Cybereason Deep Hunting Platform
Strengths: Clean UI that is packed with information and easy to navigate.
Weaknesses: No knowledge base or FAQ available.
Verdict: Solid implementation for this next-gen solution with top-tier EDR functionality. If you are looking for a new solution, this should be one to consider.
SummaryThe Deep Hunting Platform by Cybereason allows organizations to protect their environment from even the most advanced threats. The cloud-based hunting engine takes feeds from the endpoint sensor to paint a picture of what is happening in your environment. These events are analyzed for malicious activity which Cybereason refers to as "malops," or malicious operations. Cybereason's Deep Hunting Platform delivers tools along the three main stages of the attack: prevention, detection, and response.
When logging into the cloud management console, you are greeted with a beautiful user interface that has been maximized to display important threat information across the entire screen; the minimal menu is hidden in the top right corner. The discovery board has a summary of events and focuses on the malops, especially the current remediation status of each identified malop in your environment. This dashboard is one of the most complete solutions we've seen. It elegantly takes each critical bit of information about the malop and provides a high-level summary of what it is doing inside the environment. Users are presented data around infections, lateral movement, privilege escalations, and network connections. Since this data is being streamed from the endpoint, it is always up-to-date.
Drilling down into events is simple and you can almost get lost in the wealth of information that is provided. This granular data is displayed in a clean and organized manner. We found the expected, typical kill chain, but were pleasantly surprised by the level of detail provided. EDR bundled with a next-gen AV solution is typically limited, but Cybereason delivers standalone functionality.
This is an excellent tool for forensic investigations. It has multiple drill-downs that speed you along to where you need to be over the course of your investigation. So it is not surprising that Cybereason provides detailed evidence on suspected malop(s). A malop likely is inclusive of multiple elements rather than a single piece of malware, and details of all those elements are a necessary part of any forensic investigation.
Support has improved to 24x7 email and phone support, an improvement from the previous 8x5, and is included in the annual cost. While support is fairly comprehensive, it is missing a couple of elements we would like to see, such as a support portal with a knowledge base and FAQ sections. With Cybereason's Deep Hunting Platform, security professionals have access to a combination of next-gen AV and a powerful EDR toolset that provides them with unparalleled visibility compared to traditional next-gen solutions. If you are looking for a new next-gen AV or a complete EDR solution, start with Cybereason.
- Michael Diehl
Tested by: Michael Diehl