Cyber Defense Platform 19 Product Review

Summary

ybereason’s Cyber Defense Platform combines prevention, detection and response into a lightweight agent. This multilayered endpoint protection platform delivers signature and signature-less

anti-malware functionality to prevent known and unknown threats. It also applies behavioral and deception techniques to prevent ransomware and fileless threats by using layered prevention to collect raw data from endpoints and pass it to the Cybereason Cross Machine Correlation engine. The engine enables behavioral detection of advanced attacks and real-time automated threat detection.

Malop Detection is
Cybereason’s take on alerts and provides a full attack story with contextual
visibility into the specifics of detected malicious behaviors. Cybereason takes
the approach that an alert should be indicative of an incident, not just a
single step of an attacker, and supports it with a visual attack timeline that
has been enriched with threat intelligence and the MITRE ATT&ACK framework.
Relevant information aggregated from a variety of sources helps analysts
understand an attack, simply by clicking into one of these alerts.

Proactive Threat
Hunting uses a query builder as the backbone of its intuitive user interface,
making investigation and threat hunting across an enterprise easy, feasible
tasks. All endpoints are included in the story to get a bigger picture of an
attack. Analysts can see where a lateral movement took place and where it led
on a definitive timeline. By pivoting each lateral movement an analyst can obtain
more context on what an alert looks like. A helpful button allows a security
team to isolate an infected point from the network. Because this is often the
first step in remediation, Cybereason has built in this a one-click button as a
quick and easy containment option. The solution makes it possible to automate
isolation and even open a remote shell to each machine.

Attack Tree provides an easy way to navigate processes
executed on an endpoint, distinguishing which are currently under investigation
and which processes are believed to be pieces of that same incident.

Installation was straightforward. Ubuntu is available but we did not test its functionality. Navigating the platform was very intuitive. Diving into the dashboard following testing, we found the infection count was laid out logically. Several vulnerabilities were identified and by drilling into the affected machines, we found much more information.  Organizations can expect to increase business resilience with faster time between detection and response. Analysts can easily investigate and hunt threats using the visual query builder. Printable reports are put together so that both security analysts and C-level executives can benefit from them.

Tested by Tom Weil & Matthew Hreben

Comments are closed.