Cybereason is constantly innovating to ensure that our customers can achieve the utmost efficacy and efficiency in their security programs. The latest release of the Cybereason Defense Platform is packed with enhancements, including improvements to query results, sensor management, updated workflows, and expanded support for Linux. Customers can read the complete release notes on The Nest.
For this post, we’ll focus on the recent improvements in the areas of investigation, enhanced protection, and infrastructure management.
We have improved the experience of executing file search operations:
Now, you can select from a standard search based on search filters, or a YARA rule-based search.
In addition, you have the option to select different types of dynamic filters to help you search for the correct machines:
Learn more about Cybereason DFIR capabilities here.
From the Investigation screen, you can select a timeframe within which to apply your query. Options include the last hour, 6 hours, 12 hours, or 24 hours, the last 3 or 7 days, or all data. The default value is 24 hours:
In addition, you can also now customize a specific number of results in a page of query results:
Learn more about Cybereason Threat Hunting here.
The Cybereason Cloud Workload Protection (CWP) offering protects workloads and containers at runtime wherever they reside or move across the infrastructure. This cloud-native solution extends powerful sensors across the environment, providing the most effective threat detection and prevention available.
Two new sensors have been developed that can be deployed on a Docker host or Kubernetes clusters. These sensors collect security data that is correlated with all other data collected by Cybereason and is displayed across the Cybereason Defense platform:
Learn more about Cybereason Cloud Workload Protection here.
Behavioral Execution Prevention (BEP) allows organizations to detect and prevent malicious execution of processes based on the process behavior. Behavioral Execution Prevention uses intricate research data leveraged by the Cybereason EDR solution to identify anomalies in processes, image names, metadata, command line commands, or the process hierarchy.
When used in the Behavioral Execution Prevention technology this data provides inline prevention on the endpoint, significantly shortening response time. Learn more about Behavioral Execution Prevention here.
We made significant enhancements to the custom reputations screen. Now users can add, edit or remove reputations from the private lists directly within the console, and can also edit the lists or search for file types based on wide-ranging criteria.
Custom reputations are a great way to keep false positive detections low but also ensure you are detecting what needs to be detected, specific to your environment:
Learn more about achieving faster, more accurate response with Cybereason Threat Intelligence here.
When you configure the Fileless protection settings in a sensor policy, you can choose to leverage .NET, AMSI, or both, based on the needs of your organization:
Learn more about defending against fileless malware here.
Enhanced sensor tampering protects sensor processes and files against unauthorized or malicious modifications or kill attempts.
Sensor tampering protection provides enhanced protection to the Cybereason processes running on Windows endpoints. With sensor tampering protection, Cybereason protects its processes and files against unauthorized or malicious modifications or kill attempts.
In addition, sensor tampering protection protects the sensor from end-users terminating the process and inadvertently exposing the endpoint machine to potential attacks.
When using sensor groups you can download a sensor installation package pre-configured to add sensors to a specific group to streamline your deployment process.
Learn more about the deployment process here.
We improved the sensor upgrade process to enable you to perform sensor updates with increased efficiency.
The sensor now checks for an updated sensor package every few hours. If an updated package is found, the package is downloaded but not installed. After an administrator triggers a sensor upgrade action the sensor is able to install the pre-downloaded package.
With these improvements, you can update up to 1,000 sensors each hour—all without degrading network performance.
We expanded support of platform features to supported Linux operating systems, including:
Learn more about Cybereason NGAV here.
We added support for the following operating systems/platforms:
A full list of supported operating systems is available for customers in the Nest.
Cybereason is dedicated to teaming with defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about AI-Driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
Justin Buchanan, Director of Product Marketing, is responsible for the go-to-market strategy of Cybereason’s Endpoint Protection Platform (EPP) offerings. Driven by his background in IT and his deep understanding of customers’ desired outcomes, Justin is passionate about how Cybereason can help customers—and the security industry as a whole—reverse the adversary advantage and empower defenders.
All Posts by Justin Buchanan
Cybereason has released some feature updates to bring additional functionalities that drastically improve how defenders can predictively prevent, detect and respond to known and emerging threats...
New Cybereason features and capabilities include improvements to prevention, data collection, investigation, and management capabilities.
