Cybereason Endpoint Detection & Response Reviews

The primary use case of this solution is for Windows 10 platforms, any kind of Windows 10 platform, desktop edition, and some Windows servers for monitoring and protection.

The most valuable feature is the EPP part.

The integration with Microsoft solutions and Microsoft capabilities needs to be improved. Also, the agility to be ready for a new platform.

Stability needs to be improved.

The issue for me is the platform supportability. When there is a new version of OS, that is something that has to be improved.

The communication is not clear and we are not receiving the messages on the tests to know if it works or not.

Linux was a bad experience and Micro OS was a disaster.

The biggest issue is the platform for Micro OS and Linux are not supported.

I have known this solution for three years, more or less.

We are using the latest version.

I didn't like the stability. There were some problems and it was not responding correctly to integration.

Scalability seems to be ok. It's supporting more than 200,000 devices and in terms of scaling, it's ok.

For me, the technical support is good. I asked support for certain points to move on, in terms of new things, and I haven't received any good feedback.

I think that they are ok with the current platform and the current support, but they are not ok in terms of providing us with where they are evolving.

For antivirus projects, we were using Windows Defender and Skype for previous platforms such as Windows 7. Now, we are still using Windows Defender.

For additional features or features that are redundant with Defender, we are using Cybereason.

The initial setup was straightforward with plenty of issues.

It took between a few weeks and a few months to deploy.

We were using Cybereason directly.

In terms of pricing, it's a good solution.

We are evaluating the possibility of enabling Microsoft Defender ATP, which will cover most or all of the suites and the features that we have on Cybereason as well.

My advice is to evaluate carefully Microsoft Defender ATP and see if they are running fully with Microsoft. If they are evaluating anything at the endpoint level and they plan to use Mac, Windows, and Linux, they should pay attention to Microsoft solutions. Microsoft is becoming a leader in this area.

The cost of Microsoft is quite high, it is something that has to be discussed with Microsoft on a case by case.

I would rate this solution a seven out of ten.

We faced a few imminent threats, so we used Cybereason Endpoint Detection & Response. Last year, we had Apache due to SB vulnerability, then we also had a few ransomware attacks, so it was quite helpful for us to have a tool such as Cybereason Endpoint Detection & Response in place because the attacks weren't able to get through. We also have another tool which sends out the logs from our firewall on the antivirus on our server, and those logs are stored on a particular Splunk server, so that's an additional security that we have.

What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it.

What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on.

We've been using Cybereason Endpoint Detection & Response for three years now. The product also provides ransomware protection. We have other solutions, for example, for EDR and XDR, we use Cybereason Endpoint Detection & Response, and for endpoint protection, we use Kaspersky and Symantec.

Cybereason Endpoint Detection & Response has good stability.

Cybereason Endpoint Detection & Response is a scalable solution, as we can add additional licenses to it without any issues.

The technical support for Cybereason Endpoint Detection & Response is okay. We have some open cases, and the support is okay.

We manually set up Cybereason Endpoint Detection & Response. We also have a deployment tool, so it depends on the situation. Sometimes we can do it via automation, and sometimes we have to involve the local agent. As for how long it took, for automation, it would still depend on the size of the company, for example, if one site has a hundred and ten, it would take one week. For manual deployment, it would require three manpower. For our company, deployment took one month.

I'm aware of the licensing costs for Cybereason Endpoint Detection & Response, but I'm not comfortable sharing the information as that's confidential.

My company has around five hundred to six hundred users of Cybereason Endpoint Detection & Response. Four technicians handle the solution, in terms of deployment and maintenance.

I can recommend the solution to others who may want to start using it, particularly if I have references. My company recommended it to two or three companies that now use Cybereason Endpoint Detection & Response.

I would rate Cybereason Endpoint Detection & Response eight out of ten.

The interface was seen to be more user-friendly compared to other
products I have used.

We had a number of issues tuning the clients. When first installed on a
number of servers, we observed high CPU utilization.

I have been using Cybereason Endpoint Detection & Response for nearly
three years.

It is a stable solution.

The original team reviewed several alternative solutions. I had previously
looked at Carbon Black, Symantec and CrowdStrike.

We had a lot of issues when the the tool went online, it was consuming too much results on the machines, especially on servers. It is not very difficult to maintain the solution.

Our ROI at the beginning, it was a bit shaky based on what it showed about how long it took to throw it out since the almost, like, the third tranche of setting it up, it's net out of return of investment

Comparison with other products showed it be cheaper than some larger
competitors. Set up cost for us were cheaper as we already had users
experienced with the product in other business units. Initial licensing fee
was based on number of endpoints.

Ensure you have a good support contract.

Overall, I would rate it is out of ten.

The product's NGAV feature that can protect my endpoint from malware is the most valuable one for me.

Cybereason Endpoint Detection & Response is quite good in providing protection and investigation. I feel that the product lacks reporting features and needs improvement.

I have been using Cybereason Endpoint Detection & Response for almost one year. I am using the solution's latest version. We are distributors of Cybereason.

I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten.

It is an easily scalable solution. Scalability-wise, I rate the solution a nine out of ten.

Around 100 people in my company use Cybereason Endpoint Detection & Response.

Though I don't have much experience with the technical support of the product, I rate the technical support a nine out of ten.

Positive

On a scale of one to ten, where one is difficult, and ten is easy, I rate the setup phase a nine.

The solution is deployed on the cloud.

For around 100 employees, we need three to five days for the deployment of the product.

We need three people for the deployment.

On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight.

Before choosing Cybereason Endpoint Detection & Response, I evaluated a couple of brands, including products named CrowdStrike and SentinelOne. Cybereason is good and provides high performance while also helping my team to manage incidents.

For some organizations that are aware of cybersecurity ways that indicate the need to focus on the endpoint area, I recommend they find some solution to help them to protect their employees. Cybereason is a good platform in the area they function.

Overall, I rate the solution a nine out of ten.

We are a big organization and it is very critical to manage security. So, we mostly we are identifying the suspicious problems we saw running in the system.

The most valuable feature is the antivirus and instant isolation of the PC to gather the malicious. We are updating the hash file and unknown hash file to block it. 

With Cybereason, we can never fail any business type because of the antivirus detection. That's one thing we can commend the product for. Also, it's subduing menial processes. Like when we are doing any manual job the first process was launched on the last year so it's still wanting to process any linked or not. It's got a really clear intel lifecycle.

It will detect anything that can be malicious, from build ups and videos to anything that can be viruses and some malware. Like communicating to the malicious websites. So such logs shows such clear cut review and what it shows like what are the hosting packets. Immediately we can pick up the computers in the network if any malicious operation that is triggered.

The graphics are a little lacking. This is one of the problems of this solution.

There are no issues with the stability of the product.

It is scalable. We use this solution for over 20,000 workers who are employed at our company.

The set up is a bit complex. We were using cloud when we setup the solution. As we implemented the product, we had to tell them what are the requirements so they understand and they are creating the package. It initially took some time to deploy.

It will alert if any computer contacting this malicious host so immediately it cut off this computer to the network. It will kick off the system from the network, so it will become deficient from the network, then email it to us. It can easily help you do so. So, we integrated the Cybereason and our ideas are integrated too.

I am not personally responsible for the licensing of the product. I have no opinion.

The Cybereason learning tools are fun to use. The tutorials are helpful. There is an open onboarding and training with Cybereason.

We are a solution provider and we deal with three different vendors to supply security products for our customers. One of the products that we implement for them is Cybereason Endpoint Detection & Response.

It is used for endpoint protection, in general, and monitoring the endpoint. Those asking for EDR usually have a security operations center (SOC). They just want to see the dashboard, the incidents, and whether something has happened on the endpoint.

This product is somewhat new for us, so we haven't been able to secure deals with our customers for it yet. We have proposed it to one customer because it was requested.

Also, I think that Cybereason only has perhaps 500 employees, and there are not many technical people in the Middle East. There is only one regional manager and he is based in the U.A.E., and within the past four or five months, they hired a new service engineer (SE).

The dashboard is very good and you can consider it as an interactive UI.

There are not many resources in this region for Cybereason, although I have seen some webinars and technical sessions for it.

Cybereason is not flexible in terms of needing a lot of servers, or assets. My understanding is that it requires a lot of components to keep it alive. This is unlike BitDefender, which only needs one virtual machine that you upload and run. Some customers don't have the resources available for this.

They do not have anything related to mailbox security.

Cybereason does not have sandbox functionality.

We signed the contract with Cybereason to sell the Endpoint Detection & Response solution a year ago, although we have not had much experience with it yet. Most of our customers already have endpoint protection from Kaspersky and are asking for license renewals and support. It is similar for our customers that have BitDefender.

I have not been in contact with technical support.

We also deal with BitDefender and Kaspersky.

I have some hands-on work with BitDefender and have completed some implementations.

Both Trend Micro and BitDefender have support for mailbox security. For example, they have specific functionality for securing Microsoft Exchange, or mailboxes in general. Cybereason doesn't have this option. The same is true for sandboxing capabilities.

This is a product that requires a lot of resources when it is set up.

Some of our customers ask that Cybereason be installed with an air gap.

We do not yet have much hands-on experience with this product.

This product is somewhat expensive and should be cheaper. Having better pricing, in general, would be an improvement.

This is a product that I recommend for endpoint protection in general, and for the server. However, if they need mailbox security then I would recommend another product.

I would rate this solution a seven out of ten.

The primary use case is endpoint protection and production.

It has a practical use. If a file was infected on somebody's laptop or workstation, then it is now easier for us to understand what the impact is on the environment. 

The Cybereason product enables me to go directly into the software and execute it. I can look up the process, who were the dealers, what were the websites, and what were the IP addresses which were contacted. I can also detect if there were other systems which were impacted or if my environment was compromised.

I found the features of this console to be good. In the chain of actions, if I click on something, it will provide more options for other things. 

In addition, it gives all the information in a clear response. These functionalities are quite good and impressive.

• There can be problems with the Electronic Data Interchange (EDI).
• The reporting feature needs improvement. 

The scalability is good. 

I previously used CylancePROTECT. In comparison, Cybereason is new, and has a couple of things which are not good. However, it detects false positives in the end and gives all of the information in a clear response. Its functionality is impressive.

The initial setup was easy and straightforward. It took about two months. 

In terms of cost, this is a good choice for our needs.

I previously considered CylancePROTECT and CrowdStrike. However, we found Cybereason a better solution for our needs. 

An organization seeking a product like this needs to evaluate its standpoint. It must decide whether it is looking for flexibility or ease of administration. 

Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment that resolves the provenance and impact of a risk and threat elevated by incoming logs

Anomaly detection - using a baseline and anomalies to surface and rank incoming logs and associated threat/risk - these tools are better able to 'separate the chaff from the wheat' and avoid alarm fatigue and false positives plaguing current log aggregate type of security solutions. Further these security analytics 'learn' in the background and with much more agility than current solutions which must have an explicit 'learning mode' for an extensive period of time as part of set up.

'Fuzzy Logic' rules - morphing the term to describe how these solutions are much more agile and relative in interpreting risk and threats than current generation correlation rules with rely on very discrete criteria to treat incoming logs priority. Very important as malware and cyber criminals are equally agile at morphing there attack vectors.

Shop floor to top floor - the UI and dashboards tend to move the querying and decision making and resulting assessments up to the executive suite (C level) as opposed to backrooms SIRT, InfoSec tool. Goes to response time and TRA.

Kill Chain - these solutions build a non linear attack 'genealogy' showing direct chain of custody of events leading to a data breach AND related events, users, end points involved passively or as middle men over time. This not only gives the provenance of breach but points to future weak spots in your surface area to proactively in advance of future attacks.

Like any new product the traditional enterprise readiness criteria around scaling, support, robustness, integration and deployment need to be proven out over their maturity curve. That being said their architecture provides confident remedies for scaling and robustness. Further as a 'pro to the con' these tools 'play nice in the security sandbox' in that they have public apis that easily integrate into existing security suites to add value to existing log aggregation solutions in place in an enterprise with significantly reduced set up cycles to their predecessors.

Security Analytics;

Assessed/Used the following next gen security analytics tools. There may be more competitors in space but these are the ones I am most familiar with and endorse:

• Interset (formerly Filetrek)
• Cybereason
• SQRRL

This is a compare and contrast relative to best of breed DLP/SIEM solutions in Garner MQ and widely deployed

Differentiators

Interset - further to above key differentiator of this product is focus on insider threat - by tracking file activity and correlating against user end points and risky activities (read file exfiltrations) the resulting dashboards present an organizational risk profile with actionable events prioritized by risk = probability X impact. If one supports the notion that layered security needs to focus on inside out risk instead of trying to securing the perimeter - a very compelling tool for where to focus your infosec/forensic brain power.

Cybereason - similar in mindset to above (inside out risk) this application focuses on Malops - ie the notion that malware has and will continue to penetrate the perimeter - but will exhibit tell tale patterns of behaviour trying to exfiltrate files (in a manner similar to an insider) - this tool excels at identifying potential attacks in a manner easily understandable at an executive level and again maximizing efficiency of your deep security talent.

SQRRL - similar in intent to Cybereason. Major differentiator is tight AD coupling and labeling functions that can decisively evaluate impact and importance of data under attack and provenance of attack (what users are involved, what machines are infected)

As a final thought - my recommendation would 'either or' selection - they all support the notion of a security ecosystem where every tool gets better with more data. So using these tools in a sort of proactive round robin log assessment and pushing logs to each other would provide the best all round solution.