Cybereason Endpoint Detection & Response Reviews

We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automatically protect against some threats. This is done across more than 250 sites around the world with many endpoints, multiple thousands of endpoints, all aimed at improving detection.

What I find most valuable is the clarity of the platform. It is very straightforward. There are not a lot of buttons, yet I find my way very easily to the different modules. It is clear and easy to use. I can create groups of endpoints and define policies with multiple modules to activate or deactivate based on needs. I added a good point about the ease of using the solution and the clarity of the platform in general. It is a very clear platform with a clear dashboard and a lightweight agent that does not cause any performance issues typically. I have all the information needed to work and a very rich API. I can integrate a lot if I want to use Python scripts to automate tasks, which can be done via the API.

We use Cybereason Endpoint Detection & Response to scan and detect unusual processes and malicious files on the endpoint.

The product's threat-hunting feature is very intuitive and easy to use as it is GUI-based. We need to know the specific fields we want to scan. It gives the entire report of the activities on the machine right from the first process to the last process.

My use case for this solution is multipronged. First of all, I use this solution to provide the traditional signature-based antivirus to all my endpoints on different operating systems. The second part is to get the additional protection from the behavioral learning and behavioral predictions.

Threat hunting is not something that we have done much of in the past. Therefore, Cybereason has enabled us to do threat hunting efficiently.

We shifted our traditional antivirus-type operations over to the Information Security Department from the PC and server tech area. We then built our operations around this shift.

Cybereason has given me visibility into some things I didn't know about.

They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen.

It is a very effective tool. I have a level of comfort in the way it is detecting and finding things at an early stage. Different tools find different things. When we installed this, we found different things going on that we didn't know about previously, some more nefarious than others. 

It's an endpoint in EDR, so our primary use case is for threat detection and remediation for Linux, Windows, and Mac.

The best example of how it has helped is that we can do searches via the API. And so we have our automation tool do a lot of searches automatically based on alerts so that when the SOC analyst goes to review, they have a lot of the information already pulled for them.

It leverages indicators of behavior as a means of detecting attacks. It's very good at detection. It's not so great at prevention. They're a very detection-focused company. So that may or may not work in your environment depending on if you're a prevention-based organization or detection-based.

The leveraging of indicators of behavior helps remediate against attacks faster. One of the things we can do is if we have a process or a hash or something that we know is bad, it's very quick to search for it across the environment. And then we can either have Cybereason yank the file off, quarantine it, or whatever we think we need to do based on the severity of the issue.

Cybereason is helpful to organizations with a small security team. With a single portal to manage and with it being a cloud portal, it really reduces the amount of overhead versus having a traditional on-prem solution.

It detects and flags malware and other attacks. We also have MDR services completely managed by Cybereason. They look into any threats, give recommendations, and analyze what's happening in our system.

The program has taught us a lot, so our team has become more knowledgeable about what's happening in our environment and what is or isn't a threat with the solutions and the services provided to us. There's also an excellent learning process with the EDR wherein they encourage the users to learn what's happening to, I think, be more confident when mitigating any threats or any problems in the environment. Before we had the solution, we were largely unaware of what was happening. Now we are more confident and better grasp what's happening in our environment.

Cybereason EDR helps us isolate and mitigate on the fly, which is essential because we're a small team, and we don't always have a spare IT person waiting to work. We need our team to be proactive in those situations.

Cybereason's operation-centric approach has helped us move beyond chasing multiple alerts and visualize the entire timeline of malicious operations. We can see when they started when they were detected, and if there's any lateral movement. It uses behavior indicators to detect attacks which is an innovative approach. I believe the indicators help remediate attacks quickly, but then again, we have the complete monitoring solution, so they're the ones doing the remediation and sending us recommendations.

It has cut down on the time we spend hunting and responding to threats, which has increased our efficiency because we spend less time thinking about it or managing the system. Cybereason is helpful to us as a small team because we don't necessarily need a dedicated person to analyze threats. Cybereason's monitoring service takes care of that. If there's a threat, we don't need to investigate to see if it's a false positive,

The interface was seen to be more user-friendly compared to other
products I have used.

We had a number of issues tuning the clients. When first installed on a
number of servers, we observed high CPU utilization.

We faced a few imminent threats, so we used Cybereason Endpoint Detection & Response. Last year, we had Apache due to SB vulnerability, then we also had a few ransomware attacks, so it was quite helpful for us to have a tool such as Cybereason Endpoint Detection & Response in place because the attacks weren't able to get through. We also have another tool which sends out the logs from our firewall on the antivirus on our server, and those logs are stored on a particular Splunk server, so that's an additional security that we have.

What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it.

Some of our users are in threat hunting. We use it to protect a really diverse environment, including Macs, Windows, Linux, Android, and iOS. So, our primary use for it is endpoint protection. We are protecting around 1,200 endpoints.

We have some automatic prevention, where you can just set it to how confident you are in the product based on how many false positives you are getting, etc. At this point, I think we are getting a little more comfortable with doing automatic prevention since we don't see a lot of false positives anymore. Now, I don't have to chase every single malware that shows up on a user's machine. We are only worried about those that are proactively trying to move around. So, it really lets us focus on the more important things when some automation is involved.

Visibility is such a big thing for us, which we didn't have previously. One of the greatest additions to our environment is having that visibility for the processes running across our network.

Cybereason is helpful to organizations who have a small security team, especially if you have the SOC behind you doing their analysis as well. It is tremendously helpful to have top-notch security advisors help you identify threats in your environment.