Caretower Ltd.

Cylance Protect and Optics

Artificial Intelligence based anti-ransomware solution providing protection against zero day and unknown malware.
Proactively prevent malware execution and exploits to secure the most vulnerable aspect of your network – the endpoint.
Preventing attacks reclaims the time and resources consumed by incident response, data loss, and system downtime.


  • Anti-malware
  • Device control
  • Application control
  • Incident Forensics
  • Leverage power of artificial intelligence and algorithm science
  • Machine learning
  • Predict known and unknown attacks


  • Securing corporate devices
  • Protection against zero day and unknown malware
  • Proactively prevent malware execution and exploits
  • Secure most vulnerable aspect of your network, the endpoint.
  • Reclaim time, resources consumed by incident response, system downtime.
  • Reduce expenses associated with system downtime, by perpetual signature updates.
  • Silent pre-execution attack prevention that is 99.9% effective
  • Zero reliance on signatures, the cloud, or reputation lookups.


£35.42 to £68.53 per user per year

Service documents

G-Cloud 10


Caretower Ltd.

Davide Poli


Service scope

Service scope
Service constraints No.
System requirements
  • .NET framework 3.5+ (XP/ 2003+) on Windows
  • Mavericks+ on MacOS
  • RHEL/CentOS 6/7+

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on the severity:
Priority Initial Response Types of Issue
P1 1 hr Cloud outage, OR majority of end users are unable to work
P2 4 hrs Significant Cloud Latency, screens not available
P3 Next Business Day General issues, FP, FNs.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We only have one support level at present which is covers everything. Support is included in the subscription cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Professional services are available for on boarding and support included within subscription of product. Admin guides are also available to assist in process.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction N/a - all data pertaining to a subscription is securely erased from the system within 30 days of contract termination
End-of-contract process All data pertaining to a subscription is securely erased from the system within 30 days of contract termination.

Using the service

Using the service
Web browser interface Yes
Using the web interface Management of users.
Management of device policies.
Management of updates.
Unable to uninstall the agent at present.
Change token key which ties agents to the management console.
View threat data.
Download threat reports.
Web interface accessibility standard None or don’t know
How the web interface is accessible Management via browser over HTTPS. Agent communicates with the SaaS service using TLS encryption.
Web interface accessibility testing N/A
What users can and can't do using the API Management of users.
Management of device policies.
Management of updates.
Unable to uninstall the agent at present.
Change token key which ties agents to the management console.
View threat data.
Download threat reports.
API automation tools Other
Other API automation tools None or dont know.
API documentation Yes
API documentation formats PDF
Command line interface No


Scaling available No
Independence of resources We constantly monitor and test the load on the AWS platform.
Usage notifications No


Infrastructure or application metrics No


Supplier type Reseller (no extras)
Organisation whose services are being resold Cylance

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Full incrememental backups performed in real-time for all devices
  • Full incrememental backups performed in real-time for all policy information
Backup controls N/A
Datacentre setup Single datacentre with multiple copies
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability AWS guarantees 99.9999999% uptime.
Approach to resilience Resiliency and redundancy are built into the Cylance Protect cloud architecture as a primary objective which largely obviates formal BCP and DRP processes, which then become focused more on the business operations of Cylance as a whole, and less on the service provisioning. Of particular interest to clients may be the Amazon Web Services compliance documentation, available at
Individuals can also request, via that page, a copy of Amazon's SOC-2 report, which details much of the BCP, DRP, and security apparatus of Amazon's global datacentre's.
Outage reporting Email to customers.

Identity and authentication

Identity and authentication
User authentication
  • Username or password
  • Other
Other user authentication Access is commissioned on a per user ID basis to individual tenants. One email address can only exist on a maximum of one tenant meaning that email addresses cannot be associated to multiple tenants. Users create a password when they complete the registration form (within 48 hours)
Access restrictions in management interfaces and support channels Data access is isolated, human accessible via VPN only, limited exclusively to privileged access through multiple sets of MFA. All activities are monitored extensively. 
Engineering, support/ operations staff are granted only the access required by their job role.  Pathways to potentially viewing customer data including access to databases, cache systems and web-interfaces are issued only after request has been reviewed and approved by requester's individual manager and/or director.  Once granted, multi-factor authentication methods are employed to ensure attribution and no shared passwords are permitted.  Periodic security reviews and reauthorization processes are utilized, ensuring that unnecessary access rights are revoked.  "
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY Point,
ISO/IEC 27001 accreditation date 13/11/2013
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Direct Defense
PCI DSS accreditation date Tbc, approved document is not time stamped.
What the PCI DSS doesn’t cover CylanceProtect + Optics only applies to section 5: Protect all systems against malware and regularly update anti-virus software or programs.
Other security certifications Yes
Any other security certifications SOC1 certified

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards We perform assessments for the industry standards for information security and privacy of which we are pursuing (FedRAMP; SOC II, Type 2; ISO 27001/2; PCI-DSS; Privacy Shield)
Information security policies and processes The Cylance Information Security policy can be shared when an MNDA has been signed by the customer.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Utilising formal change management process to ensure ongoing system stability/ availability as we evolve the solution. As new product sets are defined and developed, they move through a well defined process.
 - Requirements definition
- Development planning
- Development
- Development testing in cloned environments
- Formal quality assurance testing
- Staging to production
- Production go-live
- Post implementation monitoring
- Release retrospective
Processes are managed throughout product development and release lifecycle in a JIRA system, and are cross-functional in nature.  Engineering staff is exclusively responsible for 1-4, operations and QA staff manages 5-6, and 7-9 involve all teams.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Cylance risk assessment program is based upon the Threat/Vulnerability/Impact approach and FAIR. Our process differs in that we do not identify risks first but instead start with a Parkerian Hexiad approach to Impact and focus on risks associated with unacceptable impacts (consequence) then ask what threats will result in those impacts, and develop controls accordingly.  Vulnerabilities are then assessed and prioritized against the same Impact. Cylance is currently in the process of adopting a new GRC tool where we will re-conduct our major assessments according to this approach in a centralized system.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have change logs for all access into our secure environments (into which only 3 are permitted) and software changes that are released to production. All changes are reviewed by at least two engineers. In addition, any security or emergency changes are also reviewed by a security engineer.
Incident management type Supplier-defined controls
Incident management approach Cylance has developed its own internal incident response process for security breaches that includes check points and assigned responsibilities for communicating impact to both affected customers and our customers in general. Time-sensitive information is disclosed to customers, providing ample time to respond proactively before any further broader communication is issued.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £35.42 to £68.53 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑