BlackBerry Spark operates as an endpoint-centric and prevention-focused security suite. It offers a range of security capabilities and visibility to protect people, devices, networks, and apps, while its AI-backed malware and threat detection stops malicious processes before they execute. The BlackBerry Spark suite consists of three modules: BlackBerry Protect, BlackBerry Protect for Mobile, and Blackberry Optics.

BlackBerry Protect drives endpoint protection with artificial intelligence to provide malware prevention, application and script control, memory protection and device policy enforcement. The predict-and-prevent approach empowers businesses with a proactively hardened security posture that's ready to defend against breaches and advanced threats automatically without human intervention or sandboxing. Memory protection adds an additional layer of security that helps avoid memory exploitation in the event of a breach. Parameter configurations control device access and dictate which devices connect to an environment. Protect for Mobile continuously protects these mobile endpoints, including non-corporate devices, with the same advanced detection and prevention capabilities as the desktop version. 

BlackBerry Optics blends endpoint detection and response with behavioral detection to provide the visibility necessary for advanced operations such as root cause analysis, incident response, and automated threat hunting. The lightweight agent imposes a small footprint and features a disconnected mode that permits it to operate even when the system is offline. The static EDR rules are customizable and determine the nature of autonomous alerts, actions and remediations that a SOC Analyst would otherwise need to produce manually. With AI-driven threat hunting mechanisms, Optics minimizes the attack surface and automates the detection and response process using playbooks that streamline the otherwise manual incident response process. A machine learning module built on malicious script usage overlaps a significant portion of the rules, including those that map to the MITRE ATT&CK framework, to ensure accurate and consistent malicious process detection.

The management interface includes everything we expected, including at-a-glance information of the current threats, plain English explanations of attacks and storyboarding features. The interface does require some out-of-the-box configurations, meaning that with BlackBerry Spark, subscribers sacrifice some ease-of-use for its enhanced customization options. For example, the default settings for the application control module block all unknown applications from running. There are extensive exceptions analysts may include, however, this process does take some time to configure.

Overall, BlackBerry Spark is an ideal endpoint security solution for those in the business of building in-house applications. Many endpoint detection and response products take a negative-first approach when addressing a detected unknown threat and prevent execution until they can determine the threat’s level of maliciousness. BlackBerry Spark, on the other hand, incorporates developer certificates into its platform and permits execution if the signatures match. This prevention-focused solution protects against attacks using only a fraction of the resources typically used on the endpoint.

Pricing starts at $195 per user, per year and includes 24/7 online support. The knowledgebase houses effective documentation and a search function that expeditiously targets the most relevant material. Additionally, there are hover-over functions throughout the entire console that display valuable contextual information regarding various items. Phone support is not available.

Written by Katelyn Dunn

Tested by Tom Weil