IT Central Station is now PeerSpot: Here's why

What needs improvement with Cybereason Endpoint Detection & Response?

Please share with the community what you think needs improvement with Cybereason Endpoint Detection & Response.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
99 Answers

Chad Kliewer - PeerSpot reviewer
Top 20Real User

The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it. While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together. It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made. It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.

DanielHernandez - PeerSpot reviewer
Real User

Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business.

Johnson Bresnick - PeerSpot reviewer
Top 20Real User

The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.

Chee Keong Law - PeerSpot reviewer

One area for improvement is that this solution isn't so easy for the end-user, especially at level 1. Sometimes the information from the product can be confusing for users at both levels 1 and 2. In addition, the product's reporting isn't great, which should be improved.

reviewer1678386 - PeerSpot reviewer
Top 20Real User

The dashboards are very minimal. They have some flashy options but there's nothing that we've found that's actually valuable that's in the dashboard. It's very easy to use, but if you have experienced SOC members there's no real query language. So it slows them down to have to click the button a million times, but for new SOC members, it's very easy to pick up because there's no query language. Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts. It doesn't always pull data, there'll be times when it can't pull a process or things like that. We brought this up to Cybereason. We have an RFP for it but we have a lot of RFPs and we maybe only had a couple that have been completed. The high CPU and memory usage are the two main points that need improvement. That's been pretty big. It's caused us a couple of outages. If they had more automation, like policy management via the API, that would be nice because whitelisting path exceptions, things like that, do take a good amount of time because that's done manually per policy instead of being automated. And we're very automation-focused.

reviewer1319712 - PeerSpot reviewer
Top 5LeaderboardReseller

There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it. Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this. They do not have anything related to mailbox security. Cybereason does not have sandbox functionality.

Anonymous__ - PeerSpot reviewer
Real User

I can't tell how much it detects and how much it doesn't detect. This I don't know. However, this isn't my area of expertise. That said, detection could always be improved upon. Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group. It is useful to have a bit of training on the solution first. It's not as intuitive, as, say, your iPhone. It would be helpful if, in the future, there was a more efficient way to upgrade the sensors directly from the cloud. Basically on each end device, you're deploying a sensor. They call it a sensor, other companies call it something else, but they call it sensor. That's where you have the version of the software. To upgrade, for instance from 19 to 20, today we have to do it internally. I know they have it in the pipeline to make the upgrades easier, but they don't know by when it will be released. If it could be done directly from the console to all servers, that it would be a nice feature.

reviewer821649 - PeerSpot reviewer
Real User

The integration with Microsoft solutions and Microsoft capabilities needs to be improved. Also, the agility to be ready for a new platform. Stability needs to be improved. The issue for me is the platform supportability. When there is a new version of OS, that is something that has to be improved. The communication is not clear and we are not receiving the messages on the tests to know if it works or not. Linux was a bad experience and Micro OS was a disaster. The biggest issue is the platform for Micro OS and Linux are not supported.

Anonymous - PeerSpot reviewer
Real User

The technical support will need to be improved.

Buyer's Guide
Cybereason Endpoint Detection & Response
May 2022
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
597,291 professionals have used our research since 2012.