IT Central Station is now PeerSpot: Here's why

Cybereason Endpoint Detection & Response OverviewUNIXBusinessApplication

Cybereason Endpoint Detection & Response is #10 ranked solution in EDR tools and #19 ranked solution in endpoint security software. PeerSpot users give Cybereason Endpoint Detection & Response an average rating of 8 out of 10. Cybereason Endpoint Detection & Response is most commonly compared to CrowdStrike Falcon: Cybereason Endpoint Detection & Response vs CrowdStrike Falcon. Cybereason Endpoint Detection & Response is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 29% of all views.
Cybereason Endpoint Detection & Response Buyer's Guide

Download the Cybereason Endpoint Detection & Response Buyer's Guide including reviews and more. Updated: June 2022

What is Cybereason Endpoint Detection & Response?

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

Cybereason Endpoint Detection & Response was previously known as Cybereason EDR, Cybereason Deep Detect & Respond.

Cybereason Endpoint Detection & Response Customers

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Cybereason Endpoint Detection & Response Pricing Advice

What users are saying about Cybereason Endpoint Detection & Response pricing:
  • "I had to go through a third-party to purchase it, which I wasn't really pleased about."
  • "We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."
  • "This product is somewhat expensive and should be cheaper."
  • Cybereason Endpoint Detection & Response Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Chad Kliewer - PeerSpot reviewer
    Information Security Officer at PTCI
    Real User
    Top 20
    We can make more informed decisions on whether an action is malicious
    Pros and Cons
    • "They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."
    • "While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."

    What is our primary use case?

    My use case for this solution is multipronged. First of all, I use this solution to provide the traditional signature-based antivirus to all my endpoints on different operating systems. The second part is to get the additional protection from the behavioral learning and behavioral predictions. Threat hunting is not something that we have done much of in the past. Therefore, Cybereason has enabled us to do threat hunting efficiently.

    How has it helped my organization?

    We shifted our traditional antivirus-type operations over to the Information Security Department from the PC and server tech area. We then built our operations around this shift. Cybereason has given me visibility into some things I didn't know about. They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen. It is a very effective tool. I have a level of comfort in the way it is detecting and finding things at an early stage. Different tools find different things. When we installed this, we found different things going on that we didn't know about previously, some more nefarious than others. 

    What is most valuable?

    The biggest feature is the fact that I have one product that works across all my different operating systems. It works across a lot of different endpoint operating systems, e.g., Windows, macOS, iOS, Android, and Linux. I chose the solution because it covers the entire realm of all of my devices on a single endpoint agent, then back to one console. This prevents me from having to manage multiple products for multiple operating systems. I did not have these capabilities on anything other than Windows and Linux previously. XDR has expanded my capabilities into all my other endpoints, e.g., mobile OSs, beyond Windows and Linux. Cybereason provides a ton of detail. Not only do we see that something malicious may have been executed on a machine, but we also see everything else that is executed on that machine, which may or may not be involved. Therefore, it has given us a ton more information and context around an event, rather than saying, "Oh, we spotted this suspicious file." Instead, it gives me the context around it, telling me how it was executed, where it was executed from, and why it might be malicious. So, it has changed the way we function. In the past, we looked at it, and said, "That looks malicious (or not). Check the box and move on." With Cybereason products, we have much more detail behind it so we can make more informed decisions on whether an action is malicious. An added benefit is that it has also helped us discover a lot of other software applications running within our environment. We probably found another 10 to 20 applications running within our environment that we weren't aware of before. All its information about malicious operations (MalOp) keeps me from having to go to multiple different sources to find it. That is definitely the truth. I can usually do whatever triage that I need to do from the Cybereason tool to know if something is malicious or not, then feel comfortable with that decision. There is not any guesswork. On a couple of occasions, I still had to go back to a particular computer to dig out additional logs that weren't there, but that is to be expected. It has come a long way. I am not seeing an alert, then having to go find other tools to find out more context to that alert, because the context of that alert is right there in the dashboard.

    What needs improvement?

    The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it. While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together. It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made. It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.
    Buyer's Guide
    Cybereason Endpoint Detection & Response
    June 2022
    Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    607,127 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been using Cybereason for less than a year.

    What do I think about the stability of the solution?

    They have an awesome technical product. They are still catching up on the customer side, but they are working hard at it. I have seen a lot of improvements already.

    What do I think about the scalability of the solution?

    I have just under 1,000 endpoints and have seen no issues whatsoever with scalability. It should have no problem going further.

    How are customer service and support?

    I have been working with the product team a lot and giving them a lot of unsolicited feedback. I would rate the support as seven out of 10.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We had an antivirus or next-gen antivirus product before that was mostly managed by the vendor. We saw alerts, but really nothing else. We couldn't dig very far into those alerts, etc. Cybereason has given me more coverage across more operating systems than what I have had in the past; I have more visibility now into a lot more areas. Before, I was seeing about half of my network. Now, I feel like I am seeing nearly all the devices. This was a huge thing for me when it came to changing our operations.

    How was the initial setup?

    The initial setup was pretty straightforward. Deployment took two or three months.  We started with a few machines in monitor-only mode to see what kind of noise we had. Then, we expanded the number of machines and continued monitoring. Once we had everything in monitoring mode, we were then able to start turning on some of the blocking and automated actions. 

    What about the implementation team?

    We used our in-house team.

    What was our ROI?

    It is helpful with a small security team because it puts everything into a single pane of glass. Being able to see everything in a MalOp-centric form shows you how many machines and users are affected right away. It definitely helps a small team be able to dive right in and figure out how widespread a problem is, or if it is a problem.

    What's my experience with pricing, setup cost, and licensing?

    I had to go through a third-party to purchase it, which I wasn't really pleased about.

    Which other solutions did I evaluate?

    We can mitigate and isolate on the fly. Anytime there is an alert, it gives me the option to block the threat, quarantine the threat, or isolate a device. It is very important to have these different levels. We have seen other products that only isolate the device. This is sometimes a bit of an overkill, since it usually interrupts the end user's day more than necessary. Having multiple options to: Block the process Quarantine a file. Isolate the device.  That gives me a bit more granularity on my response rather than just isolating or blocking.

    What other advice do I have?

    At the blocking level, we have used some automated migration and isolation processes. However, we are still very cautious. With everything that we do, we start out in monitor-only mode so it warns us first. We see what our baseline is and track those things down, then we turn on the automatic mitigations. So, we have it in some areas, but not in all areas. We are using just about all the pieces that we currently have of this solution. For the pieces that we are not using, those are some of the new XDR features that came out which have some plugins from a Google SIEM and some of the Azure plugins. We don't have those yet and may look at those in the future. For some of those areas, I have coverage in another product so I am not in a hurry to do that. Overall, I would rate Cybereason as seven out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Senior Security Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    Top 20
    Helps us to mitigate and isolate on the fly but has increased false positives
    Pros and Cons
    • "Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."
    • "Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."

    What is our primary use case?

    It's an endpoint in EDR, so our primary use case is for threat detection and remediation for Linux, Windows, and Mac.

    How has it helped my organization?

    The best example of how it has helped is that we can do searches via the API. And so we have our automation tool do a lot of searches automatically based on alerts so that when the SOC analyst goes to review, they have a lot of the information already pulled for them.

    It leverages indicators of behavior as a means of detecting attacks. It's very good at detection. It's not so great at prevention. They're a very detection-focused company. So that may or may not work in your environment depending on if you're a prevention-based organization or detection-based.

    The leveraging of indicators of behavior helps remediate against attacks faster. One of the things we can do is if we have a process or a hash or something that we know is bad, it's very quick to search for it across the environment. And then we can either have Cybereason yank the file off, quarantine it, or whatever we think we need to do based on the severity of the issue.

    Cybereason is helpful to organizations with a small security team. With a single portal to manage and with it being a cloud portal, it really reduces the amount of overhead versus having a traditional on-prem solution.

    What is most valuable?

    Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations.

    Cybereason helps us to mitigate and isolate on the fly. It's extremely important and mostly because the endpoint is our weakest link. It's what has access to our internal network in the external world. So it's the biggest target. 

    We have used it to automate mitigation and isolation processes. The automation that we're doing is a little bit less featured than the product we had before, but there's a lot more you can do with automation than what you can do with a traditional endpoint.

    It somewhat provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint in real-time. We have several open issues and bug reports with them that it doesn't always pull that data back. So when it works, it does pull a lot of the details, but some of the things like PowerShell Commands are still very limited with what you can see. It's extremely important to us. 

    The solution enables us to adapt to attacks and act more swiftly than attackers can adjust their tactics, especially with EDR. We've been able to do a lot more scripting and automation for doing mitigation.

    We use the solution's XDR features to extend detection and response capabilities across the broader IT ecosystem. We're basically covering most of our non-appliance infrastructure and some of our appliances. Even network appliances would fall into what we can cover with it.

    What needs improvement?

    The dashboards are very minimal. They have some flashy options but there's nothing that we've found that's actually valuable that's in the dashboard. It's very easy to use, but if you have experienced SOC members there's no real query language. So it slows them down to have to click the button a million times, but for new SOC members, it's very easy to pick up because there's no query language.

    Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts.

    It doesn't always pull data, there'll be times when it can't pull a process or things like that. We brought this up to Cybereason. We have an RFP for it but we have a lot of RFPs and we maybe only had a couple that have been completed.

    The high CPU and memory usage are the two main points that need improvement. That's been pretty big. It's caused us a couple of outages. If they had more automation, like policy management via the API, that would be nice because whitelisting path exceptions, things like that, do take a good amount of time because that's done manually per policy instead of being automated. And we're very automation-focused. 

    For how long have I used the solution?

    I have been using Cybereason for almost a year. 

    What do I think about the stability of the solution?

    Stability can definitely be improved for a cloud service. You expect a certain amount of uptime and you expect when they're doing upgrades on the system, that it's going to be transparent to the end-users. But with their current configuration, if they do an upgrade on our servers, we have seven hours of down time.

    What do I think about the scalability of the solution?

    It's very scalable. We've been able to roll out. When we went global to a very big chunk and it was very easy to do.

    In our office, we have around 25,000 users. When we went global, we gained about 100,000 and then we just went private again a couple of weeks ago. So we're back down to 25,000. We've maxed out at a hundred and we're consistent in around 25.

    Around 30 people on the security engineering, the SOC, threat hunting, and incident response teams use it. 

    How are customer service and support?

    The support people are very helpful, but a lot of the issues end up having to go back to engineering or their support teams. Then once that happens, it takes a long time and it can often take a long time to get to the point where they can even open a ticket with engineering.

    The last bug that we reported, it was probably about six weeks before they were able to open the ticket with the engineering team.

    Which solution did I use previously and why did I switch?

    We previously used CrowdStrike. We switched because of the cost. We ended up doing more of a global licensing, which added something like 100,000 endpoints for our global contract, so the little bit of price difference ended up becoming quite large.

    How was the initial setup?

    The initial setup was straightforward. You just install the client and as long as it has internet access, you're pretty much already working at that point, and then it's just fine-tuning your policies or your groupings after that.

    We had the majority of our assets done, probably 20,000 in a month for our office. So it was very quick.

    We have an automation tool that we use for patching and installing software, and we just did a phased approach of rolling it out to end clients and servers.

    What was our ROI?

    It's really good at finding adware, so we have been able to get our environment cleaned up by removing adware and other software like that. That's probably been the biggest value we've seen so far.

    What's my experience with pricing, setup cost, and licensing?

    Make sure that the product actually meets what you need. We are finding some of the features that brought the price down because it was included like the firewall control, which was a big need of ours and most other vendors tack on a hefty charge for firewall control, that actually isn't full firewall control and it's not the functionality that we needed.

    So if we had known that at the beginning, maybe we would've looked a little further because we were thinking that was the biggest cost savings and it's not been as functional as we were hoping.

    There are no additional costs to standard licensing. The one nice thing is where a lot of other vendors will nickel and dime you with the features, with Cybereason you pretty much get everything.

    What other advice do I have?

    My advice would be to make sure that your company's goals align. If you're a detect-focused organization you'll probably be very happy with it. If you're a prevent-based organization, I don't think it's going to fill that niche.

    If you have a smaller team, look at what it takes to manage the policies, because depending on your workflows, how you need to patch, or how you need to group things, it may not work for your workflows.

    I would rate Cybereason a six out of ten. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Strategic Partners
    Flag as inappropriate
    Buyer's Guide
    Cybereason Endpoint Detection & Response
    June 2022
    Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    607,127 professionals have used our research since 2012.
    Information Security Analyst at a comms service provider with 51-200 employees
    Real User
    Provides visibility for the processes running across our network
    Pros and Cons
    • "We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold."
    • "Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business."

    What is our primary use case?

    Some of our users are in threat hunting. We use it to protect a really diverse environment, including Macs, Windows, Linux, Android, and iOS. So, our primary use for it is endpoint protection. We are protecting around 1,200 endpoints.

    How has it helped my organization?

    We have some automatic prevention, where you can just set it to how confident you are in the product based on how many false positives you are getting, etc. At this point, I think we are getting a little more comfortable with doing automatic prevention since we don't see a lot of false positives anymore. Now, I don't have to chase every single malware that shows up on a user's machine. We are only worried about those that are proactively trying to move around. So, it really lets us focus on the more important things when some automation is involved.

    Visibility is such a big thing for us, which we didn't have previously. One of the greatest additions to our environment is having that visibility for the processes running across our network.

    Cybereason is helpful to organizations who have a small security team, especially if you have the SOC behind you doing their analysis as well. It is tremendously helpful to have top-notch security advisors help you identify threats in your environment.

    What is most valuable?

    I have found their file search really useful as well as their investigation feature. Outside of the management console, their defenders platform is incredibly useful with great content for learning about their features and how the software operates.

    Cybereason helps us to mitigate and isolate on the fly. If a malware has been identified, we get various options to mitigate, depending on what we believe is the best option for that specific malware type. We can quarantine the file or isolate the whole asset from being able to talk to the network. It helps us reach our goals of threat hunting as far as incident response goes, since timing is of the essence. It is very important for us to have that ability to do it with one click, and not have to reach out to the system owner before we can take action.

    All the information that they have in the Cybereason XDR platform helps a lot. You can see all their dashboards, etc. Overall, I would rate it as 8.5 to 9 out of 10 for ease of use. It didn't take us too long to figure out their platform.

    What needs improvement?

    Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business.

    For how long have I used the solution?

    We started using it around September 2021.

    What do I think about the stability of the solution?

    So far, I would give them 10 out of 10 on stability.

    What do I think about the scalability of the solution?

    For scalability, I would give them 9 out of 10. It is fairly easy to scale once you get going and are comfortable with it. It was our ability to get comfortable from not knowing how well it would interact with all our different operating systems.

    Currently, there are only two individuals who are in it day-to-day. We have given access to our system administrators, but they don't really work with it much unless there are issues going on with the machines that they administer. So, they are not in the solution very often.

    How are customer service and support?

    In the security arena, I would give them 9 out of 10. We had a small hiccup at the beginning of our onboarding as well as figuring out how the SOC worked. That is the only reason why the beginning was a little bit rough, but I currently can say that they are great and very responsive. 

    As far as technical support goes, I would probably rate it as 8 out of 10 at the moment because of how long it is taking to resolve the very few issues that we have.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were previously using Microsoft Defender.

    We switched to Cybereason for its visibility and logs. Cybereason allows us to integrate a lot better with our SIEM solution. We can do threat hunting from one dashboard. It is a lot more manageable and flexible with a more in-depth view of our environment. It also has compatibility with multiple operating systems.

    How was the initial setup?

    The initial deployment was very straightforward for Windows, Linux, and Mac. On the mobile side, the deployment has still been very slow. I think their VPN has some compatibility issues with Android or specific versions of Android.

    On Windows machines, the deployment took around two and a half months. Part of it was very much due to us wanting to dip our toes first and not go full speed, because we didn't know how our machines were going to react or its compatibility with the system. It was a very wide deployment to various different systems. We were mostly worried about our servers. 

    It has done very well with our servers. We haven't really seen many negatively affected assets.

    What was our ROI?

    We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold. As security analysts, when you have more information to digest, it will take a bit of time before we decrease the amount of time spent on some systems where we didn't have visibility before. 

    It has reduced the amount of time that we spend responding to threats by at least 50%.

    What other advice do I have?

    If you are a very small security team or have no security team, then I would choose Cybereason for the level of expertise from their SOC and security support team. Also, the product is very easy to manage. Overall, the number of false positives that a system administrator has to deal with is lower, which is better, because you don't have to spend time on it. Instead, you can spend time doing other things, like setting up new infrastructure.

    I haven't really had many experiences with other vendors, but I would rate them as 9 out of 10. It goes back to those first issues that we had at the beginning. However, they have stepped up and really have proved that they are a great product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Nick LaPointe - PeerSpot reviewer
    Information Security Administrator at a insurance company with 1,001-5,000 employees
    Real User
    Does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately
    Pros and Cons
    • "Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."
    • "Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."

    What is our primary use case?

    We use Cybereason for endpoint detection, response, and protection.

    What is most valuable?

    All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

    Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

    We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

    The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

    Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

    This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

    We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

    It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

    The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

    Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

    What needs improvement?

    Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.

    Their endpoint protection piece for device management and storage device protection could use maturation. 

    For how long have I used the solution?

    I started using Cybereason EDR shortly over a year now. It was March of 2020.

    What do I think about the stability of the solution?

    The performance was better than the endpoint detection response of our previous solution. We've actually had comments from end-users once we deployed Cybereason, and we noticed the outgoing solution that their computers have increased in speed.

    What do I think about the scalability of the solution?

    Scalability is endless, especially in a SaaS deployment. We scaled from zero to 2,900 in three weeks, and we saw no degradation in threat hunting query performance within the platform or any ill effects on the platform itself.

    It does require maintenance for deploying upgraded sensors and for tweaking policies as new features come out. I don't think that would be maintenance. Upgrading endpoint sensors on mission critical device I recommend a maintenance window just to follow industry best practices, however all other devices can be completed during normal business hours.

    How are customer service and technical support?

    Their technical support is very competent. They know the product inside and out and they try to understand the business's needs before any solution is provided.

    Which solution did I use previously and why did I switch?

    Symantec was our previous provider. It was through tabletop exercises that we found that it just wasn't triggering alerts that it should have been, so it led us to review other products.

    How was the initial setup?

    The setup was completely fast-paced and extremely straightforward. 

    We were under a somewhat constrained timeline for rollout. It usually takes us six to eight weeks to roll something of this magnitude out to the organization, but having the pandemic upon us, we actually got it fully deployed in under three weeks. That's how easy it was to roll out and deploy.

    The deployment was done all internally. It was a little bit more than just our security team. It was help from our tier-one support analyst as well, but we got it rolled out with a handful of people. Six people were involved in the project in deploying over 2,900 sensors.

    We are currently looking at their mobile device management solution or their protection solution to expand usage.

    What was our ROI?

    We will see a positive ROI, I believe, in the next 12 to 24 months.

    What's my experience with pricing, setup cost, and licensing?

    It's not the cheapest, but it's the best.

    There are no additional costs to standard licensing. 

    What other advice do I have?

    My advice would be: Don't hesitate. Pull the trigger and you won't be disappointed.

    It's always watching the house. No matter what you throw at it, it will detect anything you give it. It detects anomalies within the environment.

    I would rate it an 9.5 out of 10. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Johnson Bresnick - PeerSpot reviewer
    Director of Learning and Development at ACA - Ateliers de conversation anglaise
    Real User
    Top 20
    It has helped us become more knowledgeable about our environment and aware of threats
    Pros and Cons
    • "Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."
    • "The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."

    What is our primary use case?

    It detects and flags malware and other attacks. We also have MDR services completely managed by Cybereason. They look into any threats, give recommendations, and analyze what's happening in our system.

    How has it helped my organization?

    The program has taught us a lot, so our team has become more knowledgeable about what's happening in our environment and what is or isn't a threat with the solutions and the services provided to us. There's also an excellent learning process with the EDR wherein they encourage the users to learn what's happening to, I think, be more confident when mitigating any threats or any problems in the environment. Before we had the solution, we were largely unaware of what was happening. Now we are more confident and better grasp what's happening in our environment.

    Cybereason EDR helps us isolate and mitigate on the fly, which is essential because we're a small team, and we don't always have a spare IT person waiting to work. We need our team to be proactive in those situations.

    Cybereason's operation-centric approach has helped us move beyond chasing multiple alerts and visualize the entire timeline of malicious operations. We can see when they started when they were detected, and if there's any lateral movement. It uses behavior indicators to detect attacks which is an innovative approach. I believe the indicators help remediate attacks quickly, but then again, we have the complete monitoring solution, so they're the ones doing the remediation and sending us recommendations.

    It has cut down on the time we spend hunting and responding to threats, which has increased our efficiency because we spend less time thinking about it or managing the system. Cybereason is helpful to us as a small team because we don't necessarily need a dedicated person to analyze threats. Cybereason's monitoring service takes care of that. If there's a threat, we don't need to investigate to see if it's a false positive,

    What is most valuable?

    Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment.

    I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly.

    Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

    What needs improvement?

    The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.

    For how long have I used the solution?

    I've been using Cybereason EDR since June, so about half a year.

    What do I think about the stability of the solution?

    Cybereason is stable. We haven't had any hiccups or outages so far. 

    What do I think about the scalability of the solution?

    I think Cybereason is highly scalable. If we added doubled, tripled, or quadrupled our team size, we could easily continue operations as normal with this solution. It's currently on all the endpoints, but we might increase our usage if we get more language training clients.

    How are customer service and support?

    Cybereason support has been great. 

    Which solution did I use previously and why did I switch?

    We used BitDefender previously, but we decided to switch to Cybereason because it offers some new technology like AI. The company is growing and it looks promising. 

    How was the initial setup?

    Setting up Cybereason was straightforward. However, if you don't have an IT team that can program the exceptions you need or run the automatic installation,  it might take some time to figure out how it all works. Cybereason offered us some support during deployment. They have a forum, and if we had any questions, Cybereas support could offer customized solutions or guide us through the process. 

    The deployment didn't take too long because we didn't have many endpoints. It was maybe a couple of days. We can automatically deploy the sensors on our new machines, so it's quick and easy to expand. The policies are set automatically when we onboard employees and the sensors run pretty smoothly.

    What's my experience with pricing, setup cost, and licensing?

    Cybereason is affordable.

    Which other solutions did I evaluate?

    We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money.

    What other advice do I have?

    I rate Cybereason EDR 10 out of 10. I recommend it because it's much better than anything else out there. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Senior Project Manager at a transportation company with 10,001+ employees
    Real User
    Efficient with an easy to use interface and excellent technical support
    Pros and Cons
    • "The solution is efficient."
    • "Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."

    What is our primary use case?

    We primarily use the solution for security purposes.

    What is most valuable?

    I really like the features. It's quite different from any other solution. 

    It's complex, but not in a bad way. I find it fascinating to explore all of the options they have on offer.

    The solution is efficient.

    The support is very responsive.

    We're excited for the new features we'll be getting in version 20.1.

    The user interface is very easy to understand and navigate.

    The solution is great for tracking and tracing computers.

    What needs improvement?

    I can't tell how much it detects and how much it doesn't detect. This I don't know. However, this isn't my area of expertise. That said, detection could always be improved upon.

    Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group.

    It is useful to have a bit of training on the solution first. It's not as intuitive, as, say, your iPhone.

    It would be helpful if, in the future, there was a more efficient way to upgrade the sensors directly from the cloud. Basically on each end device, you're deploying a sensor. They call it a sensor, other companies call it something else, but they call it sensor. That's where you have the version of the software. To upgrade, for instance from 19 to 20, today we have to do it internally. I know they have it in the pipeline to make the upgrades easier, but they don't know by when it will be released. If it could be done directly from the console to all servers, that it would be a nice feature.

    For how long have I used the solution?

    While the company has been using the solution for two years, I haven't been using it for too long. At this point, I may have only been using it for two months or so.

    What do I think about the stability of the solution?

    The solution is quite stable. We haven't had any issues with it. It doesn't have bugs or glitches. It doesn't freeze or crash. I would consider it to be reliable. I can always access the console, I can check stuff. I don't have issues.

    We're on version 19.1, and we're waiting on version 20.1 to be used a bit more and become a bit more stable before we upgrade. We're a pretty complex organization. Cybereason told us to hold off for a bit, and so we aren't changing versions just yet. 

    What do I think about the scalability of the solution?

    We're a big, complex company, and even so, with this solution, scalability is pretty straightforward. I'm not dealing directly with this part of the solution. However, if an additional detection service is needed or if we need more disk space, it seems really, really easy to expand. 

    How are customer service and technical support?

    The support that the company offers is very good. We've been quite satisfied. I find them to be exceptionally responsive. They are quite knowledgeable.

    How was the initial setup?

    It's very straight forward to implement the solution. It's not complex at all. The solution provides you with a package once, tailored to how your network is working. They provide you with a dedicated package for your own organization and it's ridiculously simple to install.

    Technically, the solution is already deployed, however, it's not on all servers yet. I'm deploying the machine servers worldwide while also making sure that the grid version of the sensors is set up. I would estimate that, at this point, the company has deployed the solution 90-95%. We're in the process of finishing off what's left.

    What about the implementation team?

    I tend to deploy the solution myself to our servers around the globe. If I do need assistance, I have a manager that's available 24/7.

    What other advice do I have?

    We're just customers. We don't have a business relationship with the client. I'm not a security expert. That said, I'm closely in touch with the company for training, etc. and I keep an eye on how it works for our company. 

    The thing is with an EDR solution, it's kind of a new world for me. I've read up on Cybereason a lot, as well as other options. I was trying to understand the differences between the products. My understanding is that they are kind of a new generation of EDR, which are represented by Cybereason and by CrowdStrike. They are doing active monitoring which differentiates them from other solutions if I understood properly.

    They are monitoring our environment effectively. We are monitoring it by ourselves as well, however, their SOC team is monitoring and pre-alerting us all the time, every day. 

    From a user experience perspective, I'd rate the solution nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Systems Engineer at a tech services company with 11-50 employees
    Reseller
    Top 5Leaderboard
    Good UI and dashboard, but it has no support for mailbox security or sandboxing
    Pros and Cons
    • "The dashboard is very good and you can consider it as an interactive UI."
    • "Cybereason does not have sandbox functionality."

    What is our primary use case?

    We are a solution provider and we deal with three different vendors to supply security products for our customers. One of the products that we implement for them is Cybereason Endpoint Detection & Response.

    It is used for endpoint protection, in general, and monitoring the endpoint. Those asking for EDR usually have a security operations center (SOC). They just want to see the dashboard, the incidents, and whether something has happened on the endpoint.

    How has it helped my organization?

    This product is somewhat new for us, so we haven't been able to secure deals with our customers for it yet. We have proposed it to one customer because it was requested.

    Also, I think that Cybereason only has perhaps 500 employees, and there are not many technical people in the Middle East. There is only one regional manager and he is based in the U.A.E., and within the past four or five months, they hired a new service engineer (SE).

    What is most valuable?

    The dashboard is very good and you can consider it as an interactive UI.

    What needs improvement?

    There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.

    Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.

    They do not have anything related to mailbox security.

    Cybereason does not have sandbox functionality.

    For how long have I used the solution?

    We signed the contract with Cybereason to sell the Endpoint Detection & Response solution a year ago, although we have not had much experience with it yet. Most of our customers already have endpoint protection from Kaspersky and are asking for license renewals and support. It is similar for our customers that have BitDefender.

    How are customer service and technical support?

    I have not been in contact with technical support.

    Which solution did I use previously and why did I switch?

    We also deal with BitDefender and Kaspersky.

    I have some hands-on work with BitDefender and have completed some implementations.

    Both Trend Micro and BitDefender have support for mailbox security. For example, they have specific functionality for securing Microsoft Exchange, or mailboxes in general. Cybereason doesn't have this option. The same is true for sandboxing capabilities.

    How was the initial setup?

    This is a product that requires a lot of resources when it is set up.

    Some of our customers ask that Cybereason be installed with an air gap.

    What about the implementation team?

    We do not yet have much hands-on experience with this product.

    What's my experience with pricing, setup cost, and licensing?

    This product is somewhat expensive and should be cheaper. Having better pricing, in general, would be an improvement.

    What other advice do I have?

    This is a product that I recommend for endpoint protection in general, and for the server. However, if they need mailbox security then I would recommend another product.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Security Consultant at a computer software company with 10,001+ employees
    Consultant
    Easy to set up but can be confusing for end-users
    Pros and Cons
    • "The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
    • "The product's reporting isn't great."

    What is most valuable?

    The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running.

    What needs improvement?

    One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.

    For how long have I used the solution?

    I have been using this solution for about seven months.

    How are customer service and support?

    Technical support varies on a case-by-case basis, but sometimes it takes a lot of time for them to come back to us with a solution. I would like to see better support in the future.

    Which solution did I use previously and why did I switch?

    I previously used Trend Micro's antivirus solution.

    How was the initial setup?

    The initial setup was easy.

    What about the implementation team?

    I used an in-house EDR team to implement this product.

    What other advice do I have?

    I would advise trying to cut down on false positives as these can create a lot of issues between teams. I would rate this product as 7.5 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Download our free Cybereason Endpoint Detection & Response Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2022
    Buyer's Guide
    Download our free Cybereason Endpoint Detection & Response Report and get advice and tips from experienced pros sharing their opinions.