Cybereason Endpoint Detection & Response Valuable Features

JB
Director of Learning and Development at ACA - Ateliers de conversation anglaise

Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment.

I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly.

Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

View full review »
AtulChaurasia - PeerSpot reviewer
Operational Technical Security at Metro Bank

The product's threat-hunting feature is very intuitive and easy to use as it is GUI-based. We need to know the specific fields we want to scan. It gives the entire report of the activities on the machine right from the first process to the last process.

View full review »
Chad Kliewer - PeerSpot reviewer
Information Security Officer at PTCI

The biggest feature is the fact that I have one product that works across all my different operating systems. It works across a lot of different endpoint operating systems, e.g., Windows, macOS, iOS, Android, and Linux. I chose the solution because it covers the entire realm of all of my devices on a single endpoint agent, then back to one console. This prevents me from having to manage multiple products for multiple operating systems. I did not have these capabilities on anything other than Windows and Linux previously. XDR has expanded my capabilities into all my other endpoints, e.g., mobile OSs, beyond Windows and Linux.

Cybereason provides a ton of detail. Not only do we see that something malicious may have been executed on a machine, but we also see everything else that is executed on that machine, which may or may not be involved. Therefore, it has given us a ton more information and context around an event, rather than saying, "Oh, we spotted this suspicious file." Instead, it gives me the context around it, telling me how it was executed, where it was executed from, and why it might be malicious. So, it has changed the way we function.

In the past, we looked at it, and said, "That looks malicious (or not). Check the box and move on." With Cybereason products, we have much more detail behind it so we can make more informed decisions on whether an action is malicious. An added benefit is that it has also helped us discover a lot of other software applications running within our environment. We probably found another 10 to 20 applications running within our environment that we weren't aware of before.

All its information about malicious operations (MalOp) keeps me from having to go to multiple different sources to find it. That is definitely the truth. I can usually do whatever triage that I need to do from the Cybereason tool to know if something is malicious or not, then feel comfortable with that decision. There is not any guesswork. On a couple of occasions, I still had to go back to a particular computer to dig out additional logs that weren't there, but that is to be expected. It has come a long way. I am not seeing an alert, then having to go find other tools to find out more context to that alert, because the context of that alert is right there in the dashboard.

View full review »
Buyer's Guide
EDR (Endpoint Detection and Response)
March 2024
Find out what your peers are saying about Cybereason, CrowdStrike, SentinelOne and others in EDR (Endpoint Detection and Response). Updated: March 2024.
765,234 professionals have used our research since 2012.
MT
Senior Security Engineer at a financial services firm with 1,001-5,000 employees

Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations.

Cybereason helps us to mitigate and isolate on the fly. It's extremely important and mostly because the endpoint is our weakest link. It's what has access to our internal network in the external world. So it's the biggest target. 

We have used it to automate mitigation and isolation processes. The automation that we're doing is a little bit less featured than the product we had before, but there's a lot more you can do with automation than what you can do with a traditional endpoint.

It somewhat provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint in real-time. We have several open issues and bug reports with them that it doesn't always pull that data back. So when it works, it does pull a lot of the details, but some of the things like PowerShell Commands are still very limited with what you can see. It's extremely important to us. 

The solution enables us to adapt to attacks and act more swiftly than attackers can adjust their tactics, especially with EDR. We've been able to do a lot more scripting and automation for doing mitigation.

We use the solution's XDR features to extend detection and response capabilities across the broader IT ecosystem. We're basically covering most of our non-appliance infrastructure and some of our appliances. Even network appliances would fall into what we can cover with it.

View full review »
Abhinav Srivastava - PeerSpot reviewer
Senior Project Executive at Hitachi

What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it.

View full review »
DH
Information Security Analyst at a comms service provider with 51-200 employees

I have found their file search really useful as well as their investigation feature. Outside of the management console, their defenders platform is incredibly useful with great content for learning about their features and how the software operates.

Cybereason helps us to mitigate and isolate on the fly. If a malware has been identified, we get various options to mitigate, depending on what we believe is the best option for that specific malware type. We can quarantine the file or isolate the whole asset from being able to talk to the network. It helps us reach our goals of threat hunting as far as incident response goes, since timing is of the essence. It is very important for us to have that ability to do it with one click, and not have to reach out to the system owner before we can take action.

All the information that they have in the Cybereason XDR platform helps a lot. You can see all their dashboards, etc. Overall, I would rate it as 8.5 to 9 out of 10 for ease of use. It didn't take us too long to figure out their platform.

View full review »
TR
Information Security Manager at Cabot Financial (Marlin) Limited

The interface was seen to be more user-friendly compared to other
products I have used.

View full review »
PK
Technical Specialist Manager at a tech services company with 201-500 employees

The product's NGAV feature that can protect my endpoint from malware is the most valuable one for me.

View full review »
FP
Senior Project Manager at a transportation company with 10,001+ employees

I really like the features. It's quite different from any other solution. 

It's complex, but not in a bad way. I find it fascinating to explore all of the options they have on offer.

The solution is efficient.

The support is very responsive.

We're excited for the new features we'll be getting in version 20.1.

The user interface is very easy to understand and navigate.

The solution is great for tracking and tracing computers.

View full review »
it_user821649 - PeerSpot reviewer
Global IT Project Manager at a manufacturing company with 10,001+ employees

The most valuable feature is the EPP part.

View full review »
NL
Information Security Administrator at a insurance company with 1,001-5,000 employees

All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

View full review »
Ibrahim Karam - PeerSpot reviewer
Pre-Sales Consultant | Palo Alto Networks. at StarLink - Trusted Security Advisor

We like that it is a hybrid. It’s flexible. You can really do whatever you need to do.

The initial setup is not overly complicated.

The solution can scale.

It is stable and reliable.

View full review »
MB
Security Analyst at a manufacturing company with 1,001-5,000 employees

The most valuable feature is the antivirus and instant isolation of the PC to gather the malicious. We are updating the hash file and unknown hash file to block it. 

With Cybereason, we can never fail any business type because of the antivirus detection. That's one thing we can commend the product for. Also, it's subduing menial processes. Like when we are doing any manual job the first process was launched on the last year so it's still wanting to process any linked or not. It's got a really clear intel lifecycle.

It will detect anything that can be malicious, from build ups and videos to anything that can be viruses and some malware. Like communicating to the malicious websites. So such logs shows such clear cut review and what it shows like what are the hosting packets. Immediately we can pick up the computers in the network if any malicious operation that is triggered.

View full review »
TA
Systems Engineer at a tech services company with 11-50 employees

The dashboard is very good and you can consider it as an interactive UI.

View full review »
it_user186927 - PeerSpot reviewer
Director of Operations at a comms service provider with 10,001+ employees

Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment that resolves the provenance and impact of a risk and threat elevated by incoming logs

Anomaly detection - using a baseline and anomalies to surface and rank incoming logs and associated threat/risk - these tools are better able to 'separate the chaff from the wheat' and avoid alarm fatigue and false positives plaguing current log aggregate type of security solutions. Further these security analytics 'learn' in the background and with much more agility than current solutions which must have an explicit 'learning mode' for an extensive period of time as part of set up.

'Fuzzy Logic' rules - morphing the term to describe how these solutions are much more agile and relative in interpreting risk and threats than current generation correlation rules with rely on very discrete criteria to treat incoming logs priority. Very important as malware and cyber criminals are equally agile at morphing there attack vectors.

Shop floor to top floor - the UI and dashboards tend to move the querying and decision making and resulting assessments up to the executive suite (C level) as opposed to backrooms SIRT, InfoSec tool. Goes to response time and TRA.

Kill Chain - these solutions build a non linear attack 'genealogy' showing direct chain of custody of events leading to a data breach AND related events, users, end points involved passively or as middle men over time. This not only gives the provenance of breach but points to future weak spots in your surface area to proactively in advance of future attacks.

View full review »
DS
Security Specialist at a tech services company with 201-500 employees

I found the features of this console to be good. In the chain of actions, if I click on something, it will provide more options for other things. 

In addition, it gives all the information in a clear response. These functionalities are quite good and impressive.

View full review »
it_user1098648 - PeerSpot reviewer
Technical Consultant at Revel Tech Security Sdn Bhd

The sensors run within the endpoints, where it is lightweight and runs seamlessly in the background. It does not disrupt the work or activities of the end users, yet is able to detect almost any malicious activity running on the spot.

Adding to that, features like the canary files work like bait to any lateral movement case, where the threat actor is lured to "touch" those files. This, in turn, triggers the Malop engine, and immediately sends the alert to the SOC team to take action.

View full review »
it_user692280 - PeerSpot reviewer
Manager Projects at a tech services company with 10,001+ employees

Malop analysis and the detection part are the most valuable features.

View full review »
CL
Security Consultant at a computer software company with 10,001+ employees

The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running.

View full review »
Buyer's Guide
EDR (Endpoint Detection and Response)
March 2024
Find out what your peers are saying about Cybereason, CrowdStrike, SentinelOne and others in EDR (Endpoint Detection and Response). Updated: March 2024.
765,234 professionals have used our research since 2012.