Cybereason Detection & Response Platform
August 22, 2016
Starts at £58 per endpoint.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Next-generation approach to endpoint protection.
- Weaknesses: Minor weakness in the website, particularly the lack of a support portal.
- Verdict: This one is very much worth your consideration.
This is a pure-play endpoint protection tool with a strong focus on malware. It is a hybrid with sensors at the endpoints that communicate with a "hunting engine" in the cloud. The hunting engine uses its collected data, malicious activity models and threat intelligence to analyse events. These events are analysed for malicious activity, which Cybereason refers to as "malops," or malicious operations.
This is a tool that has as much value as an analysis tool as it does as an alerting tool. When we launched the product we had a variety of screens to which we could go. We started with the discovery board, which has a summary of what the endpoints are seeing and focuses on malops. It shows what - if any - malops are in process or have been and have not been addressed. This board is one of the best we've seen. It takes each malop and describes, at a high level, what is happening. Users see such things as infections, lateral movement and privilege escalation as examples. Then the drill-down starts.
The drill-down gives a lot of detail, at least in general terms. However, you can go much farther. For example, you can get an excellent graphical map of unknown malware that might be the result of your drill-down and an underlying cause of a malop. The map shows the infected file, a description of the problem, where the infected file came from, what endpoint it infected and the root cause of the malop. There are similar drill-downs for unauthorised users. All of this information comes together in the investigation screens.
This is an excellent tool for forensic investigation of malops. It provides detailed evidence of a particular process suspected of being a malop. Because a malop likely is inclusive of multiple elements rather than a single piece of malware, details of all of those elements are a necessary part of any forensic investigation. This tool has multiple drill-downs that get you where you need to be over the course of your investigation.
While this does not do DLP per se, it does look for exfiltration as part of a malop. Cybereason refers to this as "data theft" and it is part of an investigation. That piece is not limited to malware exfiltration. An unauthorised user could, as part of an intrusion, exfiltrate data as well. All of these capabilities are included in the malicious operation dashboard, the malop visualiser, the investigation workbench and the single-click remediator.
Support is eight-hours-a-day/five-days-a-week and is included in the annual cost. It comprises phone and email. An extra cost option provides active monitoring and a managed monitoring service. The website is, generally, quite complete. However, it is missing a couple of things we'd like to see, such as a support portal. We'd also like a knowledge base or FAQ. However, that gap is well-filled by a collection of white papers, case studies and an active blog.
The blog, for example, carried a preview of some interesting research that was presented at Black Hat. Cybereason has an active research programme and research reports are available on the website. As well, there are some interesting videos - separate the good stuff from the marketing, though - and it is clear that this is an evolving company with a product that is evolving with the threatscape. We are used to seeing this in next-generation threat analytics tools but not as frequently in something potentially as prosaic as endpoint security. This is a good sign.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears