™? If you’re evaluating these two endpoint protection platforms (EPPs), the most critical metrics to consider are efficacy and efficiency. A recent analysis evaluated Microsoft Defender vs. CylanceENDPOINT and revealed drastically different outcomes.

Independent Endpoint Analysis

Tolly Group is a premier independent test lab and provider of third-party validation services to the IT industry. It has evaluated the most important products and technologies to appear over the past decade, including EPPs. The following results are drawn from a 2023 Tolly Group EPP analysis.

Endpoint Efficacy: Microsoft Defender vs. CylanceENDPOINT

Preventing cyberattacks is the reason many organizations invest in endpoint protection. So how effective is Microsoft Defender in detecting and blocking threats, and how does it compare to CylanceENDPOINT?

Tolly Group put these EPPs to the test using two collections of 1,000 real-world malware samples in a Windows® 10 environment. Then they measured how effective the products were at detecting and eliminating the threats, separately reporting the performance when the test system had an active internet/cloud connection, and without it.

EPP Efficacy When Connected To the Cloud

  • Microsoft Defender: 89.3% effective (more than 1 in 10 threats went undetected)
  • CylanceENDPOINT: 98.9% effective (only 1 in 100 threats went undetected)
Image 1 — Endpoint protection efficacy when connected to the cloud, scanning two collections of 1,000 real-world malware samples. Numbers represent the percentage of malware detected. Tolly Group evaluation, 2023.

EPP Efficacy When Disconnected From the Cloud

  • Microsoft Defender: 81.0% effective (nearly 2 in 10 threats – twice as many as when connected — went undetected)
  • CylanceENDPOINT: 98.9% effective (no change when running in isolation)
Image 2 — Endpoint protection efficacy when offline, scanning two collections of 1,000 real-world malware samples. Numbers represent the percentage of malware detected. Tolly Group evaluation, 2023.

Following the evaluation, Tolly Group concluded that CylanceENDPOINT “delivered superior threat protection both offline and online to ensure safety from malicious files, regardless of internet connectivity status.”

These results are extremely informative for organizations that:

  • Want to have a preventative cybersecurity strategy and block threats before they can do damage
  • Have a hybrid workforce that regularly connects and disconnects from access points
  • Want continuous and consistent protection — even during times of lost connectivity

It’s reassuring to know that organizations can still detect and block 98.9% of threats when systems are temporarily offline, or air-gapped for the long-term.

Endpoint Efficiency: Microsoft Defender vs. CylanceENDPOINT

The efficiency of an endpoint protection platform is also crucial because intense resource usage can impede user productivity, slow business-critical computing processes, and shorten the lifespan of your IT equipment. Tolly Group compared the CPU (central processing unit) usage of Microsoft Defender against CylanceENDPOINT. Here are the results of how each solution utilized valuable Windows resources:

Image 3 — Endpoint protection platforms, percentage of CPU utilized while scanning two collections of 1,000 real-world malware samples. Tolly Group evaluation, 2023.

Microsoft Defender Resource Demands:

  • Resource use: Utilized ~100% of CPU until all 2,000 malware samples were examined.

CylanceENDPOINT Resource Demands:

  • Resource use: Utilized just ~5% of CPU until all 2,000 malware samples were examined.

The bottom line? CylanceENDPOINT represents a 95% resource savings vs. Microsoft Defender.

Tolly Group’s conclusion about the efficiency test was that CylanceENDPOINT
offers “dramatically lower CPU resource consumption while scanning, enabling computer resources to be available for end-user business tasks.” They went on to state that CylanceENDPOINT “will help extend the lifecycle of endpoints it protects by minimizing continued resource utilizations and eliminating expensive device reimaging cycles caused by malware breaches.”

EPP Time To Detect Malware Threats

There is another metric to consider when choosing an EPP, which combines both threat detection efficacy and efficiency, based on the time required to detect and analyze incoming threats. Here‘s how long it took each platform to detect all threats in the samples:

Image 4 — Endpoint protection platforms, time to analyze 1,000 real-world malware samples. Left: results when EPPs remain connected to cloud. Right: results when EPPs are completely disconnected. Tolly Group evaluation, 2023.

Microsoft Defender: Time to Detect 1,000 Malware Threats:

  • ~52 minutes when connected; ~72 minutes when offline

CylanceENDPOINT: Time to Detect 1,000 Malware Threats:

  • ~27 minutes when connected (48% faster than Defender); ~42 minutes when offline (42% faster)

Microsoft Defender vs. BlackBerry CylanceENDPOINT

The Tolly Group executive summary highlights what organizations evaluating endpoint protection plans need to know:

“Endpoint security is essential, but there can be a hidden price to pay when it comes to how some solutions use system resources. While computing systems, physical and virtual, continually become more powerful, new and updated applications are ever more hungry for those resources. BlackBerry’s focus is on providing superior endpoint protection — even in offline environments — while consuming minimal system resources.”

These findings are supported by the fact that CylanceENDPOINT blocks up to 18% more than Microsoft Defender, uses 20x less system resources, and is roughly twice as fast.

Learn more about CylanceENDPOINT, or listen to security leaders who have chosen to rely on BlackBerry Cylance ENDPOINT, (video below):

BlackBerry Editorial Director Steve Kovsky interviews GDEX CIO Melvin Foong.
Discover where security and connectivity converge. Join us Oct. 17 for the tenth BlackBerry Summit at the Conrad New York Downtown. Registration is open now.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
Paul Zimski

About Paul Zimski

Paul Zimski is Vice President of Product and Technical Marketing at BlackBerry.