Cybereason’s Cyber Defense Platform combines prevention, detection and response into a lightweight agent. This multilayered endpoint protection platform delivers signature and signature-less

anti-malware functionality to prevent known and unknown threats. It also applies behavioral and deception techniques to prevent ransomware and fileless threats by using layered prevention to collect raw data from endpoints and pass it to the Cybereason Cross Machine Correlation engine. The engine enables behavioral detection of advanced attacks and real-time automated threat detection.

Malop Detection is Cybereason’s take on alerts and provides a full attack story with contextual visibility into the specifics of detected malicious behaviors. Cybereason takes the approach that an alert should be indicative of an incident, not just a single step of an attacker, and supports it with a visual attack timeline that has been enriched with threat intelligence and the MITRE ATT&ACK framework. Relevant information aggregated from a variety of sources helps analysts understand an attack, simply by clicking into one of these alerts.

Proactive Threat Hunting uses a query builder as the backbone of its intuitive user interface, making investigation and threat hunting across an enterprise easy, feasible tasks. All endpoints are included in the story to get a bigger picture of an attack. Analysts can see where a lateral movement took place and where it led on a definitive timeline. By pivoting each lateral movement an analyst can obtain more context on what an alert looks like. A helpful button allows a security team to isolate an infected point from the network. Because this is often the first step in remediation, Cybereason has built in this a one-click button as a quick and easy containment option. The solution makes it possible to automate isolation and even open a remote shell to each machine.

Attack Tree provides an easy way to navigate processes executed on an endpoint, distinguishing which are currently under investigation and which processes are believed to be pieces of that same incident.

Installation was straightforward. Ubuntu is available but we did not test its functionality. Navigating the platform was very intuitive. Diving into the dashboard following testing, we found the infection count was laid out logically. Several vulnerabilities were identified and by drilling into the affected machines, we found much more information.  Organizations can expect to increase business resilience with faster time between detection and response. Analysts can easily investigate and hunt threats using the visual query builder. Printable reports are put together so that both security analysts and C-level executives can benefit from them.

Tested by Tom Weil & Matthew Hreben