Cybereason Endpoint Detection & Response Reviews

My use case for this solution is multipronged. First of all, I use this solution to provide the traditional signature-based antivirus to all my endpoints on different operating systems. The second part is to get the additional protection from the behavioral learning and behavioral predictions.

Threat hunting is not something that we have done much of in the past. Therefore, Cybereason has enabled us to do threat hunting efficiently.

We shifted our traditional antivirus-type operations over to the Information Security Department from the PC and server tech area. We then built our operations around this shift.

Cybereason has given me visibility into some things I didn't know about.

They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen.

It is a very effective tool. I have a level of comfort in the way it is detecting and finding things at an early stage. Different tools find different things. When we installed this, we found different things going on that we didn't know about previously, some more nefarious than others. 

The biggest feature is the fact that I have one product that works across all my different operating systems. It works across a lot of different endpoint operating systems, e.g., Windows, macOS, iOS, Android, and Linux. I chose the solution because it covers the entire realm of all of my devices on a single endpoint agent, then back to one console. This prevents me from having to manage multiple products for multiple operating systems. I did not have these capabilities on anything other than Windows and Linux previously. XDR has expanded my capabilities into all my other endpoints, e.g., mobile OSs, beyond Windows and Linux.

Cybereason provides a ton of detail. Not only do we see that something malicious may have been executed on a machine, but we also see everything else that is executed on that machine, which may or may not be involved. Therefore, it has given us a ton more information and context around an event, rather than saying, "Oh, we spotted this suspicious file." Instead, it gives me the context around it, telling me how it was executed, where it was executed from, and why it might be malicious. So, it has changed the way we function.

In the past, we looked at it, and said, "That looks malicious (or not). Check the box and move on." With Cybereason products, we have much more detail behind it so we can make more informed decisions on whether an action is malicious. An added benefit is that it has also helped us discover a lot of other software applications running within our environment. We probably found another 10 to 20 applications running within our environment that we weren't aware of before.

All its information about malicious operations (MalOp) keeps me from having to go to multiple different sources to find it. That is definitely the truth. I can usually do whatever triage that I need to do from the Cybereason tool to know if something is malicious or not, then feel comfortable with that decision. There is not any guesswork. On a couple of occasions, I still had to go back to a particular computer to dig out additional logs that weren't there, but that is to be expected. It has come a long way. I am not seeing an alert, then having to go find other tools to find out more context to that alert, because the context of that alert is right there in the dashboard.

The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it.

While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together.

It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made.

It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.

We have been using Cybereason for less than a year.

They have an awesome technical product. They are still catching up on the customer side, but they are working hard at it. I have seen a lot of improvements already.

I have just under 1,000 endpoints and have seen no issues whatsoever with scalability. It should have no problem going further.

I have been working with the product team a lot and giving them a lot of unsolicited feedback.

I would rate the support as seven out of 10.

Neutral

We had an antivirus or next-gen antivirus product before that was mostly managed by the vendor. We saw alerts, but really nothing else. We couldn't dig very far into those alerts, etc.

Cybereason has given me more coverage across more operating systems than what I have had in the past; I have more visibility now into a lot more areas. Before, I was seeing about half of my network. Now, I feel like I am seeing nearly all the devices. This was a huge thing for me when it came to changing our operations.

The initial setup was pretty straightforward. Deployment took two or three months. 

We started with a few machines in monitor-only mode to see what kind of noise we had. Then, we expanded the number of machines and continued monitoring. Once we had everything in monitoring mode, we were then able to start turning on some of the blocking and automated actions. 

We used our in-house team.

It is helpful with a small security team because it puts everything into a single pane of glass. Being able to see everything in a MalOp-centric form shows you how many machines and users are affected right away. It definitely helps a small team be able to dive right in and figure out how widespread a problem is, or if it is a problem.

I had to go through a third-party to purchase it, which I wasn't really pleased about.

We can mitigate and isolate on the fly. Anytime there is an alert, it gives me the option to block the threat, quarantine the threat, or isolate a device. It is very important to have these different levels. We have seen other products that only isolate the device. This is sometimes a bit of an overkill, since it usually interrupts the end user's day more than necessary. Having multiple options to:

1. Block the process
2. Quarantine a file.
3. Isolate the device. 

That gives me a bit more granularity on my response rather than just isolating or blocking.

At the blocking level, we have used some automated migration and isolation processes. However, we are still very cautious. With everything that we do, we start out in monitor-only mode so it warns us first. We see what our baseline is and track those things down, then we turn on the automatic mitigations. So, we have it in some areas, but not in all areas.

We are using just about all the pieces that we currently have of this solution. For the pieces that we are not using, those are some of the new XDR features that came out which have some plugins from a Google SIEM and some of the Azure plugins. We don't have those yet and may look at those in the future. For some of those areas, I have coverage in another product so I am not in a hurry to do that.

Overall, I would rate Cybereason as seven out of 10.

It's an endpoint in EDR, so our primary use case is for threat detection and remediation for Linux, Windows, and Mac.

The best example of how it has helped is that we can do searches via the API. And so we have our automation tool do a lot of searches automatically based on alerts so that when the SOC analyst goes to review, they have a lot of the information already pulled for them.

It leverages indicators of behavior as a means of detecting attacks. It's very good at detection. It's not so great at prevention. They're a very detection-focused company. So that may or may not work in your environment depending on if you're a prevention-based organization or detection-based.

The leveraging of indicators of behavior helps remediate against attacks faster. One of the things we can do is if we have a process or a hash or something that we know is bad, it's very quick to search for it across the environment. And then we can either have Cybereason yank the file off, quarantine it, or whatever we think we need to do based on the severity of the issue.

Cybereason is helpful to organizations with a small security team. With a single portal to manage and with it being a cloud portal, it really reduces the amount of overhead versus having a traditional on-prem solution.

Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations.

Cybereason helps us to mitigate and isolate on the fly. It's extremely important and mostly because the endpoint is our weakest link. It's what has access to our internal network in the external world. So it's the biggest target. 

We have used it to automate mitigation and isolation processes. The automation that we're doing is a little bit less featured than the product we had before, but there's a lot more you can do with automation than what you can do with a traditional endpoint.

It somewhat provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint in real-time. We have several open issues and bug reports with them that it doesn't always pull that data back. So when it works, it does pull a lot of the details, but some of the things like PowerShell Commands are still very limited with what you can see. It's extremely important to us. 

The solution enables us to adapt to attacks and act more swiftly than attackers can adjust their tactics, especially with EDR. We've been able to do a lot more scripting and automation for doing mitigation.

We use the solution's XDR features to extend detection and response capabilities across the broader IT ecosystem. We're basically covering most of our non-appliance infrastructure and some of our appliances. Even network appliances would fall into what we can cover with it.

The dashboards are very minimal. They have some flashy options but there's nothing that we've found that's actually valuable that's in the dashboard. It's very easy to use, but if you have experienced SOC members there's no real query language. So it slows them down to have to click the button a million times, but for new SOC members, it's very easy to pick up because there's no query language.

Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts.

It doesn't always pull data, there'll be times when it can't pull a process or things like that. We brought this up to Cybereason. We have an RFP for it but we have a lot of RFPs and we maybe only had a couple that have been completed.

The high CPU and memory usage are the two main points that need improvement. That's been pretty big. It's caused us a couple of outages. If they had more automation, like policy management via the API, that would be nice because whitelisting path exceptions, things like that, do take a good amount of time because that's done manually per policy instead of being automated. And we're very automation-focused. 

I have been using Cybereason for almost a year. 

Stability can definitely be improved for a cloud service. You expect a certain amount of uptime and you expect when they're doing upgrades on the system, that it's going to be transparent to the end-users. But with their current configuration, if they do an upgrade on our servers, we have seven hours of down time.

It's very scalable. We've been able to roll out. When we went global to a very big chunk and it was very easy to do.

In our office, we have around 25,000 users. When we went global, we gained about 100,000 and then we just went private again a couple of weeks ago. So we're back down to 25,000. We've maxed out at a hundred and we're consistent in around 25.

Around 30 people on the security engineering, the SOC, threat hunting, and incident response teams use it. 

The support people are very helpful, but a lot of the issues end up having to go back to engineering or their support teams. Then once that happens, it takes a long time and it can often take a long time to get to the point where they can even open a ticket with engineering.

The last bug that we reported, it was probably about six weeks before they were able to open the ticket with the engineering team.

We previously used CrowdStrike. We switched because of the cost. We ended up doing more of a global licensing, which added something like 100,000 endpoints for our global contract, so the little bit of price difference ended up becoming quite large.

The initial setup was straightforward. You just install the client and as long as it has internet access, you're pretty much already working at that point, and then it's just fine-tuning your policies or your groupings after that.

We had the majority of our assets done, probably 20,000 in a month for our office. So it was very quick.

We have an automation tool that we use for patching and installing software, and we just did a phased approach of rolling it out to end clients and servers.

It's really good at finding adware, so we have been able to get our environment cleaned up by removing adware and other software like that. That's probably been the biggest value we've seen so far.

Make sure that the product actually meets what you need. We are finding some of the features that brought the price down because it was included like the firewall control, which was a big need of ours and most other vendors tack on a hefty charge for firewall control, that actually isn't full firewall control and it's not the functionality that we needed.

So if we had known that at the beginning, maybe we would've looked a little further because we were thinking that was the biggest cost savings and it's not been as functional as we were hoping.

There are no additional costs to standard licensing. The one nice thing is where a lot of other vendors will nickel and dime you with the features, with Cybereason you pretty much get everything.

My advice would be to make sure that your company's goals align. If you're a detect-focused organization you'll probably be very happy with it. If you're a prevent-based organization, I don't think it's going to fill that niche.

If you have a smaller team, look at what it takes to manage the policies, because depending on your workflows, how you need to patch, or how you need to group things, it may not work for your workflows.

I would rate Cybereason a six out of ten. 

Some of our users are in threat hunting. We use it to protect a really diverse environment, including Macs, Windows, Linux, Android, and iOS. So, our primary use for it is endpoint protection. We are protecting around 1,200 endpoints.

We have some automatic prevention, where you can just set it to how confident you are in the product based on how many false positives you are getting, etc. At this point, I think we are getting a little more comfortable with doing automatic prevention since we don't see a lot of false positives anymore. Now, I don't have to chase every single malware that shows up on a user's machine. We are only worried about those that are proactively trying to move around. So, it really lets us focus on the more important things when some automation is involved.

Visibility is such a big thing for us, which we didn't have previously. One of the greatest additions to our environment is having that visibility for the processes running across our network.

Cybereason is helpful to organizations who have a small security team, especially if you have the SOC behind you doing their analysis as well. It is tremendously helpful to have top-notch security advisors help you identify threats in your environment.

I have found their file search really useful as well as their investigation feature. Outside of the management console, their defenders platform is incredibly useful with great content for learning about their features and how the software operates.

Cybereason helps us to mitigate and isolate on the fly. If a malware has been identified, we get various options to mitigate, depending on what we believe is the best option for that specific malware type. We can quarantine the file or isolate the whole asset from being able to talk to the network. It helps us reach our goals of threat hunting as far as incident response goes, since timing is of the essence. It is very important for us to have that ability to do it with one click, and not have to reach out to the system owner before we can take action.

All the information that they have in the Cybereason XDR platform helps a lot. You can see all their dashboards, etc. Overall, I would rate it as 8.5 to 9 out of 10 for ease of use. It didn't take us too long to figure out their platform.

Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business.

We started using it around September 2021.

So far, I would give them 10 out of 10 on stability.

For scalability, I would give them 9 out of 10. It is fairly easy to scale once you get going and are comfortable with it. It was our ability to get comfortable from not knowing how well it would interact with all our different operating systems.

Currently, there are only two individuals who are in it day-to-day. We have given access to our system administrators, but they don't really work with it much unless there are issues going on with the machines that they administer. So, they are not in the solution very often.

In the security arena, I would give them 9 out of 10. We had a small hiccup at the beginning of our onboarding as well as figuring out how the SOC worked. That is the only reason why the beginning was a little bit rough, but I currently can say that they are great and very responsive. 

As far as technical support goes, I would probably rate it as 8 out of 10 at the moment because of how long it is taking to resolve the very few issues that we have.

Positive

We were previously using Microsoft Defender.

We switched to Cybereason for its visibility and logs. Cybereason allows us to integrate a lot better with our SIEM solution. We can do threat hunting from one dashboard. It is a lot more manageable and flexible with a more in-depth view of our environment. It also has compatibility with multiple operating systems.

The initial deployment was very straightforward for Windows, Linux, and Mac. On the mobile side, the deployment has still been very slow. I think their VPN has some compatibility issues with Android or specific versions of Android.

On Windows machines, the deployment took around two and a half months. Part of it was very much due to us wanting to dip our toes first and not go full speed, because we didn't know how our machines were going to react or its compatibility with the system. It was a very wide deployment to various different systems. We were mostly worried about our servers. 

It has done very well with our servers. We haven't really seen many negatively affected assets.

We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold. As security analysts, when you have more information to digest, it will take a bit of time before we decrease the amount of time spent on some systems where we didn't have visibility before. 

It has reduced the amount of time that we spend responding to threats by at least 50%.

If you are a very small security team or have no security team, then I would choose Cybereason for the level of expertise from their SOC and security support team. Also, the product is very easy to manage. Overall, the number of false positives that a system administrator has to deal with is lower, which is better, because you don't have to spend time on it. Instead, you can spend time doing other things, like setting up new infrastructure.

I haven't really had many experiences with other vendors, but I would rate them as 9 out of 10. It goes back to those first issues that we had at the beginning. However, they have stepped up and really have proved that they are a great product.

We use Cybereason for endpoint detection, response, and protection.

All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.

Their endpoint protection piece for device management and storage device protection could use maturation. 

I started using Cybereason EDR shortly over a year now. It was March of 2020.

The performance was better than the endpoint detection response of our previous solution. We've actually had comments from end-users once we deployed Cybereason, and we noticed the outgoing solution that their computers have increased in speed.

Scalability is endless, especially in a SaaS deployment. We scaled from zero to 2,900 in three weeks, and we saw no degradation in threat hunting query performance within the platform or any ill effects on the platform itself.

It does require maintenance for deploying upgraded sensors and for tweaking policies as new features come out. I don't think that would be maintenance. Upgrading endpoint sensors on mission critical device I recommend a maintenance window just to follow industry best practices, however all other devices can be completed during normal business hours.

Their technical support is very competent. They know the product inside and out and they try to understand the business's needs before any solution is provided.

Symantec was our previous provider. It was through tabletop exercises that we found that it just wasn't triggering alerts that it should have been, so it led us to review other products.

The setup was completely fast-paced and extremely straightforward. 

We were under a somewhat constrained timeline for rollout. It usually takes us six to eight weeks to roll something of this magnitude out to the organization, but having the pandemic upon us, we actually got it fully deployed in under three weeks. That's how easy it was to roll out and deploy.

The deployment was done all internally. It was a little bit more than just our security team. It was help from our tier-one support analyst as well, but we got it rolled out with a handful of people. Six people were involved in the project in deploying over 2,900 sensors.

We are currently looking at their mobile device management solution or their protection solution to expand usage.

We will see a positive ROI, I believe, in the next 12 to 24 months.

It's not the cheapest, but it's the best.

There are no additional costs to standard licensing. 

My advice would be: Don't hesitate. Pull the trigger and you won't be disappointed.

It's always watching the house. No matter what you throw at it, it will detect anything you give it. It detects anomalies within the environment.

I would rate it an 9.5 out of 10. 

It detects and flags malware and other attacks. We also have MDR services completely managed by Cybereason. They look into any threats, give recommendations, and analyze what's happening in our system.

The program has taught us a lot, so our team has become more knowledgeable about what's happening in our environment and what is or isn't a threat with the solutions and the services provided to us. There's also an excellent learning process with the EDR wherein they encourage the users to learn what's happening to, I think, be more confident when mitigating any threats or any problems in the environment. Before we had the solution, we were largely unaware of what was happening. Now we are more confident and better grasp what's happening in our environment.

Cybereason EDR helps us isolate and mitigate on the fly, which is essential because we're a small team, and we don't always have a spare IT person waiting to work. We need our team to be proactive in those situations.

Cybereason's operation-centric approach has helped us move beyond chasing multiple alerts and visualize the entire timeline of malicious operations. We can see when they started when they were detected, and if there's any lateral movement. It uses behavior indicators to detect attacks which is an innovative approach. I believe the indicators help remediate attacks quickly, but then again, we have the complete monitoring solution, so they're the ones doing the remediation and sending us recommendations.

It has cut down on the time we spend hunting and responding to threats, which has increased our efficiency because we spend less time thinking about it or managing the system. Cybereason is helpful to us as a small team because we don't necessarily need a dedicated person to analyze threats. Cybereason's monitoring service takes care of that. If there's a threat, we don't need to investigate to see if it's a false positive,

Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment.

I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly.

Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.

I've been using Cybereason EDR since June, so about half a year.

Cybereason is stable. We haven't had any hiccups or outages so far. 

I think Cybereason is highly scalable. If we added doubled, tripled, or quadrupled our team size, we could easily continue operations as normal with this solution. It's currently on all the endpoints, but we might increase our usage if we get more language training clients.

Cybereason support has been great. 

We used BitDefender previously, but we decided to switch to Cybereason because it offers some new technology like AI. The company is growing and it looks promising. 

Setting up Cybereason was straightforward. However, if you don't have an IT team that can program the exceptions you need or run the automatic installation,  it might take some time to figure out how it all works. Cybereason offered us some support during deployment. They have a forum, and if we had any questions, Cybereas support could offer customized solutions or guide us through the process. 

The deployment didn't take too long because we didn't have many endpoints. It was maybe a couple of days. We can automatically deploy the sensors on our new machines, so it's quick and easy to expand. The policies are set automatically when we onboard employees and the sensors run pretty smoothly.

Cybereason is affordable.

We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money.

I rate Cybereason EDR 10 out of 10. I recommend it because it's much better than anything else out there. 

We faced a few imminent threats, so we used Cybereason Endpoint Detection & Response. Last year, we had Apache due to SB vulnerability, then we also had a few ransomware attacks, so it was quite helpful for us to have a tool such as Cybereason Endpoint Detection & Response in place because the attacks weren't able to get through. We also have another tool which sends out the logs from our firewall on the antivirus on our server, and those logs are stored on a particular Splunk server, so that's an additional security that we have.

What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it.

What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on.

We've been using Cybereason Endpoint Detection & Response for three years now. The product also provides ransomware protection. We have other solutions, for example, for EDR and XDR, we use Cybereason Endpoint Detection & Response, and for endpoint protection, we use Kaspersky and Symantec.

Cybereason Endpoint Detection & Response has good stability.

Cybereason Endpoint Detection & Response is a scalable solution, as we can add additional licenses to it without any issues.

The technical support for Cybereason Endpoint Detection & Response is okay. We have some open cases, and the support is okay.

We manually set up Cybereason Endpoint Detection & Response. We also have a deployment tool, so it depends on the situation. Sometimes we can do it via automation, and sometimes we have to involve the local agent. As for how long it took, for automation, it would still depend on the size of the company, for example, if one site has a hundred and ten, it would take one week. For manual deployment, it would require three manpower. For our company, deployment took one month.

I'm aware of the licensing costs for Cybereason Endpoint Detection & Response, but I'm not comfortable sharing the information as that's confidential.

My company has around five hundred to six hundred users of Cybereason Endpoint Detection & Response. Four technicians handle the solution, in terms of deployment and maintenance.

I can recommend the solution to others who may want to start using it, particularly if I have references. My company recommended it to two or three companies that now use Cybereason Endpoint Detection & Response.

I would rate Cybereason Endpoint Detection & Response eight out of ten.

The use cases vary. A lot of it depends on customer requirements and the customer environment. It’s tricky to pin down universal use cases.

We like that it is a hybrid. It’s flexible. You can really do whatever you need to do.

The initial setup is not overly complicated.

The solution can scale.

It is stable and reliable.

They need to improve their technical support services.

I’ve been using the solution for about one year.

The solution has been very stable. There are no bugs or glitches, and it doesn’t crash or freeze. It’s reliable. The performance has been good overall.

It is possible to scale the solution. If your company needs to expand, it can do so. It’s not an issue.

Technical support could be better. We’d like to see them be more helpful and responsive in the future.

It’s easier to set up that Cybereason Connect. It’s pretty straightforward. It didn’t take too long to deploy.

I don’t have any insights into the pricing of the product. I don’t handle the licensing aspect of the solution.

I would recommend the solution to other users and organizations. For the most part, we have been pleased with its capabilities.

In general, I would rate the solution eight out of ten.

The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running.

One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.

I have been using this solution for about seven months.

Technical support varies on a case-by-case basis, but sometimes it takes a lot of time for them to come back to us with a solution. I would like to see better support in the future.

I previously used Trend Micro's antivirus solution.

The initial setup was easy.

I used an in-house EDR team to implement this product.

I would advise trying to cut down on false positives as these can create a lot of issues between teams. I would rate this product as 7.5 out of 10.