Cybereason Defense Platform operates as a multilayered endpoint platform designed to empower organizations to hunt for unknown threats. The platform automates the controls necessary to detect and prevent as many infiltrations as possible. It also presents analysts with a readable attack story of Malops (malicious operations) so that they may take effective action. Cybereason achieves this level of efficiency by following one simple formula: become proactive and go hunting.

The platform focuses heavily on delivering useful context for all the data it collects. The machine learning module highlights interesting aspects of the information and knowledgably connects the dots between these insights, giving analysts the wisdom necessary to investigate and respond effectively. It also presents alerts almost in real-time so analysts may comprehend the actionable information that the platform issues and respond to it as quickly as possible. Cybereason can detect even sophisticated attack techniques such as privilege escalation, lateral movement, and code injection, creating a big picture of a threat landscape as soon as the solution gets deployed.

The product has a clean management interface and offers two different views: Malops Discovery Board and the Malops Management Dashboard. We find that the navigation lacks the intuitive feel we have experienced with some of the other solutions this month, mostly because some command responses to the hosts are delayed. The Malops Discovery Board offers visibility into the monitored environment by tracking different activities at various stages, indicating the severity and extent of any infiltration, and giving an accurate timeline of attack occurrences. The Malops Management Dashboard features many filtering options based on the detection and response activities available to analysts. It also has comprehensive overview information, showing all the connections that a malicious process has made as well as a timeline view of when these events have occurred. We particularly like the domain generation tool because it displays a description of an event as well as a number tag that corresponds to the MITRE ATT&CK technique associated with it.

The attack tree is the platform’s most useful graphic report. It offers a big picture of incidents and enables analysts to investigate a chain of events with broader context. Users may click on and delve into virtually everything on the attack tree, making it as easy as possible for analysts to investigate incidents. There are also numerous pre-defined, exportable reports that provide several different views with varying granularity.

Overall, we consider Cybereason Defense Platform a solid, low footprint endpoint security option that issues alerts immediately without interrupting normal internal system processes. The cross-machine correlation delivers thorough, enterprise-wide visibility and event correlation, presenting analysts with actionable information and one-click remediation options. The platform can easily correlate this information by ingesting different resources and data, leaving the door open for businesses to incorporate IoT devices and other technologies in the future.

The platform costs $50 per endpoint, per year and includes 24/7 phone, email, and website support. The documentation library features many self-paced training and effective manuals with embedded how-to videos that demonstrate step-by-step processes. We really appreciate the maturity of the regularly updated support material.

Written by Katelyn Dunn

Tested by Tom Weil