The Cybereason Defense Platform has been recognized as a visionary in the 2021 Gartner Endpoint Protection Platform (EPP) Magic Quadrant.

The goal of this whitepaper is to help enterprise teams reduce gaps in their security architecture and improve the endpoint and mobile experience for their users...

Join Cybereason CISO Israel Barak as he breaks down the complexity of the MITRE ATT&CK Round 3 framework to help you make sense of results and understand the efficacy of different solutions in the marketplace today.

Join Ed Amoroso, CEO of TAG Cyber and Sam Curry, CSO of Cybereason as they discuss the trends from before COVID-19, discontinuities, and the outlook based on recent events and challenges in the security industry.

We go into some of the methodology of EDR and we analyze “testing tools" to demonstrate the flaws in their use and explain why the results are unreliable when pitted against a modern EDR system...

Understand how to detect the preliminary stages of an attack, analyze the scope of the operation and prevent execution of the malicious code...

Grab your complimentary copy of the report to understand today’s competitive landscape and see which platform best suits your attack surface, in-house resources, and existing IT & security investments.

With these five steps, you can continuously tune your security strategy and leverage the connection between techniques, tactics, and procedures and real-world adversary groups...

With all the competing noise in the endpoint detection and response space, making the right security decision for your organization can be tough. Getting an independent viewpoint is an important part of the process.

Cybereason researchers have discovered a new campaign targeting US taxpayers with documents that purport to contain tax-related content but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans.

Join Cybereason experts for a discussion of the recent HAFNIUM attacks on Microsoft Exchange servers and the emergence of infrastructure attacks.

Join leaders from Cybereason's Nocturnus and incident response teams as they explore insights based upon what is happening in the underground and first hand experience from what customers have encountered in the wild.

Get an inside look at how multi-stage attack campaigns operate today and the ways a defender can break the kill chain and end the attack before crown jewels are compromised.

“The connected world and expanding digital footprint have us excited to be partnering with Cybereason to deploy a next-generation service that our joint customers can manage on their own or through our MDR service.” said Anders Stenwall, VP of Group Service Delivery, SecureLink.

“We’ve never had a vendor be as passionate about their product and reaching out and delivering on customer success as much as Cybereason has."

One feature that Cybereason provides to protect users from exploit attacks is our Exploit Protection. This blog provides a quick rundown of some of the key terms used in understanding exploit attacks.

Join us and our friend Keith Barros, Sr. Director Information Security and Service Management, from Seton Hall University to hear directly from the source about how the use of Cybereason has positively impacted their human security resources.

The State of Cybersecurity Report 2020 from Wipro highlights trends and insights and provides guidance to help improve and maintain cyber resilience.

"I love Cybereason because, it works. We believe that they're the leader in the industry in relation to our current posture." - Chaim Mazal, VP & Head of Information Security

In new research on Extended Detection and Response (XDR), Gartner analysts note, “XDR is beginning to have real value in improving security operations productivity with alert and incident correlation, as well as built-in automation.”

Join Cybereason experts for a discussion of the SolarWinds Supply Chain Attack, its impact and mitigation approaches. A roundtable discussion will be followed by a live audience Q&A.

A new report from ESG, the Impact of XDR on the Modern SOC, is focused on the perception and value of XDR, and certainly reveals a number of interesting insights around how teams are prioritizing investment against attacks.

Extended detection and response (XDR) may be the future for security incident detection, investigation, and response, but is XDR making an impact in the SOC today?

The Cybereason Nocturnus Team has identified an active espionage campaign attributed to the threat actor known as Molerats that employs three previously unidentified malware variants.

The Cybereason Nocturnus Team has been tracking threat actors leveraging the previously undetected Chaes malware to primarily target Brazilian customers of the largest e-commerce company in Latin America, MercadoLivre.

Since expanding to XDR in Summer 2020, the team has gained more visibility, identified multiple suspicious behaviors, and have already set up a first Slack notification and response bot to reduce remediation time and efforts.

In this webinar, we'll explore how the EU Court of Justice recently striking down the EU-US Privacy Shield agreement affects vendors in the security space and answer your questions about the ruling.

The Cybereason Defense Platform delivers a complete and integrated endpoint security solution by combining prevention with endpoint detection and response (EDR), along with threat hunting across all endpoints and devices.

Learn how to future-proof your organization against ransomware and other costly advanced threats

Kimsuky has been observed targeting a wide array of victims including public and private sector companies in the U.S., Europe, Japan, South Korea, & Russia.

Cybereason recommends activating their prevention stack to be set on “Prevent” mode (AV, NGAV, Powershell, AntiRW) to protect against Ryuk ransomware.

Cybereason Nocturnus Team members Daniel Frank and Lior Rochberger will be presenting a session titled, Anchor, Bazar, and the Trickbot Connection, examining some new developments regarding a familiar threat actor.

Learn about how ransomware has changed over the past few years with real examples pulled from the Cybereason Nocturnus team’s work exploring ransomware threats.

In this webinar, we'll explore how the EU Court of Justice recently striking down the EU-US Privacy Shield agreement affects vendors in the security space and answer your questions about the ruling.

In recent weeks, new activity by the Evilnum group includes a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT) that Nocturnus dubbed PyVil RAT.

In recent weeks, new activity by the Evilnum group includes a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT) that Nocturnus dubbed PyVil RAT.

With Cybereason MDR, our Defenders are an extension of your team, applying the best response every time for every threat at unprecedented speed and scale.

Join us to learn about why attackers are shifting to target mobile, validated by investigations from the Cybereason Nocturnus team, and how the enterprise security industry is moving to address them.

If you are still using Symantec, you’re most likely tired of the complex workflows, the gaps in detection, and a resource-heavy solution that inhibits workflows and productivity. If so, it’s time to level up to a better solution that’s leading the industry.

While the ability to allow staff to work remotely when needed gives greater flexibility to corporations, it also comes with cybersecurity risks. Not only can remote workers put their own privacy at risk, but working remotely could result in a breach in the company’s security.

In pivoting an entire workforce to remote work, employers need to be prepared for the cybersecurity risks involved. To guard against these threats, employers should have a remote work policy that all employees are aware of and comply with.

With the sudden increase in telework, the traditional approach of reacting to cyber threats and security issues only after a breach is discovered is no longer sufficient.

To understand what your enterprise should consider when evaluating a modern endpoint protection solution, please download the IDC Technology Spotlight: Modern Endpoint Protection Is Required To Defend Against Today’s Cyberattacks.

Join us for this live webinar with Cybereason Product Director, Eric Sun, as he shares the attacker’s mindset and how it impacts our strategies as defenders.

Open your calendars, because Malicious Life’s first ever live event will take place on July 29th at 12PM (EDT) and 5PM (BST).

Please join our guest speakers to learn more about the key benefits to customers from the Forrester TEI study and how you can take advantage of key capabilities and features within the Cybereason Defense Platform to protect your enterprise from today’s cyber threats.

Cybereason stands behind the protection capabilities of its Cybereason Defense Platform with a warranty of up to $1 million if a breach occurs within the protected environment.

The Forrester Total Economic Impact Study has found Cybereason customers are able to dramatically reduce the likelihood of a cybersecurity breach and realize an ROI of 308%.

Over the past few months, the Cybereason team has been investigating multiple instances of ransomware attacks against large critical infrastructure providers.

Learn how the Cybereason Defense Platform can assist your team’s security needs with respect to on-going management as well as the reduction of false positives encountered within your environment.

Though AEPs are especially important when testing and building a strong defense, they are often overlooked for TTPs by security practitioners versed in the “trench warfare” of day-to-day security operations.

Join Rich Rushing, Motorola CISO, Bob Bigman, former CISO of the CIA, and Israel Barak, Cybereason CISO, in a panel Q&A as they answer your questions about ransomware.

This one-pager establishes five key steps to empower SecOps to improve iteratively over time by leveraging their existing talent and tools.

The Valak Malware is a sophisticated malware that can steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust. 

Read the full white paper to get a glimpse of what modern ransomware looks like and how they're evading legacy prevention solutions.

In this talk, learn about the evolving ransomware attacks the Cybereason team is seeing in real world environments and how we have developed our product to prevent them.

In this newsletter with Gartner content, discover critical selection criteria when evaluating EPP solutions to protect your organization.

The need for privacy enforcing technologies is now, not after the ghost is in the machine.

This white paper establishes a process that empowers SecOps to improve iteratively over time by leveraging their existing talent and tools.

The MITRE ATT&CK framework outlines techniques that adversaries may use over the course of an attack. In an independent evaluation by MITRE, the Cybereason Platform was proven to be the most effective tool for defenders to find, interpret, and remediate threats across all phases of an attack.

In this webinar, Israel Barak, CISO at Cybereason, will boil down the complexity of the MITRE ATT&CK framework to help you develop a more effective and scalable strategy to secure your organization.

This research gives a rare look into the process improvements malware authors make when optimizing before launch. By going on the offensive and hunting the attackers, our team was able to unearth the early stages of what may be a very dangerous mobile malware.

Enterprise teams are advised in this report to integrate their traditional and next-generation endpoint security protections with emerging mobile security safeguards.

The popularity of mobile devices in the enterprise has surpassed that of workstations and laptops thanks to their portability and accessibility. In this guide, we have identified the top five mobile threats faced by enterprises today.

When evaluating a mobile threat detection (MTD) solution's ability to detect, prioritize, and respond, organizations should ask vendors if they can support the following top 10 MTD use cases.

Resources to uplevel mobile security across enterprises.

Join us to explore the mobile threat landscape, the risks involved, and what cybercriminals can really do with access to your mobile device.

Given the current situation we are all facing and how the days continue to blur, wouldn’t it be nice to sit back and hear from an industry expert about what matters most security teams of all shapes and sizes?

On April 15 at 10:30 AM ET, Cybereason is hosting a live, virtual panel of local security leaders. CEOs across Boston organizations are coming together to talk about how they are handling the shift to remote work, especially as it pertains to cybersecurity and maintaining secure business continuity.

In this blog, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.

In this guide, you'll find perspectives from several of our experts with experience in managing crises across security and business functions.

IT and security teams need support now more than ever, as teams struggle with balancing cooperative remote work and meeting the needs of an entire organization. This page gives you the tools you need in this challenging time.

In this special guest webinar, Cybereason CSO Sam Curry will host four experts in cybersecurity and government policy to talk about securing remote workers. Get your questions answered by the former CISO of the CIA, the former COO of MITRE, the managing director of cybersecurity services and policy at Venable, and a commissioner of the Cyberspace Solarium Report. Register for the webinar now and submit your questions.

See why Cybereason received the top ranking in the current offering category, amongst the 12 evaluated EDR vendors.

The ESG Technical Review offers readers a better understanding of Cybereason’s advanced security solution. Real UI screenshots and clear evaluations from ESG analysts offer insight into Cybereason’s ability to reduce risk from fileless and ransomware, increase analyst efficiency, and reduce total cost.

The Cybereason Nocturnus team has discovered several recent, targeted attacks against those regions afflicted with COVID-19.

Attackers are taking advantage of the confusion and anxiety to spread coronavirus-themed malware. Now is the time to take steps to secure your organization outside of the IT perimeter.

Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine.

Amplified by recommendations from the CDC to prepare for a COVID-19 outbreak, businesses are strongly considering mandatory remote work for their employees. Listen in for insights from Sam Curry on maintaining business continuity outside of the perimeter.

Cybereason XDR is the only future-ready solution that makes it easy to understand the full attack story.

Expert, guided remediation that outlines what steps should betaken to address vulnerabilities and mitigate risk.

Cybereason Incident Response is uniquely designed to enable organizations to identify, correlate and remediate threats faster.

The Cybereason Nocturnus team has discovered several recent, targeted attacks in the Middle East. Read more here.

The Cybereason team is following an active campaign to deliver multiple different types of malware and infect victims all over the world.

Complete protection against continually evolving threats.

The malware previously described by DHS as the most destructive ever is surging yet again. Why is Emotet so popular and who is it targeting now?

Complete protection against continually evolving threats.

Listen to Cybereason CSO Sam Curry and GuidePoint VP, GRC Services & CISO Gary Brickhouse for insight into what 2020 will bring for the security industry.

As we head into 2020, it’s time to reassess and catch our breath collectively before beginning strategic security planning.

With Cybereason Endpoint Controls, you can log in to a single administrative screen or a complete, easy-to-scan view of device controls, personal firewalls, and disk encryption across each of your endpoints.

Seton Hall University Uncovers Ongoing Threats and Lowers Cost with Cybereason

Listen to Sam Curry, CSO at Cybereason, and Ed Amoroso, CEO of TAG Cyber and former SVP and CSO of AT&T, to learn about evolving endpoint protection platforms in today's market.

Secure the latest targeted endpoint: mobile devices.

Expand threat hunting capabilities against historical endpoint and mobile data.

We are teaming up with MITRE threat intel expert Katie Nickels to talk about MITRE ATT&CK and Operation Soft Cell. Join the conversation!

Fully managed prevention, detection, and response across devices.

On-premise option for complete control of your endpoint security.

Gain complete visibility. Identify key gaps. Continuously strengthen IT hygiene.

In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. Quiz the experts in this interactive webinar.

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers.

Gain complete visibility. Identify key gaps. Continuously strengthen IT hygiene.

In this webinar, Josh Trombley, SOC Analyst, will discuss a meticulously planned malicious operation against a financial institution in April of 2019.

In this webinar, Mor Levi, VP of Security Practices at Cybereason, helps you understand how to generate a hypothesis for a threat hunt.

GandCrab's new Evasive Infection Chain

Cybereason Deep Response provides analysts with an advanced set of tools that enables your team to investigate remotely, remediate promptly, and eliminate all active threats before damage is done.

In this research, we introduce a meticulously planned, malicious operation against a financial institution in April of 2019 by TA505.

Companies know they need to get into the incident response and threat hunting business with a SOC. However, actually accomplishing that with little risk, high efficiency, and confidence can be a difficult task.

Earlier this year, our team discovered a new campaign of Ursnif attacking users in Japan across multiple customer environments. In this webinar, Jacob Berry, Principal Incident Response Specialist at Cybereason, analyzes this new variant.

Based on our recent white paper, this webinar goes into the five essential stages you should be following to implement a closed-loop, tactical security effort with MITRE ATT&CK. Danielle Wood, Senior Director of Advisory Services, focuses on how to deliver consistent, real improvement in detection capabilities.

The Cybereason team has uncovered a severe threat that adapts Emotet to drop TrickBot, and adapts TrickBot to not only steal data but also download the Ryuk ransomware.

Our white paper explores the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence in a repeatable, reliable way.

The Cybereason research team observed a new campaign involving Ursnif in the beginning of 2019 attacking users in Japan across multiple customer environments. This Ursnif variant has enhanced stealing modules focused on taking data from mail clients and email credentials stored in browsers.

In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.

With the release of our MITRE ATT&CK Evaluation results, Sam Curry, Chief Security Officer, and Israel Barak, Chief Information Security Officer, discuss how Cybereason effectively enables defenders to discover, understand, and respond to a full attack.

In this webinar, Moshe Ishai, Co-Founder of HolistiCyber, addresses the implications of the new cyber era and covers the ways to cope with cyber threats.

Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack

The MITRE ATT&CK framework is a very effective tool for “adversary emulation,” cataloging how adversaries behave, what they’re trying to do, and the techniques used to accomplish their means. Moreover, the framework aims to provide a common language and vocabulary for practitioners, vendors, and all parties working to understand common threat actors and techniques.

In this webinar, Sam Curry, Chief Security Officer at Cybereason, talks about his predictions and the trends he sees evolving in the cybersecurity space in 2019. From IoT, mobile, and the rise of "Living Off the Land", all the way to politics and critical infrastructure, and the impact it all might have on the cybersphere, Sam speaks at length about the factors that will shape the cybersecurity landscape of tomorrow.

Cybereason’s Nocturnus team mapped out the multi-stage malware distribution infrastructure behind Brazilian financial malware and found that Brazilian-made malware have become pervasive and target over 60 banks in nearly a dozen countries throughout Latin America, Spain and Portugal.

In this webinar, Sam Curry, CSO at Cybereason, moderates a discussion between Cory Collins, Analyst at Mars, and Rich Rushing, CISO at Motorola Mobility. Both Cory and Rich were speakers at DEEP 2018 and discuss learnings from the conference, struggles they face in their day-to-day jobs, and how they stay current on the ever-changing landscape.

Connecticut Water provides life-sustaining water to more than 360,000 people in 59 communities in Connecticut and Maine. This critical infrastructure provider needed greater visibility into its 500 endpoints, including the ones in its corporate network and industrial control systems environment.

The Cybereason SOC has detected multiple Betabot infections in customer environments. In this blog, Cybereason researchers study Betabot’s infection chain and self-defense mechanisms using data gathered from customer environments.

Cybereason's Nocturnus Research team analyzes campaigns targeting the Brazilian financial sector, focusing on infection vectors and the threat actor's toolset and techniques.

The Wannamine cryptominer, which uses the EternalBlue exploits, is still active although a patch that fixes these well-known vulnerabilities was released last March. Amit Serper, Cybereason's head of security research, examines this variant and makes the case for patching your systems.

Attackers don't need sophisticated tools to create effective malware. Basic tools work just fine. Case in point: Cybereason researchers discovered a .NET dropper/crypter. Here's how they reverse engineered it.

In this webinar Shlomi Avivi, VP of Information Security at Cybereason will show you how AI hunting is probably the best approach to deal with attacks that use advanced tools and techniques.

SANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model of host-based protection that can help intrusion analysis and investigations teams more rapidly and efficiently prevent, detect and analyze malicious behavior in their environments

Right now, 30% of companies in the United States employ the NIST cybersecurity framework. In 2020, that number is set to be 50% of all companies in the US. But what exactly does the NIST cybersecurity framework entail? What makes it so popular, and how can technology help you accelerate adoption?

With application whitelisting being integrated into an OS’s security stack, attackers need more creative ways to use their tools without getting detected. In this incident observed by Cybereason, DLL hijacking was used to run Mimikatz using a process that was signed and verified by Oracle.

Cybereason researchers discovered new lateral movement techniques discovered that abuse WMI (Windows Management Infrastructure) and provide a tool that’s a proof of concept for the techniques, showing what an attacker could potentially do with them.

For several months Cybereason has been following the concerning rise of ONI, a family of ransomware involved in targeted attacks against Japanese companies. We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation.

DDE, or Dynamic Data Exchange, is a legacy interprocess communication mechanism that’s been part of some Windows applications since as early as 1987. DDE enables applications to request items made available by other programs and be notified of any changes within these items.

OSX.Pirrit’s code had the potential to carry out much more malicious activities. As a result of the report, some of Pirrit’s servers and a few distribution websites were taken down. But the story doesn’t end there.

Cybereason researchers discovered new lateral movement methods that abuse the DCOM functionality of Windows applications.

Compromised Web application servers have been a security issue since the dawn of the Internet but many security solutions don't detect this threat.

Cybereason has observed thousands of malicious file executions masquerading as a popular programs such as Adobe PDF Reader, MS Word and Chrome. Using familiar icons is meant to deceive users into thinking that the file is legit and safe to open.

Cybereason's security team on Thursday discovered that the memcached servers used in the largest DDoS attack to date are including a ransom note in the payload.

ATTACKERS USE BOTNETS TO BREAK INTO NETWORKS FASTER

FAUXPERSKY: CREDSTEALER MALWARE WRITTEN IN AUTOHOTKEY MASQUERADES AS KASPERSKY ANTIVIRUS, SPREADING THROUGH INFECTING USB DRIVES

SOC Talk: Ransomware Mythbusting

Cadwalader, Wickersham & Taft, an international law firm with more than 400 lawyers in five offices around the globe, needed an endpoint detection and response platform that was easy to use and streamlined the threat investigation process.

In a world of increasingly sophisticated attacks (and attackers), it would seem that the career of the CISO is fraught with unpredictability—but nothing could be further from the truth. While the path of the CISO is filled with trials and tribulations, there are common themes that come up time and again that can make or break a security career.

A hospital revenue cycle management company’s perimeter defense tools weren’t providing it with enough endpoint visibility. The company wanted total visibility and an easy-to-use interface that made its junior security analysts more efficient and effective.

McBee Associates uses Cybereason’s managed security services to augment its security program and replaced its antivirus solution with Cybereason’s next-generation antivirus software to reduce the number of agents running on its endpoints.

Fortune 500 bank uses Cybereason to boost behavioral detection

In this webinar Cybereason’s VP of Information Security, Shlomi Avivi and Sr. Director Lital Asher-Dotan will take you through the major principles of GDPR and demonstrate how companies can enhance their GDPR readiness in relatively short time.

Despite the advantages of endpoint detection and response solutions, many security professionals are hesitant about using them because they are notorious for crashing the operating system and adding agent management workload to the already overworked IT department.

Many of the CISOs we meet are debating what approach to take for detecting advanced persistent threats within their network.

Cybereason Lab Analysis explores WMI and Powershell attacks and discusses approaches for effective detection and response.

Cybereason researcher Amit Serper has developed a vaccine to prevent the Bad Rabbit data-encrypting malware from infecting machines.

Technology consulting firm, Pinnacle, on life as a customer and reseller of Cybereason.

Flowserve on being protected by Cybereason from the NotPetya ransomware outbreak.

One of the largest suppliers of industrial and environmental machinery, Flowserve, talks about using Cybereason.

Healthcare consulting firm, McBee Associates, on their experience using Cybereason.

One of the oldest law firms in America trusts Cybereason.

Hear from hospital revenue cycle management firm, Healthcare

Motorola, global mobile device manufacturer, shares insights into why they trust Cybereason.

Watch the webinar with Sam Curry, Cybereason Chief Security Officer, to explore strategies for identifying and developing the next generation.

Watch our on-demand webinar to gain a better understanding of the NotPetya attacks and how you can stay protected.

Learn how to create and implement an incident response plan.

Everything you need to know about WannaCry ransomware and the recent attack.

Join our webinar with ObserveIT on May 16 at 10AM EDT to take a deep dive into the world of insider and outsider threats.

Ross Rustici, Sr. Manager of Cybereason Intelligence, and SANS will discuss why attack attribution is so complex and actions the security community...

Siofra, developed by Forrest Williams, Senior Security Researcher at Cybereason, is a research tool that can identify DLL hijacking vulnerabilities in Windows programs and has an automated way to craft DLLs to exploit these vulnerabilities.

Join Cybereason's Brad Mecha, Manager of Threat Hunting Team, and Dave Shackelford, SANS Analyst, to learn how to elevate your current threat hunting program.

Ransomware has a few key differences that make it stand out from other malicious programs, but the only realistic way to detect and stop it is by looking at what it does, the heuristic behavioral approach.

Join a panel of cybersecurity experts as they discuss the key strategies IT security professionals can use to fight and win the battle against advanced threats.

Israel Barak, Cybereason CISO, and SANS Certified Instructor G. Mark Hardy discuss how one organization discovered commodity malware in their environment that transformed into a targeted attack.