We just raised a $30M Series A: Read our story

Cybereason Endpoint Detection & Response OverviewUNIXBusinessApplication

Cybereason Endpoint Detection & Response is #12 ranked solution in EDR tools and #26 ranked solution in endpoint security software. IT Central Station users give Cybereason Endpoint Detection & Response an average rating of 8 out of 10. Cybereason Endpoint Detection & Response is most commonly compared to CrowdStrike Falcon:Cybereason Endpoint Detection & Response vs CrowdStrike Falcon. The top industry researching this solution are professionals from a computer software company, accounting for 30% of all views.
What is Cybereason Endpoint Detection & Response?

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

Cybereason Endpoint Detection & Response is also known as Cybereason EDR, Cybereason Deep Detect & Respond.

Cybereason Endpoint Detection & Response Buyer's Guide

Download the Cybereason Endpoint Detection & Response Buyer's Guide including reviews and more. Updated: November 2021

Cybereason Endpoint Detection & Response Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Pricing Advice

What users are saying about Cybereason Endpoint Detection & Response pricing:
  • "This product is somewhat expensive and should be cheaper."
  • "In terms of pricing, it's a good solution."

Cybereason Endpoint Detection & Response Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Nick LaPointe
Information Security Administrator at a insurance company with 1,001-5,000 employees
Real User
Does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately

Pros and Cons

  • "Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."
  • "Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."

What is our primary use case?

We use Cybereason for endpoint detection, response, and protection.

What is most valuable?

All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

What needs improvement?

Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.

Their endpoint protection piece for device management and storage device protection could use maturation. 

For how long have I used the solution?

I started using Cybereason EDR shortly over a year now. It was March of 2020.

What do I think about the stability of the solution?

The performance was better than the endpoint detection response of our previous solution. We've actually had comments from end-users once we deployed Cybereason, and we noticed the outgoing solution that their computers have increased in speed.

What do I think about the scalability of the solution?

Scalability is endless, especially in a SaaS deployment. We scaled from zero to 2,900 in three weeks, and we saw no degradation in threat hunting query performance within the platform or any ill effects on the platform itself.

It does require maintenance for deploying upgraded sensors and for tweaking policies as new features come out. I don't think that would be maintenance. Upgrading endpoint sensors on mission critical device I recommend a maintenance window just to follow industry best practices, however all other devices can be completed during normal business hours.

How are customer service and technical support?

Their technical support is very competent. They know the product inside and out and they try to understand the business's needs before any solution is provided.

Which solution did I use previously and why did I switch?

Symantec was our previous provider. It was through tabletop exercises that we found that it just wasn't triggering alerts that it should have been, so it led us to review other products.

How was the initial setup?

The setup was completely fast-paced and extremely straightforward. 

We were under a somewhat constrained timeline for rollout. It usually takes us six to eight weeks to roll something of this magnitude out to the organization, but having the pandemic upon us, we actually got it fully deployed in under three weeks. That's how easy it was to roll out and deploy.

The deployment was done all internally. It was a little bit more than just our security team. It was help from our tier-one support analyst as well, but we got it rolled out with a handful of people. Six people were involved in the project in deploying over 2,900 sensors.

We are currently looking at their mobile device management solution or their protection solution to expand usage.

What was our ROI?

We will see a positive ROI, I believe, in the next 12 to 24 months.

What's my experience with pricing, setup cost, and licensing?

It's not the cheapest, but it's the best.

There are no additional costs to standard licensing. 

What other advice do I have?

My advice would be: Don't hesitate. Pull the trigger and you won't be disappointed.

It's always watching the house. No matter what you throw at it, it will detect anything you give it. It detects anomalies within the environment.

I would rate it an 9.5 out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
FP
Senior Project Manager at a transportation company with 10,001+ employees
Real User
Efficient with an easy to use interface and excellent technical support

Pros and Cons

  • "The solution is efficient."
  • "Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."

What is our primary use case?

We primarily use the solution for security purposes.

What is most valuable?

I really like the features. It's quite different from any other solution. 

It's complex, but not in a bad way. I find it fascinating to explore all of the options they have on offer.

The solution is efficient.

The support is very responsive.

We're excited for the new features we'll be getting in version 20.1.

The user interface is very easy to understand and navigate.

The solution is great for tracking and tracing computers.

What needs improvement?

I can't tell how much it detects and how much it doesn't detect. This I don't know. However, this isn't my area of expertise. That said, detection could always be improved upon.

Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group.

It is useful to have a bit of training on the solution first. It's not as intuitive, as, say, your iPhone.

It would be helpful if, in the future, there was a more efficient way to upgrade the sensors directly from the cloud. Basically on each end device, you're deploying a sensor. They call it a sensor, other companies call it something else, but they call it sensor. That's where you have the version of the software. To upgrade, for instance from 19 to 20, today we have to do it internally. I know they have it in the pipeline to make the upgrades easier, but they don't know by when it will be released. If it could be done directly from the console to all servers, that it would be a nice feature.

For how long have I used the solution?

While the company has been using the solution for two years, I haven't been using it for too long. At this point, I may have only been using it for two months or so.

What do I think about the stability of the solution?

The solution is quite stable. We haven't had any issues with it. It doesn't have bugs or glitches. It doesn't freeze or crash. I would consider it to be reliable. I can always access the console, I can check stuff. I don't have issues.

We're on version 19.1, and we're waiting on version 20.1 to be used a bit more and become a bit more stable before we upgrade. We're a pretty complex organization. Cybereason told us to hold off for a bit, and so we aren't changing versions just yet. 

What do I think about the scalability of the solution?

We're a big, complex company, and even so, with this solution, scalability is pretty straightforward. I'm not dealing directly with this part of the solution. However, if an additional detection service is needed or if we need more disk space, it seems really, really easy to expand. 

How are customer service and technical support?

The support that the company offers is very good. We've been quite satisfied. I find them to be exceptionally responsive. They are quite knowledgeable.

How was the initial setup?

It's very straight forward to implement the solution. It's not complex at all. The solution provides you with a package once, tailored to how your network is working. They provide you with a dedicated package for your own organization and it's ridiculously simple to install.

Technically, the solution is already deployed, however, it's not on all servers yet. I'm deploying the machine servers worldwide while also making sure that the grid version of the sensors is set up. I would estimate that, at this point, the company has deployed the solution 90-95%. We're in the process of finishing off what's left.

What about the implementation team?

I tend to deploy the solution myself to our servers around the globe. If I do need assistance, I have a manager that's available 24/7.

What other advice do I have?

We're just customers. We don't have a business relationship with the client. I'm not a security expert. That said, I'm closely in touch with the company for training, etc. and I keep an eye on how it works for our company. 

The thing is with an EDR solution, it's kind of a new world for me. I've read up on Cybereason a lot, as well as other options. I was trying to understand the differences between the products. My understanding is that they are kind of a new generation of EDR, which are represented by Cybereason and by CrowdStrike. They are doing active monitoring which differentiates them from other solutions if I understood properly.

They are monitoring our environment effectively. We are monitoring it by ourselves as well, however, their SOC team is monitoring and pre-alerting us all the time, every day. 

From a user experience perspective, I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,407 professionals have used our research since 2012.
TA
Systems Engineer at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
Good UI and dashboard, but it has no support for mailbox security or sandboxing

Pros and Cons

  • "The dashboard is very good and you can consider it as an interactive UI."
  • "Cybereason does not have sandbox functionality."

What is our primary use case?

We are a solution provider and we deal with three different vendors to supply security products for our customers. One of the products that we implement for them is Cybereason Endpoint Detection & Response.

It is used for endpoint protection, in general, and monitoring the endpoint. Those asking for EDR usually have a security operations center (SOC). They just want to see the dashboard, the incidents, and whether something has happened on the endpoint.

How has it helped my organization?

This product is somewhat new for us, so we haven't been able to secure deals with our customers for it yet. We have proposed it to one customer because it was requested.

Also, I think that Cybereason only has perhaps 500 employees, and there are not many technical people in the Middle East. There is only one regional manager and he is based in the U.A.E., and within the past four or five months, they hired a new service engineer (SE).

What is most valuable?

The dashboard is very good and you can consider it as an interactive UI.

What needs improvement?

There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.

Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.

They do not have anything related to mailbox security.

Cybereason does not have sandbox functionality.

For how long have I used the solution?

We signed the contract with Cybereason to sell the Endpoint Detection & Response solution a year ago, although we have not had much experience with it yet. Most of our customers already have endpoint protection from Kaspersky and are asking for license renewals and support. It is similar for our customers that have BitDefender.

How are customer service and technical support?

I have not been in contact with technical support.

Which solution did I use previously and why did I switch?

We also deal with BitDefender and Kaspersky.

I have some hands-on work with BitDefender and have completed some implementations.

Both Trend Micro and BitDefender have support for mailbox security. For example, they have specific functionality for securing Microsoft Exchange, or mailboxes in general. Cybereason doesn't have this option. The same is true for sandboxing capabilities.

How was the initial setup?

This is a product that requires a lot of resources when it is set up.

Some of our customers ask that Cybereason be installed with an air gap.

What about the implementation team?

We do not yet have much hands-on experience with this product.

What's my experience with pricing, setup cost, and licensing?

This product is somewhat expensive and should be cheaper. Having better pricing, in general, would be an improvement.

What other advice do I have?

This is a product that I recommend for endpoint protection in general, and for the server. However, if they need mailbox security then I would recommend another product.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
AD
Global IT Project Manager at a manufacturing company with 10,001+ employees
Real User
Top 20
Good EPP, but support for Micro OS and Linux is needed

Pros and Cons

  • "For me, the technical support is good."
  • "The integration with Microsoft solutions and Microsoft capabilities needs to be improved."

What is our primary use case?

The primary use case of this solution is for Windows 10 platforms, any kind of Windows 10 platform, desktop edition, and some Windows servers for monitoring and protection.

What is most valuable?

The most valuable feature is the EPP part.

What needs improvement?

The integration with Microsoft solutions and Microsoft capabilities needs to be improved. Also, the agility to be ready for a new platform.

Stability needs to be improved.

The issue for me is the platform supportability. When there is a new version of OS, that is something that has to be improved.

The communication is not clear and we are not receiving the messages on the tests to know if it works or not.

Linux was a bad experience and Micro OS was a disaster.

The biggest issue is the platform for Micro OS and Linux are not supported.

For how long have I used the solution?

I have known this solution for three years, more or less.

We are using the latest version.

What do I think about the stability of the solution?

I didn't like the stability. There were some problems and it was not responding correctly to integration.

What do I think about the scalability of the solution?

Scalability seems to be ok. It's supporting more than 200,000 devices and in terms of scaling, it's ok.

How are customer service and technical support?

For me, the technical support is good. I asked support for certain points to move on, in terms of new things, and I haven't received any good feedback.

I think that they are ok with the current platform and the current support, but they are not ok in terms of providing us with where they are evolving.

Which solution did I use previously and why did I switch?

For antivirus projects, we were using Windows Defender and Skype for previous platforms such as Windows 7. Now, we are still using Windows Defender.

For additional features or features that are redundant with Defender, we are using Cybereason.

How was the initial setup?

The initial setup was straightforward with plenty of issues.

It took between a few weeks and a few months to deploy.

What about the implementation team?

We were using Cybereason directly.

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, it's a good solution.

What other advice do I have?

We are evaluating the possibility of enabling Microsoft Defender ATP, which will cover most or all of the suites and the features that we have on Cybereason as well.

My advice is to evaluate carefully Microsoft Defender ATP and see if they are running fully with Microsoft. If they are evaluating anything at the endpoint level and they plan to use Mac, Windows, and Linux, they should pay attention to Microsoft solutions. Microsoft is becoming a leader in this area.

The cost of Microsoft is quite high, it is something that has to be discussed with Microsoft on a case by case.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CL
Security Consultant at a computer software company with 10,001+ employees
Consultant
Easy to set up but can be confusing for end-users

Pros and Cons

  • "The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
  • "The product's reporting isn't great."

What is most valuable?

The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running.

What needs improvement?

One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.

For how long have I used the solution?

I have been using this solution for about seven months.

How are customer service and support?

Technical support varies on a case-by-case basis, but sometimes it takes a lot of time for them to come back to us with a solution. I would like to see better support in the future.

Which solution did I use previously and why did I switch?

I previously used Trend Micro's antivirus solution.

How was the initial setup?

The initial setup was easy.

What about the implementation team?

I used an in-house EDR team to implement this product.

What other advice do I have?

I would advise trying to cut down on false positives as these can create a lot of issues between teams. I would rate this product as 7.5 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Cybereason Endpoint Detection & Response Report and get advice and tips from experienced pros sharing their opinions.