Cybereason Endpoint Detection & Response Room for Improvement
JB
Johnson Bresnick
Director of Learning and Development at ACA - Ateliers de conversation anglaise
The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.
View full review »It could be helpful if the endpoint agent has self-healing capability in case it gets corrupted. It should be more stable, and the sensor needs improvement in terms of connectivity.
View full review »The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it.
While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together.
It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made.
It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.
View full review »Buyer's Guide
Cybereason Endpoint Detection & Response
April 2024
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,847 professionals have used our research since 2012.
MT
reviewer1678386
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
The dashboards are very minimal. They have some flashy options but there's nothing that we've found that's actually valuable that's in the dashboard. It's very easy to use, but if you have experienced SOC members there's no real query language. So it slows them down to have to click the button a million times, but for new SOC members, it's very easy to pick up because there's no query language.
Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts.
It doesn't always pull data, there'll be times when it can't pull a process or things like that. We brought this up to Cybereason. We have an RFP for it but we have a lot of RFPs and we maybe only had a couple that have been completed.
The high CPU and memory usage are the two main points that need improvement. That's been pretty big. It's caused us a couple of outages. If they had more automation, like policy management via the API, that would be nice because whitelisting path exceptions, things like that, do take a good amount of time because that's done manually per policy instead of being automated. And we're very automation-focused.
View full review »What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on.
View full review »DH
DanielHernandez
Information Security Analyst at a comms service provider with 51-200 employees
Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business.
View full review »TR
Tim Roscoe
Information Security Manager at Cabot Financial (Marlin) Limited
We had a number of issues tuning the clients. When first installed on a
number of servers, we observed high CPU utilization.
PK
reviewer2226270
Technical Specialist Manager at a tech services company with 201-500 employees
Cybereason Endpoint Detection & Response is quite good in providing protection and investigation. I feel that the product lacks reporting features and needs improvement.
View full review »FP
Anonymous__
Senior Project Manager at a transportation company with 10,001+ employees
I can't tell how much it detects and how much it doesn't detect. This I don't know. However, this isn't my area of expertise. That said, detection could always be improved upon.
Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group.
It is useful to have a bit of training on the solution first. It's not as intuitive, as, say, your iPhone.
It would be helpful if, in the future, there was a more efficient way to upgrade the sensors directly from the cloud. Basically on each end device, you're deploying a sensor. They call it a sensor, other companies call it something else, but they call it sensor. That's where you have the version of the software. To upgrade, for instance from 19 to 20, today we have to do it internally. I know they have it in the pipeline to make the upgrades easier, but they don't know by when it will be released. If it could be done directly from the console to all servers, that it would be a nice feature.
The integration with Microsoft solutions and Microsoft capabilities needs to be improved. Also, the agility to be ready for a new platform.
Stability needs to be improved.
The issue for me is the platform supportability. When there is a new version of OS, that is something that has to be improved.
The communication is not clear and we are not receiving the messages on the tests to know if it works or not.
Linux was a bad experience and Micro OS was a disaster.
The biggest issue is the platform for Micro OS and Linux are not supported.
View full review »NL
Nick LaPointe
Information Security Administrator at a insurance company with 1,001-5,000 employees
Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.
Their endpoint protection piece for device management and storage device protection could use maturation.
View full review »They need to improve their technical support services.
View full review »MB
Manohar Baratam
Security Analyst at a manufacturing company with 1,001-5,000 employees
The graphics are a little lacking. This is one of the problems of this solution.
View full review »TA
reviewer1319712
Systems Engineer at a tech services company with 11-50 employees
There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.
Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.
They do not have anything related to mailbox security.
Cybereason does not have sandbox functionality.
View full review »Like any new product the traditional enterprise readiness criteria around scaling, support, robustness, integration and deployment need to be proven out over their maturity curve. That being said their architecture provides confident remedies for scaling and robustness. Further as a 'pro to the con' these tools 'play nice in the security sandbox' in that they have public apis that easily integrate into existing security suites to add value to existing log aggregation solutions in place in an enterprise with significantly reduced set up cycles to their predecessors.
View full review »DS
Security01c2
Security Specialist at a tech services company with 201-500 employees
- There can be problems with the Electronic Data Interchange (EDI).
- The reporting feature needs improvement.
The technical support will need to be improved.
Technical support needs to improve.
View full review »CL
Chee Keong Law
Security Consultant at a computer software company with 10,001+ employees
One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.
View full review »Buyer's Guide
Cybereason Endpoint Detection & Response
April 2024
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,847 professionals have used our research since 2012.