Cybereason Endpoint Detection & Response Reviews

The product's NGAV feature that can protect my endpoint from malware is the most valuable one for me.

Cybereason Endpoint Detection & Response is quite good in providing protection and investigation. I feel that the product lacks reporting features and needs improvement.

I have been using Cybereason Endpoint Detection & Response for almost one year. I am using the solution's latest version. We are distributors of Cybereason.

I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten.

It is an easily scalable solution. Scalability-wise, I rate the solution a nine out of ten.

Around 100 people in my company use Cybereason Endpoint Detection & Response.

Though I don't have much experience with the technical support of the product, I rate the technical support a nine out of ten.

Positive

On a scale of one to ten, where one is difficult, and ten is easy, I rate the setup phase a nine.

The solution is deployed on the cloud.

For around 100 employees, we need three to five days for the deployment of the product.

We need three people for the deployment.

On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight.

Before choosing Cybereason Endpoint Detection & Response, I evaluated a couple of brands, including products named CrowdStrike and SentinelOne. Cybereason is good and provides high performance while also helping my team to manage incidents.

For some organizations that are aware of cybersecurity ways that indicate the need to focus on the endpoint area, I recommend they find some solution to help them to protect their employees. Cybereason is a good platform in the area they function.

Overall, I rate the solution a nine out of ten.

We primarily use the solution for security purposes.

I really like the features. It's quite different from any other solution. 

It's complex, but not in a bad way. I find it fascinating to explore all of the options they have on offer.

The solution is efficient.

The support is very responsive.

We're excited for the new features we'll be getting in version 20.1.

The user interface is very easy to understand and navigate.

The solution is great for tracking and tracing computers.

I can't tell how much it detects and how much it doesn't detect. This I don't know. However, this isn't my area of expertise. That said, detection could always be improved upon.

Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group.

It is useful to have a bit of training on the solution first. It's not as intuitive, as, say, your iPhone.

It would be helpful if, in the future, there was a more efficient way to upgrade the sensors directly from the cloud. Basically on each end device, you're deploying a sensor. They call it a sensor, other companies call it something else, but they call it sensor. That's where you have the version of the software. To upgrade, for instance from 19 to 20, today we have to do it internally. I know they have it in the pipeline to make the upgrades easier, but they don't know by when it will be released. If it could be done directly from the console to all servers, that it would be a nice feature.

While the company has been using the solution for two years, I haven't been using it for too long. At this point, I may have only been using it for two months or so.

The solution is quite stable. We haven't had any issues with it. It doesn't have bugs or glitches. It doesn't freeze or crash. I would consider it to be reliable. I can always access the console, I can check stuff. I don't have issues.

We're on version 19.1, and we're waiting on version 20.1 to be used a bit more and become a bit more stable before we upgrade. We're a pretty complex organization. Cybereason told us to hold off for a bit, and so we aren't changing versions just yet. 

We're a big, complex company, and even so, with this solution, scalability is pretty straightforward. I'm not dealing directly with this part of the solution. However, if an additional detection service is needed or if we need more disk space, it seems really, really easy to expand. 

The support that the company offers is very good. We've been quite satisfied. I find them to be exceptionally responsive. They are quite knowledgeable.

It's very straight forward to implement the solution. It's not complex at all. The solution provides you with a package once, tailored to how your network is working. They provide you with a dedicated package for your own organization and it's ridiculously simple to install.

Technically, the solution is already deployed, however, it's not on all servers yet. I'm deploying the machine servers worldwide while also making sure that the grid version of the sensors is set up. I would estimate that, at this point, the company has deployed the solution 90-95%. We're in the process of finishing off what's left.

I tend to deploy the solution myself to our servers around the globe. If I do need assistance, I have a manager that's available 24/7.

We're just customers. We don't have a business relationship with the client. I'm not a security expert. That said, I'm closely in touch with the company for training, etc. and I keep an eye on how it works for our company. 

The thing is with an EDR solution, it's kind of a new world for me. I've read up on Cybereason a lot, as well as other options. I was trying to understand the differences between the products. My understanding is that they are kind of a new generation of EDR, which are represented by Cybereason and by CrowdStrike. They are doing active monitoring which differentiates them from other solutions if I understood properly.

They are monitoring our environment effectively. We are monitoring it by ourselves as well, however, their SOC team is monitoring and pre-alerting us all the time, every day. 

From a user experience perspective, I'd rate the solution nine out of ten.

We use Cybereason for endpoint detection, response, and protection.

All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.

Their endpoint protection piece for device management and storage device protection could use maturation. 

I started using Cybereason EDR shortly over a year now. It was March of 2020.

The performance was better than the endpoint detection response of our previous solution. We've actually had comments from end-users once we deployed Cybereason, and we noticed the outgoing solution that their computers have increased in speed.

Scalability is endless, especially in a SaaS deployment. We scaled from zero to 2,900 in three weeks, and we saw no degradation in threat hunting query performance within the platform or any ill effects on the platform itself.

It does require maintenance for deploying upgraded sensors and for tweaking policies as new features come out. I don't think that would be maintenance. Upgrading endpoint sensors on mission critical device I recommend a maintenance window just to follow industry best practices, however all other devices can be completed during normal business hours.

Their technical support is very competent. They know the product inside and out and they try to understand the business's needs before any solution is provided.

Symantec was our previous provider. It was through tabletop exercises that we found that it just wasn't triggering alerts that it should have been, so it led us to review other products.

The setup was completely fast-paced and extremely straightforward. 

We were under a somewhat constrained timeline for rollout. It usually takes us six to eight weeks to roll something of this magnitude out to the organization, but having the pandemic upon us, we actually got it fully deployed in under three weeks. That's how easy it was to roll out and deploy.

The deployment was done all internally. It was a little bit more than just our security team. It was help from our tier-one support analyst as well, but we got it rolled out with a handful of people. Six people were involved in the project in deploying over 2,900 sensors.

We are currently looking at their mobile device management solution or their protection solution to expand usage.

We will see a positive ROI, I believe, in the next 12 to 24 months.

It's not the cheapest, but it's the best.

There are no additional costs to standard licensing. 

My advice would be: Don't hesitate. Pull the trigger and you won't be disappointed.

It's always watching the house. No matter what you throw at it, it will detect anything you give it. It detects anomalies within the environment.

I would rate it an 9.5 out of 10. 

We are a solution provider and we deal with three different vendors to supply security products for our customers. One of the products that we implement for them is Cybereason Endpoint Detection & Response.

It is used for endpoint protection, in general, and monitoring the endpoint. Those asking for EDR usually have a security operations center (SOC). They just want to see the dashboard, the incidents, and whether something has happened on the endpoint.

This product is somewhat new for us, so we haven't been able to secure deals with our customers for it yet. We have proposed it to one customer because it was requested.

Also, I think that Cybereason only has perhaps 500 employees, and there are not many technical people in the Middle East. There is only one regional manager and he is based in the U.A.E., and within the past four or five months, they hired a new service engineer (SE).

The dashboard is very good and you can consider it as an interactive UI.

There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.

Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.

They do not have anything related to mailbox security.

Cybereason does not have sandbox functionality.

We signed the contract with Cybereason to sell the Endpoint Detection & Response solution a year ago, although we have not had much experience with it yet. Most of our customers already have endpoint protection from Kaspersky and are asking for license renewals and support. It is similar for our customers that have BitDefender.

I have not been in contact with technical support.

We also deal with BitDefender and Kaspersky.

I have some hands-on work with BitDefender and have completed some implementations.

Both Trend Micro and BitDefender have support for mailbox security. For example, they have specific functionality for securing Microsoft Exchange, or mailboxes in general. Cybereason doesn't have this option. The same is true for sandboxing capabilities.

This is a product that requires a lot of resources when it is set up.

Some of our customers ask that Cybereason be installed with an air gap.

We do not yet have much hands-on experience with this product.

This product is somewhat expensive and should be cheaper. Having better pricing, in general, would be an improvement.

This is a product that I recommend for endpoint protection in general, and for the server. However, if they need mailbox security then I would recommend another product.

I would rate this solution a seven out of ten.

The primary use case of this solution is for Windows 10 platforms, any kind of Windows 10 platform, desktop edition, and some Windows servers for monitoring and protection.

The most valuable feature is the EPP part.

The integration with Microsoft solutions and Microsoft capabilities needs to be improved. Also, the agility to be ready for a new platform.

Stability needs to be improved.

The issue for me is the platform supportability. When there is a new version of OS, that is something that has to be improved.

The communication is not clear and we are not receiving the messages on the tests to know if it works or not.

Linux was a bad experience and Micro OS was a disaster.

The biggest issue is the platform for Micro OS and Linux are not supported.

I have known this solution for three years, more or less.

We are using the latest version.

I didn't like the stability. There were some problems and it was not responding correctly to integration.

Scalability seems to be ok. It's supporting more than 200,000 devices and in terms of scaling, it's ok.

For me, the technical support is good. I asked support for certain points to move on, in terms of new things, and I haven't received any good feedback.

I think that they are ok with the current platform and the current support, but they are not ok in terms of providing us with where they are evolving.

For antivirus projects, we were using Windows Defender and Skype for previous platforms such as Windows 7. Now, we are still using Windows Defender.

For additional features or features that are redundant with Defender, we are using Cybereason.

The initial setup was straightforward with plenty of issues.

It took between a few weeks and a few months to deploy.

We were using Cybereason directly.

In terms of pricing, it's a good solution.

We are evaluating the possibility of enabling Microsoft Defender ATP, which will cover most or all of the suites and the features that we have on Cybereason as well.

My advice is to evaluate carefully Microsoft Defender ATP and see if they are running fully with Microsoft. If they are evaluating anything at the endpoint level and they plan to use Mac, Windows, and Linux, they should pay attention to Microsoft solutions. Microsoft is becoming a leader in this area.

The cost of Microsoft is quite high, it is something that has to be discussed with Microsoft on a case by case.

I would rate this solution a seven out of ten.

The use cases vary. A lot of it depends on customer requirements and the customer environment. It’s tricky to pin down universal use cases.

We like that it is a hybrid. It’s flexible. You can really do whatever you need to do.

The initial setup is not overly complicated.

The solution can scale.

It is stable and reliable.

They need to improve their technical support services.

I’ve been using the solution for about one year.

The solution has been very stable. There are no bugs or glitches, and it doesn’t crash or freeze. It’s reliable. The performance has been good overall.

It is possible to scale the solution. If your company needs to expand, it can do so. It’s not an issue.

Technical support could be better. We’d like to see them be more helpful and responsive in the future.

It’s easier to set up that Cybereason Connect. It’s pretty straightforward. It didn’t take too long to deploy.

I don’t have any insights into the pricing of the product. I don’t handle the licensing aspect of the solution.

I would recommend the solution to other users and organizations. For the most part, we have been pleased with its capabilities.

In general, I would rate the solution eight out of ten.

The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running.

One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.

I have been using this solution for about seven months.

Technical support varies on a case-by-case basis, but sometimes it takes a lot of time for them to come back to us with a solution. I would like to see better support in the future.

I previously used Trend Micro's antivirus solution.

The initial setup was easy.

I used an in-house EDR team to implement this product.

I would advise trying to cut down on false positives as these can create a lot of issues between teams. I would rate this product as 7.5 out of 10.

Our company, as a distributor of the solution, looks into a few criteria that highlight the value of the solution. An important example is the deep hunting threat mechanisms that Cybereason has to offer.

One of the distinctions between Cybereason and many other vendors is that you are able to search easily through various parameters, such as machine ID, user ID, and malicious files.

Cybereason "communicates" with other endpoints to gather anonymous activities that run within the organization that normal AV fails to detect. It accumulates and compacts this into a single event case, where it is easy for the SOC team to do an investigation. This drastically reduces the time required to find the root cause of the event. This is one of the features that most of the other vendors lack, but allows the SOC team to receive an alert with the relevant details of the incident within a short period of time.

The sensors run within the endpoints, where it is lightweight and runs seamlessly in the background. It does not disrupt the work or activities of the end users, yet is able to detect almost any malicious activity running on the spot.

Adding to that, features like the canary files work like bait to any lateral movement case, where the threat actor is lured to "touch" those files. This, in turn, triggers the Malop engine, and immediately sends the alert to the SOC team to take action.

The technical support will need to be improved.

I have the utmost respect for the stability of this solution, as it will be ninety-nine percent solid in keeping the endpoints protected from advanced cyber attacks.

Since using the solution, post-installation I have not come to a point where I needed to contact their customer service or technical support. I have had no issues with the solution.

We have used normal branded AV, which does not seem to be effective nowadays. Adding products to make up for what is lacking can be costly and it will also affect the performance of the endpoint, adding more resources and also time to do an investigation manually. Ultimately, this will affect productivity.

As Cybereason, it is built as NGAV plus EDR, meaning that it is a multi-functional solution that addresses the effectiveness of countermeasures for any cyber attacks. It is an ever-evolving process.

The initial setup is pretty much straightforward. Simply follow the onboarding process as instructed by the vendor. The vendor is available to guide and assist with the onboarding process, and training for using the solution is also provided.

As a distributor of the product, I have seen both vendor and in-house implementations. In the case of in-house deployments, there are clear instructions from the vendor. If issues should arise then they respond quickly to address the issue.

Pricing is based on endpoints to be covered together with licensing. Be sure to make a request for flexibility in pricing.

We have evaluated Seqrite Endpoint Security, F-Secure Endpoint Detection and Response, Kaspersky Endpoint Security, Avast Endpoint, and Avira Endpoint Security.

I highly recommend this solution for any organization that is solely depending on normal AV. Cyber attacks are rising exponentially, where tools are more advanced in penetrating the wall of security within the organization. A single hole could lead to devastating effects on the business.

The latest updates are quite user-friendly. This makes it easy to conduct an investigation, which leads to a reduction in time for determining the root cause of the event.