Aurora Endpoint Security architecture

The full architecture of the Cylance Endpoint Security solution


Component	Description
Protect Backend	The Protect Backend is a global private data network distributed across multiple regions that enables and secures data in transit between thousands of organizations and millions of users around the world. It is designed to efficiently manage the transport of data between Arctic Wolf services and end-user devices. The Protect Backend registers user information for agent and Aurora Protect Mobile app activation, validates licensing information, and maintains a trusted connection with on-premises components installed behind the firewall and with agents and the Aurora Protect Mobile app on users' devices inside and outside the firewall.
Aurora Protect	Aurora Protect Desktop detects and blocks malware on Windows, macOS, and Linux devices using machine learning techniques to render new malware, viruses, bots, and future variants useless. Aurora Protect Mobile detects malware, sideloaded apps, malicious URLs in text messages, and other security risks on iOS, Android, and Chrome OS devices, and recommends action to eliminate the threat.
Aurora Focus	Aurora Focus monitors Windows, macOS, and Linux devices and aggregates collected information to detect, track, alert upon, and respond to malicious events as soon as they occur. Aurora Focus can help you detect attacks when they start and automate investigation and response to stop them before they cause harm.
Aurora Endpoint Security cloud services	The Aurora Endpoint Security cloud services are the brain power behind each Aurora Endpoint Security feature. The cloud services for different features leverage AI, machine learning, or a risk engine based on user modeling to process large volumes of complex data to identify and respond to threats. For more information, see How Aurora Endpoint Security uses advanced technology to protect users and devices.
Management console	The cloud-based management console allows you to set up, manage, and monitor all of the features of Aurora Endpoint Security.
Devices with agents or the Aurora Protect Mobile app	Agents installed on Windows, macOS, and Linux devices and the Aurora Protect Mobile app installed on iOS, Android, and Chrome OS devices communicate with Aurora Endpoint Security to detect potential threats and take action to protect your users, devices, and network.
BlackBerry Protect Connectivity Node	The BlackBerry Protect Connectivity Node is an optional component that allows Aurora Endpoint Security to synchronize users and groups with your on-premises Microsoft Active Directory or LDAP directory. Aurora Endpoint Security can synchronize users and groups with Entra Active Directory without the BlackBerry Protect Connectivity Node.