Cybereason Endpoint Detection & Response Valuable Features

Information Security Administrator at a insurance company with 1,001-5,000 employees

All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

View full review »
FP
Senior Project Manager at a transportation company with 10,001+ employees

I really like the features. It's quite different from any other solution. 

It's complex, but not in a bad way. I find it fascinating to explore all of the options they have on offer.

The solution is efficient.

The support is very responsive.

We're excited for the new features we'll be getting in version 20.1.

The user interface is very easy to understand and navigate.

The solution is great for tracking and tracing computers.

View full review »
TG
Technical Consultant at Revel Tech Security Sdn Bhd

The sensors run within the endpoints, where it is lightweight and runs seamlessly in the background. It does not disrupt the work or activities of the end users, yet is able to detect almost any malicious activity running on the spot.

Adding to that, features like the canary files work like bait to any lateral movement case, where the threat actor is lured to "touch" those files. This, in turn, triggers the Malop engine, and immediately sends the alert to the SOC team to take action.

View full review »
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,307 professionals have used our research since 2012.
TA
Systems Engineer at a tech services company with 11-50 employees

The dashboard is very good and you can consider it as an interactive UI.

View full review »
AD
Global IT Project Manager at a manufacturing company with 10,001+ employees

The most valuable feature is the EPP part.

View full review »
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,307 professionals have used our research since 2012.