Cybereason’s evolution to disrupt beyond SIEM and XDR market

Today, enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by an exponential increase in compute resources, as well as data volumes and security tooling driving up the cost of storing, managing and analyzing the data for security purposes.

Cybercriminals know this problem and are growing more capable to democratize attacks for the cybercrime masses. By leveraging AI, unskilled attackers are now able to access and use advanced technology, even if they don’t understand it – making the life of cyber defenders a lot more complicated to tackle both conventional and AI-driven cyberattacks (e.g. AI generated social engineering attack dubbed with deepfake technology).

When the organization’s digital attack surfaces expand exponentially and the attacker complexities evolve rapidly to evade detection - the implementation of zero trust and total defense becomes a tough job (and costly) for many CISOs. Enterprises are increasingly frustrated with having to deploy different point solutions to protect each element of their digital infrastructure – on top of exponentially growing data volume and costs, security budgets are getting squeezed and businesses are looking for cost efficiencies and returns on their investments, or at least an understanding of the value they are getting from these investments to effectively protect and defend the organization from future threats.

Most enterprises are in the process of implementing Enterprise Platform consolidation (proprietary vs. open platform) and Data Lake (centralize vs. siloes) strategy to support the digital transformation journey. For CISOs, it is crucial to collaborate with CIO-driven enterprise IT and digital strategy to expand cybersecurity value to a broader business value framework. The outcome is to drive security and data platform consolidation for cost optimization and efficiencies around analytics and visibility between Business, IT, Compliance and Security operations.

Cybereason recognized this challenge early on, pivoting towards a customer-centric platform approach to enterprise cybersecurity. It launched its Cybereason SDR Platform on 25th March 2024 precisely to address these concerns.

Cybereason’s SDR Platform (SIEM Detection and Response) is a significant evolution in the company’s approach to cyber-protection. With SDR, Cybereason delivers a comprehensive cybersecurity solution that converges endpoint protection (EPP), detection and response (EDR and XDR), SIEM, Observability and various other cybersecurity tools into an unified cybersecurity service portal, single security data lake, and AI-powered platform designed to provide near real-time, autonomous security across an organization's entire digital footprint and network.

Cybereason’s pedigree comes from providing the most effective and efficient endpoint security, so it makes sense that it views the endpoint as the core focus for securing the enterprise and the extended attack surfaces. While it maintains a strong focus on endpoint protection, detection and response, Cybereason is not just an endpoint security provider. Over the past three years, the company has strategically transformed and expanded its platform to include solutions beyond traditional endpoint security. Cybereason helps its customers across cloud security, on-prem protection, data analytics, managed detection and response, digital forensic & incident response, and cybersecurity advisory services.

With SDR, Cybereason continues to take an open and data-centric platform approach and delivers 4 key benefits:

  • Drives down data costs by consolidating existing enterprise security data lakes across multiple detection and response technologies and removing the need to centralize the ingestion of high volume and high velocity data streams into the SIEM.
  • Full observability across the existing IT and security estate by Ingesting almost any IT data in any format, meaning that security operations can efficiently centralize all security data without limiting the volume and detail or quality of the trace and metrics data needed for fast and effective detection and response.
  • Enhanced analyst productivity and visibility by removing security data silos and reducing the long triage and investigation times that plague security operations that rely on a SIEM architecture.
  • Simplified Threat Detection and Response with Automated Triage and Investigation leveraging the power of the Cybereason MalOp Detection Engine.


By helping security operations teams to address the biggest challenges of using SIEMs for detection and response activities, largely of cost, efficiency and efficacy, Cybereason then plans to expand to address other SIEM and AI-driven SecOps use cases in time.

For more information on Cybereason SDR visit our SDR Product Page.

CK Chim
About the Author

CK Chim

CK Chim joins Cybereason with more than 25 years of cybersecurity experience. He is the Field Chief Security Officer (CSO) to accelerate Cybereason business expansion in APJ region. Prior to Cybereason, Chim served as corporate defender at Shell, Global CISO for DHL Express and Dyson where he held global responsibility to secure IT-OT-XIOT services internationally to enable trust and resilient operations across oil & gas, logistics, e-commerce, and consumer technology industries.

All Posts by CK Chim