Cybereason Endpoint Detection & Response Valuable Features

Chad Kliewer - PeerSpot reviewer
Information Security Officer at PTCI

The biggest feature is the fact that I have one product that works across all my different operating systems. It works across a lot of different endpoint operating systems, e.g., Windows, macOS, iOS, Android, and Linux. I chose the solution because it covers the entire realm of all of my devices on a single endpoint agent, then back to one console. This prevents me from having to manage multiple products for multiple operating systems. I did not have these capabilities on anything other than Windows and Linux previously. XDR has expanded my capabilities into all my other endpoints, e.g., mobile OSs, beyond Windows and Linux.

Cybereason provides a ton of detail. Not only do we see that something malicious may have been executed on a machine, but we also see everything else that is executed on that machine, which may or may not be involved. Therefore, it has given us a ton more information and context around an event, rather than saying, "Oh, we spotted this suspicious file." Instead, it gives me the context around it, telling me how it was executed, where it was executed from, and why it might be malicious. So, it has changed the way we function.

In the past, we looked at it, and said, "That looks malicious (or not). Check the box and move on." With Cybereason products, we have much more detail behind it so we can make more informed decisions on whether an action is malicious. An added benefit is that it has also helped us discover a lot of other software applications running within our environment. We probably found another 10 to 20 applications running within our environment that we weren't aware of before.

All its information about malicious operations (MalOp) keeps me from having to go to multiple different sources to find it. That is definitely the truth. I can usually do whatever triage that I need to do from the Cybereason tool to know if something is malicious or not, then feel comfortable with that decision. There is not any guesswork. On a couple of occasions, I still had to go back to a particular computer to dig out additional logs that weren't there, but that is to be expected. It has come a long way. I am not seeing an alert, then having to go find other tools to find out more context to that alert, because the context of that alert is right there in the dashboard.

View full review »
MT
Senior Security Engineer at a financial services firm with 1,001-5,000 employees

Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations.

Cybereason helps us to mitigate and isolate on the fly. It's extremely important and mostly because the endpoint is our weakest link. It's what has access to our internal network in the external world. So it's the biggest target. 

We have used it to automate mitigation and isolation processes. The automation that we're doing is a little bit less featured than the product we had before, but there's a lot more you can do with automation than what you can do with a traditional endpoint.

It somewhat provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint in real-time. We have several open issues and bug reports with them that it doesn't always pull that data back. So when it works, it does pull a lot of the details, but some of the things like PowerShell Commands are still very limited with what you can see. It's extremely important to us. 

The solution enables us to adapt to attacks and act more swiftly than attackers can adjust their tactics, especially with EDR. We've been able to do a lot more scripting and automation for doing mitigation.

We use the solution's XDR features to extend detection and response capabilities across the broader IT ecosystem. We're basically covering most of our non-appliance infrastructure and some of our appliances. Even network appliances would fall into what we can cover with it.

View full review »
DH
Information Security Analyst at a comms service provider with 51-200 employees

I have found their file search really useful as well as their investigation feature. Outside of the management console, their defenders platform is incredibly useful with great content for learning about their features and how the software operates.

Cybereason helps us to mitigate and isolate on the fly. If a malware has been identified, we get various options to mitigate, depending on what we believe is the best option for that specific malware type. We can quarantine the file or isolate the whole asset from being able to talk to the network. It helps us reach our goals of threat hunting as far as incident response goes, since timing is of the essence. It is very important for us to have that ability to do it with one click, and not have to reach out to the system owner before we can take action.

All the information that they have in the Cybereason XDR platform helps a lot. You can see all their dashboards, etc. Overall, I would rate it as 8.5 to 9 out of 10 for ease of use. It didn't take us too long to figure out their platform.

View full review »
Buyer's Guide
Cybereason Endpoint Detection & Response
December 2022
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,711 professionals have used our research since 2012.
Nick LaPointe - PeerSpot reviewer
Information Security Administrator at a insurance company with 1,001-5,000 employees

All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.

Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.

We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.

The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events. 

Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.

This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.

We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.

It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything. 

The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.

Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.

View full review »
Johnson Bresnick - PeerSpot reviewer
Director of Learning and Development at ACA - Ateliers de conversation anglaise

Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment.

I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly.

Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

View full review »
Abhinav Srivastava - PeerSpot reviewer
Senior Project Executive at Hitachi

What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it.

View full review »
TA
Systems Engineer at a tech services company with 11-50 employees

The dashboard is very good and you can consider it as an interactive UI.

View full review »
Ibrahim Karam - PeerSpot reviewer
Pre-Sales Consultant | Palo Alto Networks. at StarLink - Trusted Security Advisor

We like that it is a hybrid. It’s flexible. You can really do whatever you need to do.

The initial setup is not overly complicated.

The solution can scale.

It is stable and reliable.

View full review »
CL
Security Consultant at a computer software company with 10,001+ employees

The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running.

View full review »
Buyer's Guide
Cybereason Endpoint Detection & Response
December 2022
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,711 professionals have used our research since 2012.