What is our primary use case?
Our company, as a distributor of the solution, looks into a few criteria that highlight the value of the solution. An important example is the deep hunting threat mechanisms that Cybereason has to offer.
One of the distinctions between Cybereason and many other vendors is that you are able to search easily through various parameters, such as machine ID, user ID, and malicious files.
How has it helped my organization?
Cybereason "communicates" with other endpoints to gather anonymous activities that run within the organization that normal AV fails to detect. It accumulates and compacts this into a single event case, where it is easy for the SOC team to do an investigation. This drastically reduces the time required to find the root cause of the event. This is one of the features that most of the other vendors lack, but allows the SOC team to receive an alert with the relevant details of the incident within a short period of time.
What is most valuable?
The sensors run within the endpoints, where it is lightweight and runs seamlessly in the background. It does not disrupt the work or activities of the end users, yet is able to detect almost any malicious activity running on the spot.
Adding to that, features like the canary files work like bait to any lateral movement case, where the threat actor is lured to "touch" those files. This, in turn, triggers the Malop engine, and immediately sends the alert to the SOC team to take action.
What needs improvement?
The technical support will need to be improved.
For how long have I used the solution?
About a year and a half.
What do I think about the stability of the solution?
I have the utmost respect for the stability of this solution, as it will be ninety-nine percent solid in keeping the endpoints protected from advanced cyber attacks.
How are customer service and technical support?
Since using the solution, post-installation I have not come to a point where I needed to contact their customer service or technical support. I have had no issues with the solution.
Which solution did I use previously and why did I switch?
We have used normal branded AV, which does not seem to be effective nowadays. Adding products to make up for what is lacking can be costly and it will also affect the performance of the endpoint, adding more resources and also time to do an investigation manually. Ultimately, this will affect productivity.
As Cybereason, it is built as NGAV plus EDR, meaning that it is a multi-functional solution that addresses the effectiveness of countermeasures for any cyber attacks. It is an ever-evolving process.
How was the initial setup?
The initial setup is pretty much straightforward. Simply follow the onboarding process as instructed by the vendor. The vendor is available to guide and assist with the onboarding process, and training for using the solution is also provided.
What about the implementation team?
As a distributor of the product, I have seen both vendor and in-house implementations. In the case of in-house deployments, there are clear instructions from the vendor. If issues should arise then they respond quickly to address the issue.
What's my experience with pricing, setup cost, and licensing?
Pricing is based on endpoints to be covered together with licensing. Be sure to make a request for flexibility in pricing.
Which other solutions did I evaluate?
What other advice do I have?
I highly recommend this solution for any organization that is solely depending on normal AV. Cyber attacks are rising exponentially, where tools are more advanced in penetrating the wall of security within the organization. A single hole could lead to devastating effects on the business.
The latest updates are quite user-friendly. This makes it easy to conduct an investigation, which leads to a reduction in time for determining the root cause of the event.