Cybereason Announces Private Infrastructure Protection Version 21.2

Cybereason recently released a new version of Private Infrastructure Protection, which includes improvements to security hardening and existing features, as well as several new features.

Most notably, version 21.2 includes:

  • Deployment improvements
  • Collection and detection features
  • Sensor management features
  • UI features
  • NGAV features
  • And third-party component upgrades

There are many good reasons not to fully commit to a public cloud for all IT needs, and many organizations are maintaining at least a portion of their environment as Private Infrastructure

Typically the types of organizations that are interested in securing their assets with an on-premises solution are:

  • Organizations in the Financial, Defense, Government, and Insurance sectors that are under strict regulation to keep the data on-premises

  • Organizations that want to utilize their current data center infrastructure

  • Organizations that rely on the cloud but have air-gapped networks for increased security

  • Organizations with legacy operating systems

  • Organizations with OT systems

What’s New in 21.2 

Deployment improvements

When you deploy your Private infrastructure Protection servers, you now have the option to enable the following features:

  • File search: Search for problematic files when investigating malicious operations.

  • Deep packet inspection collection (DPI): Enables visibility into network traffic to detect malicious behavior.

Selecting these features from the feature manager makes them accessible after deployment; it does not turn on the feature. To learn more about file search and Deep Packet Inspection, see our documentation.

A new port checker verifies that all ports required for installation are open and accessible before installation, providing a more successful deployment process. If one or more ports are blocked or inaccessible, the deployment will stop, and you will see a prompt that shows the errors and offers resolution options. 

Security tools

After successfully installing your servers, you can use the security tools script to manage access to the console from specific external IP addresses and to enforce or disable secure communication between the sensors and servers. 

Windows Collections

The Cybereason platform now collects and displays the following data for Windows endpoints:

  • The machine’s serial number. This data is visible in the Investigation screen, under the query results Serial number column.

  • The machine’s device model. This data is visible in the Sensors screen under the Device model column.

File Event Collection

There are also updated policy options for file events collection to help you select the proper level of collection in your organization. Now you can select from one of two modes to help you tailor the collection to meet your needs:

  • Moderate: The file events collection only collects from a select list of files relevant to your security needs.

  • Aggressive: The file events collection collects from all files.

Sensor Grouping Policies

To better manage your security policies, Cybereason allows you to assign sensor security policies to specific sensor groups. The policy you select will be applied to all sensors in that sensor group.

Sensor Grouping Logic

Administrators can specify assignment logic to automatically assign new sensors to a sensor group. You build assignment logic based on sensor characteristics such as organizational unit, machine name, or IP address.

You can determine whether a specific sensor belongs to a group due to logic from the sensors screen group assignment column, which says Dynamic if the sensor was added to its current group due to grouping logic, or manual if the sensor was added to its current group manually.

Delete Sensors From the UI

To better manage the sensors within your environment, you can now delete a sensor from the sensors list in the Cybereason platform UI. Once the sensor is deleted from the UI, it is no longer visible in the UI. However, the sensor remains connected to the Detection server and collects and sends data for three days.

Malops Management Screen Improvements

The latest version includes the following improvements to the Malops management screen:

  • Added an AI Hunt Malops-only button to quickly filter by Malops triggered by the AI Hunting module.

  • The numbers next to the filters in the Filters pane, which represent the number of Malops with that property, now update to reflect existing selected filters.

NGAV Beta Features

Version 21.2 also includes beta features for Next-Generation Antivirus (NGAV).

  • Variant Payload Prevention is part of the NGAV protection suite and performs memory scans to identify binary fractures of highly evasive attack tools (such as Cobalt strike, Emotet, Dridex, and more) and is capable of preventing them on execution.

Upgraded Third-Party Components

In 21.2, we upgraded internal components such as MongoDB, Java, Tomcat, and CentOS.

Cybereason version 21.2 adds various new features and improvements to the on-premise Private Infrastructure Protection offering. Note that some of the features mentioned require specific Cybereason packages or enablement by technical support. You can read more about the specifics of each feature mentioned here on the Nest at The Nest also features knowledge base articles, videos, and training. 


Dedicated Development and Delivery Teams

Private Infrastructure Protection is not a niche market, and Cybereason is committed to the success of our PIP customers. Cybereason provides EPP+EDR capabilities for partial or fully air-gapped environments.

Cybereason has created dedicated teams that own the design, creation, training, and support of our PIP product. All Cybereason Support and Onboarding teams are trained and fully equipped to support PIP customers. 

If you are interested in upgrading your current environment to the latest version or to learn more about the Cybereason PIP solution, please contact our PIP delivery team -

Asaf Hotnik
About the Author

Asaf Hotnik

Asaf Hotnik is the Senior Director of Technical Customer Experience for Cybereason Private Infrastructure Protection Solution. With over 16 years of experience in the Cyber Security field, working at Imperva and serving in the Israel Defense Forces, Asaf has worked closely with some of the biggest organizations in the world, both in the cloud and the private infrastructure domains. He oversees the onboarding of customers and integration of various protection technologies and the investigation and solving of technical and security challenges, providing top of the line customer care and product support.