The primary use case of this solution is for Windows 10 platforms, any kind of Windows 10 platform, desktop edition, and some Windows servers for monitoring and protection.
Global IT Project Manager at a manufacturing company with 10,001+ employees
Good EPP, but support for Micro OS and Linux is needed
Pros and Cons
- "For me, the technical support is good."
- "The integration with Microsoft solutions and Microsoft capabilities needs to be improved."
What is our primary use case?
What is most valuable?
The most valuable feature is the EPP part.
What needs improvement?
The integration with Microsoft solutions and Microsoft capabilities needs to be improved. Also, the agility to be ready for a new platform.
Stability needs to be improved.
The issue for me is the platform supportability. When there is a new version of OS, that is something that has to be improved.
The communication is not clear and we are not receiving the messages on the tests to know if it works or not.
Linux was a bad experience and Micro OS was a disaster.
The biggest issue is the platform for Micro OS and Linux are not supported.
For how long have I used the solution?
I have known this solution for three years, more or less.
We are using the latest version.
Buyer's Guide
Cybereason Endpoint Detection & Response
November 2024
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
I didn't like the stability. There were some problems and it was not responding correctly to integration.
What do I think about the scalability of the solution?
Scalability seems to be ok. It's supporting more than 200,000 devices and in terms of scaling, it's ok.
How are customer service and support?
For me, the technical support is good. I asked support for certain points to move on, in terms of new things, and I haven't received any good feedback.
I think that they are ok with the current platform and the current support, but they are not ok in terms of providing us with where they are evolving.
Which solution did I use previously and why did I switch?
For antivirus projects, we were using Windows Defender and Skype for previous platforms such as Windows 7. Now, we are still using Windows Defender.
For additional features or features that are redundant with Defender, we are using Cybereason.
How was the initial setup?
The initial setup was straightforward with plenty of issues.
It took between a few weeks and a few months to deploy.
What about the implementation team?
We were using Cybereason directly.
What's my experience with pricing, setup cost, and licensing?
In terms of pricing, it's a good solution.
What other advice do I have?
We are evaluating the possibility of enabling Microsoft Defender ATP, which will cover most or all of the suites and the features that we have on Cybereason as well.
My advice is to evaluate carefully Microsoft Defender ATP and see if they are running fully with Microsoft. If they are evaluating anything at the endpoint level and they plan to use Mac, Windows, and Linux, they should pay attention to Microsoft solutions. Microsoft is becoming a leader in this area.
The cost of Microsoft is quite high, it is something that has to be discussed with Microsoft on a case by case.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Specialist Manager at a tech services company with 201-500 employees
A tool that offers NGAV features protecting its users from malware while remaining stable
Pros and Cons
- "I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."
- "I feel that the product lacks reporting features and needs improvement."
What is most valuable?
The product's NGAV feature that can protect my endpoint from malware is the most valuable one for me.
What needs improvement?
Cybereason Endpoint Detection & Response is quite good in providing protection and investigation. I feel that the product lacks reporting features and needs improvement.
For how long have I used the solution?
I have been using Cybereason Endpoint Detection & Response for almost one year. I am using the solution's latest version. We are distributors of Cybereason.
What do I think about the stability of the solution?
I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten.
What do I think about the scalability of the solution?
It is an easily scalable solution. Scalability-wise, I rate the solution a nine out of ten.
Around 100 people in my company use Cybereason Endpoint Detection & Response.
How are customer service and support?
Though I don't have much experience with the technical support of the product, I rate the technical support a nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
On a scale of one to ten, where one is difficult, and ten is easy, I rate the setup phase a nine.
The solution is deployed on the cloud.
For around 100 employees, we need three to five days for the deployment of the product.
We need three people for the deployment.
What's my experience with pricing, setup cost, and licensing?
On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight.
Which other solutions did I evaluate?
Before choosing Cybereason Endpoint Detection & Response, I evaluated a couple of brands, including products named CrowdStrike and SentinelOne. Cybereason is good and provides high performance while also helping my team to manage incidents.
What other advice do I have?
For some organizations that are aware of cybersecurity ways that indicate the need to focus on the endpoint area, I recommend they find some solution to help them to protect their employees. Cybereason is a good platform in the area they function.
Overall, I rate the solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Buyer's Guide
Cybereason Endpoint Detection & Response
November 2024
Learn what your peers think about Cybereason Endpoint Detection & Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Information Security Administrator at a insurance company with 1,001-5,000 employees
Does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately
Pros and Cons
- "Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."
- "Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."
What is our primary use case?
We use Cybereason for endpoint detection, response, and protection.
What is most valuable?
All of the features are valuable. I like the managed detection response feature a little bit more than most. We have a small team and it allows us to confidently go on breaks and after-hours leaving the Cybereason team to manage it.
Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective.
We evaluated Cybereason based on our junior analysts. We had hands-on keyboard time with them and they provided feedback on use cases that we've given them. Cybereason came out on top as being the easiest to use out of the three solutions that we considered.
The main difference between them was the overall ability to detect the evolving threat in the kill chain was a lot easier to view and alert on for Cybereason. Whereas the others failed to trigger an event anywhere in the kill chain. It had to have a few of the dominoes fall in the kill chain prior to having the event triggered. So it was clear that Cybereason detects threats anywhere within the MITRE ATT&CK framework, whereas the other ones had to follow a series of events.
Cybereason provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint and in real-time. Their overall view within the threat landscape is very easy to understand and visualize. It helps the junior analysts respond and contain to it in a timely manner.
This approach also helped us to move beyond chasing multiple alerts. It came to a point where now we're in an almost set it and forget it stage where it just alerts us and we can direct our attention elsewhere, which is helping the business grow and reach its mission goals.
We have a level up on the attack adversaries with Cybereason due to its nature of detecting malicious user and process behavior analytics. It does a phenomenal job in detecting anomalous behavior on the network and alerting us immediately with the whole story behind it. So it definitely enables us to adapt to attacks and act more swiftly than the attackers can adjust their tactics.
It also leverages indicators of behavior as a means of detecting attacks. Its AI hunting engine does a exceptional job in weeding out the noise and giving us high-fidelity alerts based on indicators of compromise. Which also helps us to detect attacks earlier using this approach. It automates everything.
The time it takes to detect attacks has been reduced through this approach. At least half if not 60% of our time is not spent on threat hunting anymore. It allowed us to be more business-focused and delivering products and solutions to market quicker for our clients.
Cybereason reduced our detection by 85%. Telemetry and reports are upwards of 90% reduced time.
What needs improvement?
Ad hoc higher-level reporting to senior management could be implemented. That's definitely an area of improvement that they need to focus on.
Their endpoint protection piece for device management and storage device protection could use maturation.
For how long have I used the solution?
I started using Cybereason EDR shortly over a year now. It was March of 2020.
What do I think about the stability of the solution?
The performance was better than the endpoint detection response of our previous solution. We've actually had comments from end-users once we deployed Cybereason, and we noticed the outgoing solution that their computers have increased in speed.
What do I think about the scalability of the solution?
Scalability is endless, especially in a SaaS deployment. We scaled from zero to 2,900 in three weeks, and we saw no degradation in threat hunting query performance within the platform or any ill effects on the platform itself.
It does require maintenance for deploying upgraded sensors and for tweaking policies as new features come out. I don't think that would be maintenance. Upgrading endpoint sensors on mission critical device I recommend a maintenance window just to follow industry best practices, however all other devices can be completed during normal business hours.
How are customer service and technical support?
Their technical support is very competent. They know the product inside and out and they try to understand the business's needs before any solution is provided.
Which solution did I use previously and why did I switch?
Symantec was our previous provider. It was through tabletop exercises that we found that it just wasn't triggering alerts that it should have been, so it led us to review other products.
How was the initial setup?
The setup was completely fast-paced and extremely straightforward.
We were under a somewhat constrained timeline for rollout. It usually takes us six to eight weeks to roll something of this magnitude out to the organization, but having the pandemic upon us, we actually got it fully deployed in under three weeks. That's how easy it was to roll out and deploy.
The deployment was done all internally. It was a little bit more than just our security team. It was help from our tier-one support analyst as well, but we got it rolled out with a handful of people. Six people were involved in the project in deploying over 2,900 sensors.
We are currently looking at their mobile device management solution or their protection solution to expand usage.
What was our ROI?
We will see a positive ROI, I believe, in the next 12 to 24 months.
What's my experience with pricing, setup cost, and licensing?
It's not the cheapest, but it's the best.
There are no additional costs to standard licensing.
What other advice do I have?
My advice would be: Don't hesitate. Pull the trigger and you won't be disappointed.
It's always watching the house. No matter what you throw at it, it will detect anything you give it. It detects anomalies within the environment.
I would rate it an 9.5 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at a manufacturing company with 1,001-5,000 employees
There is an instant isolation of the infected PC with this antivirus solution.
Pros and Cons
- "Immediately we can pick up the computers in the network if any malicious operation that is triggered."
- "It initially took some time to deploy."
What is our primary use case?
We are a big organization and it is very critical to manage security. So, we mostly we are identifying the suspicious problems we saw running in the system.
What is most valuable?
The most valuable feature is the antivirus and instant isolation of the PC to gather the malicious. We are updating the hash file and unknown hash file to block it.
With Cybereason, we can never fail any business type because of the antivirus detection. That's one thing we can commend the product for. Also, it's subduing menial processes. Like when we are doing any manual job the first process was launched on the last year so it's still wanting to process any linked or not. It's got a really clear intel lifecycle.
It will detect anything that can be malicious, from build ups and videos to anything that can be viruses and some malware. Like communicating to the malicious websites. So such logs shows such clear cut review and what it shows like what are the hosting packets. Immediately we can pick up the computers in the network if any malicious operation that is triggered.
What needs improvement?
The graphics are a little lacking. This is one of the problems of this solution.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
There are no issues with the stability of the product.
What do I think about the scalability of the solution?
It is scalable. We use this solution for over 20,000 workers who are employed at our company.
How was the initial setup?
The set up is a bit complex. We were using cloud when we setup the solution. As we implemented the product, we had to tell them what are the requirements so they understand and they are creating the package. It initially took some time to deploy.
What was our ROI?
It will alert if any computer contacting this malicious host so immediately it cut off this computer to the network. It will kick off the system from the network, so it will become deficient from the network, then email it to us. It can easily help you do so. So, we integrated the Cybereason and our ideas are integrated too.
What's my experience with pricing, setup cost, and licensing?
I am not personally responsible for the licensing of the product. I have no opinion.
What other advice do I have?
The Cybereason learning tools are fun to use. The tutorials are helpful. There is an open onboarding and training with Cybereason.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Systems Engineer at a tech services company with 11-50 employees
Good UI and dashboard, but it has no support for mailbox security or sandboxing
Pros and Cons
- "The dashboard is very good and you can consider it as an interactive UI."
- "Cybereason does not have sandbox functionality."
What is our primary use case?
We are a solution provider and we deal with three different vendors to supply security products for our customers. One of the products that we implement for them is Cybereason Endpoint Detection & Response.
It is used for endpoint protection, in general, and monitoring the endpoint. Those asking for EDR usually have a security operations center (SOC). They just want to see the dashboard, the incidents, and whether something has happened on the endpoint.
How has it helped my organization?
This product is somewhat new for us, so we haven't been able to secure deals with our customers for it yet. We have proposed it to one customer because it was requested.
Also, I think that Cybereason only has perhaps 500 employees, and there are not many technical people in the Middle East. There is only one regional manager and he is based in the U.A.E., and within the past four or five months, they hired a new service engineer (SE).
What is most valuable?
The dashboard is very good and you can consider it as an interactive UI.
What needs improvement?
There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.
Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.
They do not have anything related to mailbox security.
Cybereason does not have sandbox functionality.
For how long have I used the solution?
We signed the contract with Cybereason to sell the Endpoint Detection & Response solution a year ago, although we have not had much experience with it yet. Most of our customers already have endpoint protection from Kaspersky and are asking for license renewals and support. It is similar for our customers that have BitDefender.
How are customer service and technical support?
I have not been in contact with technical support.
Which solution did I use previously and why did I switch?
We also deal with BitDefender and Kaspersky.
I have some hands-on work with BitDefender and have completed some implementations.
Both Trend Micro and BitDefender have support for mailbox security. For example, they have specific functionality for securing Microsoft Exchange, or mailboxes in general. Cybereason doesn't have this option. The same is true for sandboxing capabilities.
How was the initial setup?
This is a product that requires a lot of resources when it is set up.
Some of our customers ask that Cybereason be installed with an air gap.
What about the implementation team?
We do not yet have much hands-on experience with this product.
What's my experience with pricing, setup cost, and licensing?
This product is somewhat expensive and should be cheaper. Having better pricing, in general, would be an improvement.
What other advice do I have?
This is a product that I recommend for endpoint protection in general, and for the server. However, if they need mailbox security then I would recommend another product.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director of Operations at a comms service provider with 10,001+ employees
Cybereason vs. Interset vs. SQRRL
Valuable Features:
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment that resolves the provenance and impact of a risk and threat elevated by incoming logs
Anomaly detection - using a baseline and anomalies to surface and rank incoming logs and associated threat/risk - these tools are better able to 'separate the chaff from the wheat' and avoid alarm fatigue and false positives plaguing current log aggregate type of security solutions. Further these security analytics 'learn' in the background and with much more agility than current solutions which must have an explicit 'learning mode' for an extensive period of time as part of set up.
'Fuzzy Logic' rules - morphing the term to describe how these solutions are much more agile and relative in interpreting risk and threats than current generation correlation rules with rely on very discrete criteria to treat incoming logs priority. Very important as malware and cyber criminals are equally agile at morphing there attack vectors.
Shop floor to top floor - the UI and dashboards tend to move the querying and decision making and resulting assessments up to the executive suite (C level) as opposed to backrooms SIRT, InfoSec tool. Goes to response time and TRA.
Kill Chain - these solutions build a non linear attack 'genealogy' showing direct chain of custody of events leading to a data breach AND related events, users, end points involved passively or as middle men over time. This not only gives the provenance of breach but points to future weak spots in your surface area to proactively in advance of future attacks.
Room for Improvement:
Like any new product the traditional enterprise readiness criteria around scaling, support, robustness, integration and deployment need to be proven out over their maturity curve. That being said their architecture provides confident remedies for scaling and robustness. Further as a 'pro to the con' these tools 'play nice in the security sandbox' in that they have public apis that easily integrate into existing security suites to add value to existing log aggregation solutions in place in an enterprise with significantly reduced set up cycles to their predecessors.
Use of Solution:
Security Analytics;
Assessed/Used the following next gen security analytics tools. There may be more competitors in space but these are the ones I am most familiar with and endorse:
- Interset (formerly Filetrek)
- Cybereason
- SQRRL
Other Advice:
This is a compare and contrast relative to best of breed DLP/SIEM solutions in Garner MQ and widely deployed
Differentiators
Interset - further to above key differentiator of this product is focus on insider threat - by tracking file activity and correlating against user end points and risky activities (read file exfiltrations) the resulting dashboards present an organizational risk profile with actionable events prioritized by risk = probability X impact. If one supports the notion that layered security needs to focus on inside out risk instead of trying to securing the perimeter - a very compelling tool for where to focus your infosec/forensic brain power.
Cybereason - similar in mindset to above (inside out risk) this application focuses on Malops - ie the notion that malware has and will continue to penetrate the perimeter - but will exhibit tell tale patterns of behaviour trying to exfiltrate files (in a manner similar to an insider) - this tool excels at identifying potential attacks in a manner easily understandable at an executive level and again maximizing efficiency of your deep security talent.
SQRRL - similar in intent to Cybereason. Major differentiator is tight AD coupling and labeling functions that can decisively evaluate impact and importance of data under attack and provenance of attack (what users are involved, what machines are infected)
As a final thought - my recommendation would 'either or' selection - they all support the notion of a security ecosystem where every tool gets better with more data. So using these tools in a sort of proactive round robin log assessment and pushing logs to each other would provide the best all round solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Specialist at a tech services company with 201-500 employees
The initial setup was easy and straightforward. It is also cost-friendly with good scalability.
Pros and Cons
- "It gives all the information in a clear response."
- "The initial setup was easy and straightforward."
- "There can be problems with the EDI."
- "The reporting feature needs improvement."
What is our primary use case?
The primary use case is endpoint protection and production.
How has it helped my organization?
It has a practical use. If a file was infected on somebody's laptop or workstation, then it is now easier for us to understand what the impact is on the environment.
The Cybereason product enables me to go directly into the software and execute it. I can look up the process, who were the dealers, what were the websites, and what were the IP addresses which were contacted. I can also detect if there were other systems which were impacted or if my environment was compromised.
What is most valuable?
I found the features of this console to be good. In the chain of actions, if I click on something, it will provide more options for other things.
In addition, it gives all the information in a clear response. These functionalities are quite good and impressive.
What needs improvement?
- There can be problems with the Electronic Data Interchange (EDI).
- The reporting feature needs improvement.
For how long have I used the solution?
Less than one year.
What do I think about the scalability of the solution?
The scalability is good.
Which solution did I use previously and why did I switch?
I previously used CylancePROTECT. In comparison, Cybereason is new, and has a couple of things which are not good. However, it detects false positives in the end and gives all of the information in a clear response. Its functionality is impressive.
How was the initial setup?
The initial setup was easy and straightforward. It took about two months.
What's my experience with pricing, setup cost, and licensing?
In terms of cost, this is a good choice for our needs.
Which other solutions did I evaluate?
I previously considered CylancePROTECT and CrowdStrike. However, we found Cybereason a better solution for our needs.
What other advice do I have?
An organization seeking a product like this needs to evaluate its standpoint. It must decide whether it is looking for flexibility or ease of administration.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Pre-Sales Consultant | Palo Alto Networks. at StarLink - Trusted Security Advisor
Flexible, reliable, and provides for many use cases
Pros and Cons
- "The initial setup is not overly complicated."
- "They need to improve their technical support services."
What is our primary use case?
The use cases vary. A lot of it depends on customer requirements and the customer environment. It’s tricky to pin down universal use cases.
What is most valuable?
We like that it is a hybrid. It’s flexible. You can really do whatever you need to do.
The initial setup is not overly complicated.
The solution can scale.
It is stable and reliable.
What needs improvement?
They need to improve their technical support services.
For how long have I used the solution?
I’ve been using the solution for about one year.
What do I think about the stability of the solution?
The solution has been very stable. There are no bugs or glitches, and it doesn’t crash or freeze. It’s reliable. The performance has been good overall.
What do I think about the scalability of the solution?
It is possible to scale the solution. If your company needs to expand, it can do so. It’s not an issue.
How are customer service and support?
Technical support could be better. We’d like to see them be more helpful and responsive in the future.
How was the initial setup?
It’s easier to set up that Cybereason Connect. It’s pretty straightforward. It didn’t take too long to deploy.
What's my experience with pricing, setup cost, and licensing?
I don’t have any insights into the pricing of the product. I don’t handle the licensing aspect of the solution.
What other advice do I have?
I would recommend the solution to other users and organizations. For the most part, we have been pleased with its capabilities.
In general, I would rate the solution eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Download our free Cybereason Endpoint Detection & Response Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Fortinet FortiEDR
Cisco Secure Endpoint
SentinelOne Singularity Complete
IBM Security QRadar
Intercept X Endpoint
Trend Vision One Endpoint Security
Kaspersky Endpoint Security for Business
VMware Carbon Black Endpoint
Check Point Harmony Endpoint
Trend Vision One
Trellix Endpoint Security (ENS)
Buyer's Guide
Download our free Cybereason Endpoint Detection & Response Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the biggest difference between EPP and EDR products?
- What is the difference between EDR and traditional antivirus?
- What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
- Which is the best EDR for a logistics company with 500-1000 employees?
- What is the best EDR or XDR product for a company with 9000 employees?
- What to choose: an endpoint antivirus, an EDR solution or both?
- Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?
- How does EternalBlue work?
- What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?
- What is Mimikatz?
It notes a Differentiator section that I could quickly jump to.