Cybereason Offers Comprehensive Visibility and Protection for Diverse Systems

July 29, 2021 | 3 minute read

As enterprise technical infrastructures become more complex, managing them grows increasingly difficult. Protection against the growing problem of cybercrime also remains a key aspect for anyone involved in IT management. Cybersecurity considerations are especially critical for organizations involved in Customer Experience Automation and CRM, such as my company ActiveCampaign. 

Ensuring our organization had an industry-leading SecOps footprint, I was brought into ActiveCampaign three years ago to develop our security stack and build and lead our team of now 30 security professionals. I currently serve as Vice President, Head of Information Security at ActiveCampaign, and am also a member of the Cybereason Customer Advisory Board (CAB).

That last point lies at the heart of this post, and why I recently chose Cybereason to be the keystone of the ActiveCampaign security stack. Its state of the art features make it the right choice for our needs. With an eye towards helping your company craft its own information security strategy, let’s look more closely at the approach I took for ActiveCampaign.


Building a Security Stack From Scratch 

When thinking about my security technology stack, I typically integrate a series of tools to help me in a few key areas: Visibility, Prevention, Detection, and Forensics. Let’s analyze all four:

    • Visibility and Coverage: I need to understand what’s happening right now. This includes having complete visibility of everything happening in my environment; across all of our diverse operating systems.
    • Prevention of Malicious Executables: I need a failsafe for preventing malicious executables for the cases where staff may fall prey to phishing or other attack vectors where just a click of the mouse can put us at risk. Effective prevention also reduces the burden on my analysts, resulting in fewer items requiring investigation and response. 
    • Detection and Remediation: Regarding alerts, my team used to get more than we could handle, and none helped us identify an attack in progress. I needed a low signal to noise ratio solution that delivers the full attack story for any incident. This lets me feel confident that my team is only working on real issues instead of trying to sort out a barrage of alerts. I’m then able to quickly determine the blast radius. Ultimately, when it comes time to work with Site Reliability Engineers and DevOps teams to remediate issues, complete and accurate information helps us appropriately respond in a surgical fashion. 
    • Forensics: I also need to capture all of the available attack telemetry to use in investigations as well as retain it all for extended periods to meet our legal and compliance obligations. Additionally, this intelligence helps us detect and prevent future attacks that use similar TTPs. 

Why Choosing Cybereason Made Perfect Sense 

When I joined ActiveCampaign, the company had no anti-malware or early detection and response systems/processes. My first point of order involved engaging Cybereason as the keystone of my security stack, along with two other complementary vendors.

My team and I ran a proof of concept comparing Cybereason against one of their top competitors. After this side by side comparison, the entire team unanimously agreed that Cybereason was a more effective solution and made a far better fit for ActiveCampaign. 

Following that POC, it became clear to me that Cybereason is a no-brainer for cutting edge technology companies heavily leveraging Linux in their product environments and Macs for employees. Simply put, there is no better EDR solution on the market. 

Cybereason’s other industry-leading functionality includes the following:

A Reliable Failsafe

In addition to its extremely robust prevention, detection and forensics capabilities, Cybereason also provides a failsafe we feel very comfortable relying on. The multi-layered AV/NGAV, device controls and EDR capabilities are highly effective at preventing malicious operations when other controls fail. 

Highly Intuitive, Optimizing New SecOps Employee Onboarding

I just hired two new security analysts. Due to the intuitive nature of Cybereason, they were onboarded and productive in less than two weeks. They’re performing investigations and doing great based on the success criteria for their role. 

In fact, one of the new analysts who came from a massive multinational biotechnology company said, “Wow I wish I had this at my old job, I used to have to do all this triaging and investigating manually.” So, a side benefit is that Cybereason also improves job satisfaction among my analysts; ultimately making it easier to retain my security talent.

Extremely Low Signal to Noise Ratio

Cybereason’s low signal-to-noise ratio allows analysts to focus on only the most critical incidents. And it takes the guesswork out of remediation with automated and guided response options; making sure that when an event happens, we can respond in real time to reduce any dwell time. When we hear from the Cybereason SOC, there is no question of its importance.

Cybereason also provides a very detailed analysis of every MalOp™ (malicious operation) from root cause across every affected endpoint, user and asset - even our cloud workloads. This gives us the leverage we need to make sure that we can reduce the potential impact from any incident.

Easily Integrates Into Any Highly Automated Cloud Environment

Integrating Cybereason into diverse cloud-based and hybrid environments is simple. The Cybereason sensor is directly embedded into the Amazon Machine Images (AMIs). Every 15 minutes a script runs, ensuring all cloud instances have the Cybereason agent installed. If a cloud instance is found to be missing the agent, a Chef Cookbook automatically installs the agent.

When it mattered most, Cybereason enabled us to ensure our network was protected. Their agent sent actionable intelligence when any suspect activity on our technical infrastructure occurred. 

It’s not always an issue of alert fatigue or false positives vs. true positives. Cybereason provides actionable information to help us make the right decisions when under pressure. This enables us to reduce our mean time to detect and respond. It’s the one tool we consistently rely upon for the actionable and accurate information we need in critical situations. 

Everyday, I am a Defender. Cybereason gives me the tools and expertise that I need to defend ActiveCampaign’s customers and employees. Ultimately, I would recommend Cybereason to anyone.

Chaim Mazal
About the Author

Chaim Mazal

Chaim Mazal is the Vice President of Information Security at ActiveCampaign, where he oversees the information security organization, including security operations, security product engineering, information technology, and risk and compliance teams. Prior to joining the ActiveCampaign team, Chaim built security programs at two of the highest valued SaaS startups in Chicago, Uptake and Avant. Chaim has created multiple SaaS-specific security programs using his expertise in offensive security to secure fast-paced high-growth environments. Chaim is actively involved in the information security community. He is a lifetime member and contributor to the OWASP Foundation and currently sits on several advisory boards, including Cybereason and Bugcrowd, two multi-billion dollar SaaS security companies.

All Posts by Chaim Mazal