Cybereason recently released a new version of Private Infrastructure Protection, which includes improvements to security hardening and existing features, as well as several new features.
Most notably, version 21.2 includes:
- Deployment improvements
- Collection and detection features
- Sensor management features
- UI features
- NGAV features
- And third-party component upgrades
There are many good reasons not to fully commit to a public cloud for all IT needs, and many organizations are maintaining at least a portion of their environment as Private Infrastructure.
Typically the types of organizations that are interested in securing their assets with an on-premises solution are:
-
Organizations in the Financial, Defense, Government, and Insurance sectors that are under strict regulation to keep the data on-premises
-
Organizations that want to utilize their current data center infrastructure
-
Organizations that rely on the cloud but have air-gapped networks for increased security
-
Organizations with legacy operating systems
-
Organizations with OT systems
What’s New in 21.2
Deployment improvements
When you deploy your Private infrastructure Protection servers, you now have the option to enable the following features:
Selecting these features from the feature manager makes them accessible after deployment; it does not turn on the feature. To learn more about file search and Deep Packet Inspection, see our documentation.
A new port checker verifies that all ports required for installation are open and accessible before installation, providing a more successful deployment process. If one or more ports are blocked or inaccessible, the deployment will stop, and you will see a prompt that shows the errors and offers resolution options.
Security tools
After successfully installing your servers, you can use the security tools script to manage access to the console from specific external IP addresses and to enforce or disable secure communication between the sensors and servers.
Windows Collections
The Cybereason platform now collects and displays the following data for Windows endpoints:
-
The machine’s serial number. This data is visible in the Investigation screen, under the query results Serial number column.
-
The machine’s device model. This data is visible in the Sensors screen under the Device model column.
File Event Collection
There are also updated policy options for file events collection to help you select the proper level of collection in your organization. Now you can select from one of two modes to help you tailor the collection to meet your needs:
Sensor Grouping Policies
To better manage your security policies, Cybereason allows you to assign sensor security policies to specific sensor groups. The policy you select will be applied to all sensors in that sensor group.
Sensor Grouping Logic
Administrators can specify assignment logic to automatically assign new sensors to a sensor group. You build assignment logic based on sensor characteristics such as organizational unit, machine name, or IP address.
You can determine whether a specific sensor belongs to a group due to logic from the sensors screen group assignment column, which says Dynamic if the sensor was added to its current group due to grouping logic, or manual if the sensor was added to its current group manually.
Delete Sensors From the UI
To better manage the sensors within your environment, you can now delete a sensor from the sensors list in the Cybereason platform UI. Once the sensor is deleted from the UI, it is no longer visible in the UI. However, the sensor remains connected to the Detection server and collects and sends data for three days.
Malops Management Screen Improvements
The latest version includes the following improvements to the Malops management screen:
-
Added an AI Hunt Malops-only button to quickly filter by Malops triggered by the AI Hunting module.
-
The numbers next to the filters in the Filters pane, which represent the number of Malops with that property, now update to reflect existing selected filters.
NGAV Beta Features
Version 21.2 also includes beta features for Next-Generation Antivirus (NGAV).
-
Variant Payload Prevention is part of the NGAV protection suite and performs memory scans to identify binary fractures of highly evasive attack tools (such as Cobalt strike, Emotet, Dridex, and more) and is capable of preventing them on execution.
Upgraded Third-Party Components
In 21.2, we upgraded internal components such as MongoDB, Java, Tomcat, and CentOS.
Cybereason version 21.2 adds various new features and improvements to the on-premise Private Infrastructure Protection offering. Note that some of the features mentioned require specific Cybereason packages or enablement by technical support. You can read more about the specifics of each feature mentioned here on the Nest at nest.cybereason.com. The Nest also features knowledge base articles, videos, and training.
Dedicated Development and Delivery Teams
Private Infrastructure Protection is not a niche market, and Cybereason is committed to the success of our PIP customers. Cybereason provides EPP+EDR capabilities for partial or fully air-gapped environments.
Cybereason has created dedicated teams that own the design, creation, training, and support of our PIP product. All Cybereason Support and Onboarding teams are trained and fully equipped to support PIP customers.
If you are interested in upgrading your current environment to the latest version or to learn more about the Cybereason PIP solution, please contact our PIP delivery team - PIP_delivery@cybereason.com
