Cybereason Endpoint Detection & Response Review

Efficient with an easy to use interface and excellent technical support


What is our primary use case?

We primarily use the solution for security purposes.

What is most valuable?

I really like the features. It's quite different from any other solution. 

It's complex, but not in a bad way. I find it fascinating to explore all of the options they have on offer.

The solution is efficient.

The support is very responsive.

We're excited for the new features we'll be getting in version 20.1.

The user interface is very easy to understand and navigate.

The solution is great for tracking and tracing computers.

What needs improvement?

I can't tell how much it detects and how much it doesn't detect. This I don't know. However, this isn't my area of expertise. That said, detection could always be improved upon.

Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group.

It is useful to have a bit of training on the solution first. It's not as intuitive, as, say, your iPhone.

It would be helpful if, in the future, there was a more efficient way to upgrade the sensors directly from the cloud. Basically on each end device, you're deploying a sensor. They call it a sensor, other companies call it something else, but they call it sensor. That's where you have the version of the software. To upgrade, for instance from 19 to 20, today we have to do it internally. I know they have it in the pipeline to make the upgrades easier, but they don't know by when it will be released. If it could be done directly from the console to all servers, that it would be a nice feature.

For how long have I used the solution?

While the company has been using the solution for two years, I haven't been using it for too long. At this point, I may have only been using it for two months or so.

What do I think about the stability of the solution?

The solution is quite stable. We haven't had any issues with it. It doesn't have bugs or glitches. It doesn't freeze or crash. I would consider it to be reliable. I can always access the console, I can check stuff. I don't have issues.

We're on version 19.1, and we're waiting on version 20.1 to be used a bit more and become a bit more stable before we upgrade. We're a pretty complex organization. Cybereason told us to hold off for a bit, and so we aren't changing versions just yet. 

What do I think about the scalability of the solution?

We're a big, complex company, and even so, with this solution, scalability is pretty straightforward. I'm not dealing directly with this part of the solution. However, if an additional detection service is needed or if we need more disk space, it seems really, really easy to expand. 

How are customer service and technical support?

The support that the company offers is very good. We've been quite satisfied. I find them to be exceptionally responsive. They are quite knowledgeable.

How was the initial setup?

It's very straight forward to implement the solution. It's not complex at all. The solution provides you with a package once, tailored to how your network is working. They provide you with a dedicated package for your own organization and it's ridiculously simple to install.

Technically, the solution is already deployed, however, it's not on all servers yet. I'm deploying the machine servers worldwide while also making sure that the grid version of the sensors is set up. I would estimate that, at this point, the company has deployed the solution 90-95%. We're in the process of finishing off what's left.

What about the implementation team?

I tend to deploy the solution myself to our servers around the globe. If I do need assistance, I have a manager that's available 24/7.

What other advice do I have?

We're just customers. We don't have a business relationship with the client. I'm not a security expert. That said, I'm closely in touch with the company for training, etc. and I keep an eye on how it works for our company. 

The thing is with an EDR solution, it's kind of a new world for me. I've read up on Cybereason a lot, as well as other options. I was trying to understand the differences between the products. My understanding is that they are kind of a new generation of EDR, which are represented by Cybereason and by CrowdStrike. They are doing active monitoring which differentiates them from other solutions if I understood properly.

They are monitoring our environment effectively. We are monitoring it by ourselves as well, however, their SOC team is monitoring and pre-alerting us all the time, every day. 

From a user experience perspective, I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest