I rate Cybereason EDR 10 out of 10. I recommend it because it's much better than anything else out there. 

I rate Cybereason Endpoint Detection & Response a nine out of ten. If you are looking for infrastructure security, I recommend the product. It provides a snapshot of machine activities.

At the blocking level, we have used some automated migration and isolation processes. However, we are still very cautious. With everything that we do, we start out in monitor-only mode so it warns us first. We see what our baseline is and track those things down, then we turn on the automatic mitigations. So, we have it in some areas, but not in all areas.

We are using just about all the pieces that we currently have of this solution. For the pieces that we are not using, those are some of the new XDR features that came out which have some plugins from a Google SIEM and some of the Azure plugins. We don't have those yet and may look at those in the future. For some of those areas, I have coverage in another product so I am not in a hurry to do that.

Overall, I would rate Cybereason as seven out of 10.

My advice would be to make sure that your company's goals align. If you're a detect-focused organization you'll probably be very happy with it. If you're a prevent-based organization, I don't think it's going to fill that niche.

If you have a smaller team, look at what it takes to manage the policies, because depending on your workflows, how you need to patch, or how you need to group things, it may not work for your workflows.

I would rate Cybereason a six out of ten. 

My company has around five hundred to six hundred users of Cybereason Endpoint Detection & Response. Four technicians handle the solution, in terms of deployment and maintenance.

I can recommend the solution to others who may want to start using it, particularly if I have references. My company recommended it to two or three companies that now use Cybereason Endpoint Detection & Response.

I would rate Cybereason Endpoint Detection & Response eight out of ten.

If you are a very small security team or have no security team, then I would choose Cybereason for the level of expertise from their SOC and security support team. Also, the product is very easy to manage. Overall, the number of false positives that a system administrator has to deal with is lower, which is better, because you don't have to spend time on it. Instead, you can spend time doing other things, like setting up new infrastructure.

I haven't really had many experiences with other vendors, but I would rate them as 9 out of 10. It goes back to those first issues that we had at the beginning. However, they have stepped up and really have proved that they are a great product.

Ensure you have a good support contract.

Overall, I would rate it is out of ten.

For some organizations that are aware of cybersecurity ways that indicate the need to focus on the endpoint area, I recommend they find some solution to help them to protect their employees. Cybereason is a good platform in the area they function.

Overall, I rate the solution a nine out of ten.

We're just customers. We don't have a business relationship with the client. I'm not a security expert. That said, I'm closely in touch with the company for training, etc. and I keep an eye on how it works for our company. 

The thing is with an EDR solution, it's kind of a new world for me. I've read up on Cybereason a lot, as well as other options. I was trying to understand the differences between the products. My understanding is that they are kind of a new generation of EDR, which are represented by Cybereason and by CrowdStrike. They are doing active monitoring which differentiates them from other solutions if I understood properly.

They are monitoring our environment effectively. We are monitoring it by ourselves as well, however, their SOC team is monitoring and pre-alerting us all the time, every day. 

From a user experience perspective, I'd rate the solution nine out of ten.

We are evaluating the possibility of enabling Microsoft Defender ATP, which will cover most or all of the suites and the features that we have on Cybereason as well.

My advice is to evaluate carefully Microsoft Defender ATP and see if they are running fully with Microsoft. If they are evaluating anything at the endpoint level and they plan to use Mac, Windows, and Linux, they should pay attention to Microsoft solutions. Microsoft is becoming a leader in this area.

The cost of Microsoft is quite high, it is something that has to be discussed with Microsoft on a case by case.

I would rate this solution a seven out of ten.

My advice would be: Don't hesitate. Pull the trigger and you won't be disappointed.

It's always watching the house. No matter what you throw at it, it will detect anything you give it. It detects anomalies within the environment.

I would rate it an 9.5 out of 10. 

I would recommend the solution to other users and organizations. For the most part, we have been pleased with its capabilities.

In general, I would rate the solution eight out of ten.

The Cybereason learning tools are fun to use. The tutorials are helpful. There is an open onboarding and training with Cybereason.

This is a product that I recommend for endpoint protection in general, and for the server. However, if they need mailbox security then I would recommend another product.

I would rate this solution a seven out of ten.

This is a compare and contrast relative to best of breed DLP/SIEM solutions in Garner MQ and widely deployed

Differentiators

Interset - further to above key differentiator of this product is focus on insider threat - by tracking file activity and correlating against user end points and risky activities (read file exfiltrations) the resulting dashboards present an organizational risk profile with actionable events prioritized by risk = probability X impact. If one supports the notion that layered security needs to focus on inside out risk instead of trying to securing the perimeter - a very compelling tool for where to focus your infosec/forensic brain power.

Cybereason - similar in mindset to above (inside out risk) this application focuses on Malops - ie the notion that malware has and will continue to penetrate the perimeter - but will exhibit tell tale patterns of behaviour trying to exfiltrate files (in a manner similar to an insider) - this tool excels at identifying potential attacks in a manner easily understandable at an executive level and again maximizing efficiency of your deep security talent.

SQRRL - similar in intent to Cybereason. Major differentiator is tight AD coupling and labeling functions that can decisively evaluate impact and importance of data under attack and provenance of attack (what users are involved, what machines are infected)

As a final thought - my recommendation would 'either or' selection - they all support the notion of a security ecosystem where every tool gets better with more data. So using these tools in a sort of proactive round robin log assessment and pushing logs to each other would provide the best all round solution.

An organization seeking a product like this needs to evaluate its standpoint. It must decide whether it is looking for flexibility or ease of administration. 

I highly recommend this solution for any organization that is solely depending on normal AV. Cyber attacks are rising exponentially, where tools are more advanced in penetrating the wall of security within the organization. A single hole could lead to devastating effects on the business.

The latest updates are quite user-friendly. This makes it easy to conduct an investigation, which leads to a reduction in time for determining the root cause of the event.

Please go for it as this is an efficient product in the cyber security space.

I would advise trying to cut down on false positives as these can create a lot of issues between teams. I would rate this product as 7.5 out of 10.