Cybereason Endpoint Detection & Response Room for Improvement

Chad Kliewer - PeerSpot reviewer
Information Security Officer at PTCI

The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it.

While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together.

It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made.

It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.

View full review »
MT
Senior Security Engineer at a financial services firm with 1,001-5,000 employees

The dashboards are very minimal. They have some flashy options but there's nothing that we've found that's actually valuable that's in the dashboard. It's very easy to use, but if you have experienced SOC members there's no real query language. So it slows them down to have to click the button a million times, but for new SOC members, it's very easy to pick up because there's no query language.

Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts.

It doesn't always pull data, there'll be times when it can't pull a process or things like that. We brought this up to Cybereason. We have an RFP for it but we have a lot of RFPs and we maybe only had a couple that have been completed.

The high CPU and memory usage are the two main points that need improvement. That's been pretty big. It's caused us a couple of outages. If they had more automation, like policy management via the API, that would be nice because whitelisting path exceptions, things like that, do take a good amount of time because that's done manually per policy instead of being automated. And we're very automation-focused. 

View full review »
DH
Information Security Analyst at a comms service provider with 51-200 employees

Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business.

View full review »
Buyer's Guide
Cybereason Endpoint Detection & Response
December 2022
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.
Nick LaPointe - PeerSpot reviewer
Information Security Administrator at a insurance company with 1,001-5,000 employees

Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.

Their endpoint protection piece for device management and storage device protection could use maturation. 

View full review »
Johnson Bresnick - PeerSpot reviewer
Director of Learning and Development at ACA - Ateliers de conversation anglaise

The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.

View full review »
Abhinav Srivastava - PeerSpot reviewer
Senior Project Executive at Hitachi

What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on.

View full review »
TA
Systems Engineer at a tech services company with 11-50 employees

There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.

Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.

They do not have anything related to mailbox security.

Cybereason does not have sandbox functionality.

View full review »
Ibrahim Karam - PeerSpot reviewer
Pre-Sales Consultant | Palo Alto Networks. at StarLink - Trusted Security Advisor

They need to improve their technical support services.

View full review »
CL
Security Consultant at a computer software company with 10,001+ employees

One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.

View full review »
Buyer's Guide
Cybereason Endpoint Detection & Response
December 2022
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.