Cybereason Endpoint Detection & Response Reviews

My main use case for Cybereason Endpoint Detection & Response is mostly for incident response.

In terms of features, the most helpful aspect is usually either the isolation or eradication of suspicious scripts; depending on the company, sometimes we use the isolation, sometimes we use the eradication components.

Cybereason Endpoint Detection & Response provides automated response capabilities so I can mitigate threats. This capability is useful for low hanging things and basic tasks, but as soon as things become more complicated and there are other scripts involved, the usefulness decreases.

When it comes to advanced threats, it sometimes helps me with finding them and hunting them down with threat detection capabilities; sometimes it's helpful, but sometimes it just drops more data on the search. For example, there is some assistance, but there are times I have to refer to it myself, though there is some help to narrow some of it down.

I have been working with Cybereason Endpoint Detection & Response for about four years now.

The capability to integrate is indeed there, and it's very easy to deploy.

Regarding the initial setup and deployment, it's not difficult to deploy Cybereason Endpoint Detection & Response.

To get my Cybereason instance up and running, I just install it; it takes less than a minute or two to actually install and run the installer. The longest time is actually getting my Cybereason instance up and running.

In terms of support quality, it depends; if you're a partner with them, they provide fairly good support through a concept called invest support. However, if you're not a partner, the support can take up to a day or two, making it less useful if you're not directly partnered with them.

Neutral

I mostly work with incident response, so I work with a bunch of them interchangeably, but mostly with the EDR components; I also get involved with some of the XDR components, especially for the cloud.

Regarding analysis features, such as deep behavioral detection, I do use it sometimes; I usually don't use the automated version of it, as I prefer threat hunting directly, depending on if the season is available. I know some of them have pretty good analytics engines, but I tend to do the threat hunting on my own.

I manage incident response for a bunch of companies, so some of them have Cybereason Endpoint Detection & Response integrated into Sentinel, some into Fortinet, and others into various tools.

When considering cost-effectiveness, their pricing structure works such that if you're a large organization with more than a thousand endpoints to deploy to, then Cybereason Endpoint Detection & Response is worthwhile. But for anything less than 300, it's too expensive; obviously, the more you buy, the better the price, making it cheaper for you.

Cybereason Endpoint Detection & Response best fits enterprise-level businesses such as huge corporations; however, we are in the process of removing it from many of our endpoint clients because it's not really showing enough value for them at the moment. We're trying to see how we can improve it with some of our clients, but at the moment, it's struggling compared to other EDR solutions that we have deployed.

On a scale of one to ten, I rate Cybereason Endpoint Detection & Response a six.

We use it to improve detection in the whole industrial sector. We are a big energy company. Across multiple endpoints, we deploy the EDR to secure all, improve detection, and also attempt to automatically protect against some threats. This is done across more than 250 sites around the world with many endpoints, multiple thousands of endpoints, all aimed at improving detection.

What I find most valuable is the clarity of the platform. It is very straightforward. There are not a lot of buttons, yet I find my way very easily to the different modules. It is clear and easy to use. I can create groups of endpoints and define policies with multiple modules to activate or deactivate based on needs. I added a good point about the ease of using the solution and the clarity of the platform in general. It is a very clear platform with a clear dashboard and a lightweight agent that does not cause any performance issues typically. I have all the information needed to work and a very rich API. I can integrate a lot if I want to use Python scripts to automate tasks, which can be done via the API.

I would like to see improvements on the operational side, specifically in grouping. Currently, I can group sensors into a custom group and assign policies, but I feel it is a shame that I cannot create groups of groups with inheritance. This would be useful for organizing multiple sites or countries into a single group containing multiple sub-groups. 

Additionally, in the whitelisting case, if I want one policy to have specific whitelisting, but not all the machines in that policy to have it, I could use multiple groups belonging to the same parent group. It is a bit disappointing that whitelisting can only be done via policies and not for individual machines. If I need to whitelist for only one machine, I must create a specific policy. This poses a challenge with two thousand endpoints, making it nearly impossible to create two thousand different policies.

I have used the solution for the last six months.

I am not aware of any stability issues. When we have performance issues, we always find a solution. Sometimes a module causes a specific type of machine to slow down slightly. We then deactivate that module and activate another. We inform Cybereason about any issues, and they work on a new solution, either with an update or a custom fix in anticipation of the next update. We faced some issues but always found a solution quickly.

It is scalable. 

For technical support, I would rate it eight or nine out of ten. Nine is great actually since we have people available when we ask, and they know what they are talking about. That is great.

Positive

This is the first solution I've used.

I am not sure if I can talk about the setup, however, you need five or six people, maybe. It is quite easy and straightforward. We have many endpoints and different operating systems, and yet it is quick. 

You need to set up the installer manually; then, you can deploy it to all endpoints via any sending method. Execute it, and it will work perfectly fine. In fifteen minutes, it is deployed. We faced one or maybe two installation problems. It is quite clean. The problems are not linked to Cybereason, just another antivirus was not uninstalled previously, causing detection issues. However, that is not Cybereason's fault. 

I have no negative comments about the deployment. It is easy and straightforward.

The vendor should consider that I don't think Cybereason is widely used by a lot of companies. They sometimes use CrowdStrike or other more famous solutions. Check with vendors if they agree to use Cybereason or if they use any other EDR solution to prevent compatibility issues.

They should consider that I don't think Cybereason is widely used by a lot of companies compared to solutions like CrowdStrike. Check with vendors if they agree to use Cybereason or if they use other EDR solutions to prevent compatibility issues. 

I would rate this eight out of ten.

We use Cybereason Endpoint Detection & Response to scan and detect unusual processes and malicious files on the endpoint.

The product's threat-hunting feature is very intuitive and easy to use as it is GUI-based. We need to know the specific fields we want to scan. It gives the entire report of the activities on the machine right from the first process to the last process.

It could be helpful if the endpoint agent has self-healing capability in case it gets corrupted. It should be more stable, and the sensor needs improvement in terms of connectivity.

We have been using Cybereason Endpoint Detection & Response for four years. At present, we are using the latest version.

The product is 95% stable.

The product is 100% scalable.

The technical support services are good.

The initial setup process is straightforward. We have to install the agent, create a package, and deploy it on servers. It has a prebuilt console managed by the cloud team of Cybereason. We don't have to worry about the console and concentrate on endpoint implementation. It takes ten days to deploy it on 10,000 devices.

The implementation can be in-house. However, you might require a consultation to deploy a particular proxy.

The product generates a good return on investment.

The product's licensing is based on the number of endpoints. The pricing is manageable.

We conducted demo sessions for different products. Comparatively, Cybereason Endpoint Detection & Response has an inbuilt algorithm within GUI. We need to connect the dots and get the output. It processes incident response faster. At the same time, other tools rely on writing queries.

I rate Cybereason Endpoint Detection & Response a nine out of ten. If you are looking for infrastructure security, I recommend the product. It provides a snapshot of machine activities.

My use case for this solution is multipronged. First of all, I use this solution to provide the traditional signature-based antivirus to all my endpoints on different operating systems. The second part is to get the additional protection from the behavioral learning and behavioral predictions.

Threat hunting is not something that we have done much of in the past. Therefore, Cybereason has enabled us to do threat hunting efficiently.

We shifted our traditional antivirus-type operations over to the Information Security Department from the PC and server tech area. We then built our operations around this shift.

Cybereason has given me visibility into some things I didn't know about.

They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen.

It is a very effective tool. I have a level of comfort in the way it is detecting and finding things at an early stage. Different tools find different things. When we installed this, we found different things going on that we didn't know about previously, some more nefarious than others. 

The biggest feature is the fact that I have one product that works across all my different operating systems. It works across a lot of different endpoint operating systems, e.g., Windows, macOS, iOS, Android, and Linux. I chose the solution because it covers the entire realm of all of my devices on a single endpoint agent, then back to one console. This prevents me from having to manage multiple products for multiple operating systems. I did not have these capabilities on anything other than Windows and Linux previously. XDR has expanded my capabilities into all my other endpoints, e.g., mobile OSs, beyond Windows and Linux.

Cybereason provides a ton of detail. Not only do we see that something malicious may have been executed on a machine, but we also see everything else that is executed on that machine, which may or may not be involved. Therefore, it has given us a ton more information and context around an event, rather than saying, "Oh, we spotted this suspicious file." Instead, it gives me the context around it, telling me how it was executed, where it was executed from, and why it might be malicious. So, it has changed the way we function.

In the past, we looked at it, and said, "That looks malicious (or not). Check the box and move on." With Cybereason products, we have much more detail behind it so we can make more informed decisions on whether an action is malicious. An added benefit is that it has also helped us discover a lot of other software applications running within our environment. We probably found another 10 to 20 applications running within our environment that we weren't aware of before.

All its information about malicious operations (MalOp) keeps me from having to go to multiple different sources to find it. That is definitely the truth. I can usually do whatever triage that I need to do from the Cybereason tool to know if something is malicious or not, then feel comfortable with that decision. There is not any guesswork. On a couple of occasions, I still had to go back to a particular computer to dig out additional logs that weren't there, but that is to be expected. It has come a long way. I am not seeing an alert, then having to go find other tools to find out more context to that alert, because the context of that alert is right there in the dashboard.

The ease of use and dashboards are improving. We came in at a time when they were developing a new dashboard screen. Therefore, we have had some confusing times between the old and new dashboards. Knowing how the new one works, I have seen vast improvements with it.

While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper. They are improving on this because I have seen some improvements in the user interface that helps with this. Part of it was moving two different screens into one, merging the two together.

It is very good, but it is very technically detailed and would be harder for an entry-level person to decipher. However, improvements are being made.

It leverages indicators of behavior to help us remediate faster against attacks. Sometimes, I wish there was more detail on why they consider it malicious.

We have been using Cybereason for less than a year.

They have an awesome technical product. They are still catching up on the customer side, but they are working hard at it. I have seen a lot of improvements already.

I have just under 1,000 endpoints and have seen no issues whatsoever with scalability. It should have no problem going further.

I have been working with the product team a lot and giving them a lot of unsolicited feedback.

I would rate the support as seven out of 10.

Neutral

We had an antivirus or next-gen antivirus product before that was mostly managed by the vendor. We saw alerts, but really nothing else. We couldn't dig very far into those alerts, etc.

Cybereason has given me more coverage across more operating systems than what I have had in the past; I have more visibility now into a lot more areas. Before, I was seeing about half of my network. Now, I feel like I am seeing nearly all the devices. This was a huge thing for me when it came to changing our operations.

The initial setup was pretty straightforward. Deployment took two or three months. 

We started with a few machines in monitor-only mode to see what kind of noise we had. Then, we expanded the number of machines and continued monitoring. Once we had everything in monitoring mode, we were then able to start turning on some of the blocking and automated actions. 

We used our in-house team.

It is helpful with a small security team because it puts everything into a single pane of glass. Being able to see everything in a MalOp-centric form shows you how many machines and users are affected right away. It definitely helps a small team be able to dive right in and figure out how widespread a problem is, or if it is a problem.

I had to go through a third-party to purchase it, which I wasn't really pleased about.

We can mitigate and isolate on the fly. Anytime there is an alert, it gives me the option to block the threat, quarantine the threat, or isolate a device. It is very important to have these different levels. We have seen other products that only isolate the device. This is sometimes a bit of an overkill, since it usually interrupts the end user's day more than necessary. Having multiple options to:

1. Block the process
2. Quarantine a file.
3. Isolate the device. 

That gives me a bit more granularity on my response rather than just isolating or blocking.

At the blocking level, we have used some automated migration and isolation processes. However, we are still very cautious. With everything that we do, we start out in monitor-only mode so it warns us first. We see what our baseline is and track those things down, then we turn on the automatic mitigations. So, we have it in some areas, but not in all areas.

We are using just about all the pieces that we currently have of this solution. For the pieces that we are not using, those are some of the new XDR features that came out which have some plugins from a Google SIEM and some of the Azure plugins. We don't have those yet and may look at those in the future. For some of those areas, I have coverage in another product so I am not in a hurry to do that.

Overall, I would rate Cybereason as seven out of 10.

Some of our users are in threat hunting. We use it to protect a really diverse environment, including Macs, Windows, Linux, Android, and iOS. So, our primary use for it is endpoint protection. We are protecting around 1,200 endpoints.

We have some automatic prevention, where you can just set it to how confident you are in the product based on how many false positives you are getting, etc. At this point, I think we are getting a little more comfortable with doing automatic prevention since we don't see a lot of false positives anymore. Now, I don't have to chase every single malware that shows up on a user's machine. We are only worried about those that are proactively trying to move around. So, it really lets us focus on the more important things when some automation is involved.

Visibility is such a big thing for us, which we didn't have previously. One of the greatest additions to our environment is having that visibility for the processes running across our network.

Cybereason is helpful to organizations who have a small security team, especially if you have the SOC behind you doing their analysis as well. It is tremendously helpful to have top-notch security advisors help you identify threats in your environment.

I have found their file search really useful as well as their investigation feature. Outside of the management console, their defenders platform is incredibly useful with great content for learning about their features and how the software operates.

Cybereason helps us to mitigate and isolate on the fly. If a malware has been identified, we get various options to mitigate, depending on what we believe is the best option for that specific malware type. We can quarantine the file or isolate the whole asset from being able to talk to the network. It helps us reach our goals of threat hunting as far as incident response goes, since timing is of the essence. It is very important for us to have that ability to do it with one click, and not have to reach out to the system owner before we can take action.

All the information that they have in the Cybereason XDR platform helps a lot. You can see all their dashboards, etc. Overall, I would rate it as 8.5 to 9 out of 10 for ease of use. It didn't take us too long to figure out their platform.

Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business.

We started using it around September 2021.

So far, I would give them 10 out of 10 on stability.

For scalability, I would give them 9 out of 10. It is fairly easy to scale once you get going and are comfortable with it. It was our ability to get comfortable from not knowing how well it would interact with all our different operating systems.

Currently, there are only two individuals who are in it day-to-day. We have given access to our system administrators, but they don't really work with it much unless there are issues going on with the machines that they administer. So, they are not in the solution very often.

In the security arena, I would give them 9 out of 10. We had a small hiccup at the beginning of our onboarding as well as figuring out how the SOC worked. That is the only reason why the beginning was a little bit rough, but I currently can say that they are great and very responsive. 

As far as technical support goes, I would probably rate it as 8 out of 10 at the moment because of how long it is taking to resolve the very few issues that we have.

Positive

We were previously using Microsoft Defender.

We switched to Cybereason for its visibility and logs. Cybereason allows us to integrate a lot better with our SIEM solution. We can do threat hunting from one dashboard. It is a lot more manageable and flexible with a more in-depth view of our environment. It also has compatibility with multiple operating systems.

The initial deployment was very straightforward for Windows, Linux, and Mac. On the mobile side, the deployment has still been very slow. I think their VPN has some compatibility issues with Android or specific versions of Android.

On Windows machines, the deployment took around two and a half months. Part of it was very much due to us wanting to dip our toes first and not go full speed, because we didn't know how our machines were going to react or its compatibility with the system. It was a very wide deployment to various different systems. We were mostly worried about our servers. 

It has done very well with our servers. We haven't really seen many negatively affected assets.

We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold. As security analysts, when you have more information to digest, it will take a bit of time before we decrease the amount of time spent on some systems where we didn't have visibility before. 

It has reduced the amount of time that we spend responding to threats by at least 50%.

If you are a very small security team or have no security team, then I would choose Cybereason for the level of expertise from their SOC and security support team. Also, the product is very easy to manage. Overall, the number of false positives that a system administrator has to deal with is lower, which is better, because you don't have to spend time on it. Instead, you can spend time doing other things, like setting up new infrastructure.

I haven't really had many experiences with other vendors, but I would rate them as 9 out of 10. It goes back to those first issues that we had at the beginning. However, they have stepped up and really have proved that they are a great product.

It's an endpoint in EDR, so our primary use case is for threat detection and remediation for Linux, Windows, and Mac.

The best example of how it has helped is that we can do searches via the API. And so we have our automation tool do a lot of searches automatically based on alerts so that when the SOC analyst goes to review, they have a lot of the information already pulled for them.

It leverages indicators of behavior as a means of detecting attacks. It's very good at detection. It's not so great at prevention. They're a very detection-focused company. So that may or may not work in your environment depending on if you're a prevention-based organization or detection-based.

The leveraging of indicators of behavior helps remediate against attacks faster. One of the things we can do is if we have a process or a hash or something that we know is bad, it's very quick to search for it across the environment. And then we can either have Cybereason yank the file off, quarantine it, or whatever we think we need to do based on the severity of the issue.

Cybereason is helpful to organizations with a small security team. With a single portal to manage and with it being a cloud portal, it really reduces the amount of overhead versus having a traditional on-prem solution.

Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations.

Cybereason helps us to mitigate and isolate on the fly. It's extremely important and mostly because the endpoint is our weakest link. It's what has access to our internal network in the external world. So it's the biggest target. 

We have used it to automate mitigation and isolation processes. The automation that we're doing is a little bit less featured than the product we had before, but there's a lot more you can do with automation than what you can do with a traditional endpoint.

It somewhat provides an operation-centric approach to security that enables us to instantly visualize an entire malicious operation from the root cause to every affected endpoint in real-time. We have several open issues and bug reports with them that it doesn't always pull that data back. So when it works, it does pull a lot of the details, but some of the things like PowerShell Commands are still very limited with what you can see. It's extremely important to us. 

The solution enables us to adapt to attacks and act more swiftly than attackers can adjust their tactics, especially with EDR. We've been able to do a lot more scripting and automation for doing mitigation.

We use the solution's XDR features to extend detection and response capabilities across the broader IT ecosystem. We're basically covering most of our non-appliance infrastructure and some of our appliances. Even network appliances would fall into what we can cover with it.

The dashboards are very minimal. They have some flashy options but there's nothing that we've found that's actually valuable that's in the dashboard. It's very easy to use, but if you have experienced SOC members there's no real query language. So it slows them down to have to click the button a million times, but for new SOC members, it's very easy to pick up because there's no query language.

Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts.

It doesn't always pull data, there'll be times when it can't pull a process or things like that. We brought this up to Cybereason. We have an RFP for it but we have a lot of RFPs and we maybe only had a couple that have been completed.

The high CPU and memory usage are the two main points that need improvement. That's been pretty big. It's caused us a couple of outages. If they had more automation, like policy management via the API, that would be nice because whitelisting path exceptions, things like that, do take a good amount of time because that's done manually per policy instead of being automated. And we're very automation-focused. 

I have been using Cybereason for almost a year. 

Stability can definitely be improved for a cloud service. You expect a certain amount of uptime and you expect when they're doing upgrades on the system, that it's going to be transparent to the end-users. But with their current configuration, if they do an upgrade on our servers, we have seven hours of down time.

It's very scalable. We've been able to roll out. When we went global to a very big chunk and it was very easy to do.

In our office, we have around 25,000 users. When we went global, we gained about 100,000 and then we just went private again a couple of weeks ago. So we're back down to 25,000. We've maxed out at a hundred and we're consistent in around 25.

Around 30 people on the security engineering, the SOC, threat hunting, and incident response teams use it. 

The support people are very helpful, but a lot of the issues end up having to go back to engineering or their support teams. Then once that happens, it takes a long time and it can often take a long time to get to the point where they can even open a ticket with engineering.

The last bug that we reported, it was probably about six weeks before they were able to open the ticket with the engineering team.

We previously used CrowdStrike. We switched because of the cost. We ended up doing more of a global licensing, which added something like 100,000 endpoints for our global contract, so the little bit of price difference ended up becoming quite large.

The initial setup was straightforward. You just install the client and as long as it has internet access, you're pretty much already working at that point, and then it's just fine-tuning your policies or your groupings after that.

We had the majority of our assets done, probably 20,000 in a month for our office. So it was very quick.

We have an automation tool that we use for patching and installing software, and we just did a phased approach of rolling it out to end clients and servers.

It's really good at finding adware, so we have been able to get our environment cleaned up by removing adware and other software like that. That's probably been the biggest value we've seen so far.

Make sure that the product actually meets what you need. We are finding some of the features that brought the price down because it was included like the firewall control, which was a big need of ours and most other vendors tack on a hefty charge for firewall control, that actually isn't full firewall control and it's not the functionality that we needed.

So if we had known that at the beginning, maybe we would've looked a little further because we were thinking that was the biggest cost savings and it's not been as functional as we were hoping.

There are no additional costs to standard licensing. The one nice thing is where a lot of other vendors will nickel and dime you with the features, with Cybereason you pretty much get everything.

My advice would be to make sure that your company's goals align. If you're a detect-focused organization you'll probably be very happy with it. If you're a prevent-based organization, I don't think it's going to fill that niche.

If you have a smaller team, look at what it takes to manage the policies, because depending on your workflows, how you need to patch, or how you need to group things, it may not work for your workflows.

I would rate Cybereason a six out of ten. 

The interface was seen to be more user-friendly compared to other
products I have used.

We had a number of issues tuning the clients. When first installed on a
number of servers, we observed high CPU utilization.

I have been using Cybereason Endpoint Detection & Response for nearly
three years.

It is a stable solution.

The original team reviewed several alternative solutions. I had previously
looked at Carbon Black, Symantec and CrowdStrike.

We had a lot of issues when the the tool went online, it was consuming too much results on the machines, especially on servers. It is not very difficult to maintain the solution.

Our ROI at the beginning, it was a bit shaky based on what it showed about how long it took to throw it out since the almost, like, the third tranche of setting it up, it's net out of return of investment

Comparison with other products showed it be cheaper than some larger
competitors. Set up cost for us were cheaper as we already had users
experienced with the product in other business units. Initial licensing fee
was based on number of endpoints.

Ensure you have a good support contract.

Overall, I would rate it is out of ten.

We faced a few imminent threats, so we used Cybereason Endpoint Detection & Response. Last year, we had Apache due to SB vulnerability, then we also had a few ransomware attacks, so it was quite helpful for us to have a tool such as Cybereason Endpoint Detection & Response in place because the attacks weren't able to get through. We also have another tool which sends out the logs from our firewall on the antivirus on our server, and those logs are stored on a particular Splunk server, so that's an additional security that we have.

What I like most about Cybereason Endpoint Detection & Response is the support because the support is good. The solution is also easy to use, and it has a dashboard. Everything is good, and there's no problem with it.

What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on.

We've been using Cybereason Endpoint Detection & Response for three years now. The product also provides ransomware protection. We have other solutions, for example, for EDR and XDR, we use Cybereason Endpoint Detection & Response, and for endpoint protection, we use Kaspersky and Symantec.

Cybereason Endpoint Detection & Response has good stability.

Cybereason Endpoint Detection & Response is a scalable solution, as we can add additional licenses to it without any issues.

The technical support for Cybereason Endpoint Detection & Response is okay. We have some open cases, and the support is okay.

We manually set up Cybereason Endpoint Detection & Response. We also have a deployment tool, so it depends on the situation. Sometimes we can do it via automation, and sometimes we have to involve the local agent. As for how long it took, for automation, it would still depend on the size of the company, for example, if one site has a hundred and ten, it would take one week. For manual deployment, it would require three manpower. For our company, deployment took one month.

I'm aware of the licensing costs for Cybereason Endpoint Detection & Response, but I'm not comfortable sharing the information as that's confidential.

My company has around five hundred to six hundred users of Cybereason Endpoint Detection & Response. Four technicians handle the solution, in terms of deployment and maintenance.

I can recommend the solution to others who may want to start using it, particularly if I have references. My company recommended it to two or three companies that now use Cybereason Endpoint Detection & Response.

I would rate Cybereason Endpoint Detection & Response eight out of ten.

It detects and flags malware and other attacks. We also have MDR services completely managed by Cybereason. They look into any threats, give recommendations, and analyze what's happening in our system.

The program has taught us a lot, so our team has become more knowledgeable about what's happening in our environment and what is or isn't a threat with the solutions and the services provided to us. There's also an excellent learning process with the EDR wherein they encourage the users to learn what's happening to, I think, be more confident when mitigating any threats or any problems in the environment. Before we had the solution, we were largely unaware of what was happening. Now we are more confident and better grasp what's happening in our environment.

Cybereason EDR helps us isolate and mitigate on the fly, which is essential because we're a small team, and we don't always have a spare IT person waiting to work. We need our team to be proactive in those situations.

Cybereason's operation-centric approach has helped us move beyond chasing multiple alerts and visualize the entire timeline of malicious operations. We can see when they started when they were detected, and if there's any lateral movement. It uses behavior indicators to detect attacks which is an innovative approach. I believe the indicators help remediate attacks quickly, but then again, we have the complete monitoring solution, so they're the ones doing the remediation and sending us recommendations.

It has cut down on the time we spend hunting and responding to threats, which has increased our efficiency because we spend less time thinking about it or managing the system. Cybereason is helpful to us as a small team because we don't necessarily need a dedicated person to analyze threats. Cybereason's monitoring service takes care of that. If there's a threat, we don't need to investigate to see if it's a false positive,

Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment.

I would give the dashboards a perfect 10 out of ten for ease of use. The interface is intuitive, with excellent menus. You can view the data in different ways and customize it fairly easily. There is always a learning curve with any IT solution, but this one is pretty user-friendly, and you can learn it quickly.

Cybereason gives us real-time visibility of an entire malicious operation from the root cause to all affected endpoints. It's an excellent way to visualize the timeline, see what's involved, find out what's happening, and learn what kind of connections or processes are running. I think that's if I'm ever shopping for another solution, that would be a must-have.

The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor.

I've been using Cybereason EDR since June, so about half a year.

Cybereason is stable. We haven't had any hiccups or outages so far. 

I think Cybereason is highly scalable. If we added doubled, tripled, or quadrupled our team size, we could easily continue operations as normal with this solution. It's currently on all the endpoints, but we might increase our usage if we get more language training clients.

Cybereason support has been great. 

We used BitDefender previously, but we decided to switch to Cybereason because it offers some new technology like AI. The company is growing and it looks promising. 

Setting up Cybereason was straightforward. However, if you don't have an IT team that can program the exceptions you need or run the automatic installation,  it might take some time to figure out how it all works. Cybereason offered us some support during deployment. They have a forum, and if we had any questions, Cybereas support could offer customized solutions or guide us through the process. 

The deployment didn't take too long because we didn't have many endpoints. It was maybe a couple of days. We can automatically deploy the sensors on our new machines, so it's quick and easy to expand. The policies are set automatically when we onboard employees and the sensors run pretty smoothly.

Cybereason is affordable.

We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money.

I rate Cybereason EDR 10 out of 10. I recommend it because it's much better than anything else out there. 

The product's NGAV feature that can protect my endpoint from malware is the most valuable one for me.

Cybereason Endpoint Detection & Response is quite good in providing protection and investigation. I feel that the product lacks reporting features and needs improvement.

I have been using Cybereason Endpoint Detection & Response for almost one year. I am using the solution's latest version. We are distributors of Cybereason.

I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten.

It is an easily scalable solution. Scalability-wise, I rate the solution a nine out of ten.

Around 100 people in my company use Cybereason Endpoint Detection & Response.

Though I don't have much experience with the technical support of the product, I rate the technical support a nine out of ten.

Positive

On a scale of one to ten, where one is difficult, and ten is easy, I rate the setup phase a nine.

The solution is deployed on the cloud.

For around 100 employees, we need three to five days for the deployment of the product.

We need three people for the deployment.

On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing an eight.

Before choosing Cybereason Endpoint Detection & Response, I evaluated a couple of brands, including products named CrowdStrike and SentinelOne. Cybereason is good and provides high performance while also helping my team to manage incidents.

For some organizations that are aware of cybersecurity ways that indicate the need to focus on the endpoint area, I recommend they find some solution to help them to protect their employees. Cybereason is a good platform in the area they function.

Overall, I rate the solution a nine out of ten.