Cybereason Total Enterprise Protection: EDR Product Overview and Insight

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: Cybereason bills itself as the leader in endpoint protection. The company applies a military perspective to cyber security Founded by Israeli cyber intelligence professionals in 2012, it is privately held and headquartered in Boston, with offices in London, Tel Aviv and Tokyo.

Product description: Cybereason offers EDR, AV and managed monitoring services. It is powered by a custom-built in-memory graph. It is described as an automated hunting engine that detects behavioral patterns across every endpoint and surfaces malicious operations. Cybereason’s platform blocks known bad attacks and aggregates good and bad behavioral data so it can be mined and investigated. It alerts analysts to malicious operations and offers visualization of events, as well as investigation and deep diving with options for remediation and future prevention. It also provides monitoring services and analytics support, along with reinforcement and hunting services.

“Traditional solutions work on stopping known bad malware and fail miserably at stopping attacks because attackers don’t show up with known malware,” said Sam Curry, Chief Product Officer of Cybereason. “An EDR must collect behavioral data and put it in a system that can be mined, investigated, and searched rapidly with options for immediate response. Every piece of evidence should be rendered in a narrative and timeline and context showing what’s happening and making this usable and consumable with peers.”

Markets and use cases: The EDR product is aimed at companies of any size or any vertical with little security talent.

Agents: Cybereason Sensors are deployed on end user machines and servers. They collect data from Windows and Mac OS X endpoints, and can execute response actions, allowing for swift containment.

Applicable metrics: Cybereason can render eight million questions per second as it processes the real-time model of a company’s entire compute. Curry said it has no limits in terms of size of deployment, utilizes low bandwidth and exerts little CPU impact.

Security qualifications: None. Curry said its customers don’t care about these. However, it employs security best practices.

Intelligence: The back-end includes several data structures, chief of which is a mineable graph on which the software can perform many forms of machine learning and general analytics.

Delivery: Cloud or on-premises

Pricing: Cybereason’s EDR Platform is roughly $50 per endpoint before volume-based discounting.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required