Cybereason MDR: Fast, Efficient, Effective

August 25, 2022 | 3 minute read

For security teams struggling with staffing shortages, alert fatigue, and a pressing need to streamline operations, Managed Detection and Response (MDR) services are an efficient and effective way to improve an organization’s security posture while freeing up analysts to focus on strategic priorities.

But not all MDR offerings are created equal. The Cybereason MDR Complete service not only provides 24/7 monitoring, elite threat hunting experts, the industry-leading Cybereason Defense Platform, and an array of other services, but it also brings to bear proprietary technology that enables Cybereason to detect a threat in less than 1 minute, triage the threat in less than 5 minutes, and remediate it in less than 30 minutes.

Let that sink in: a minute to detect threats, 5 minutes to triage, and 30 minutes to remediate. How fast can you do those things now?

The MalOp Severity Score

When every second counts, the ability to correlate and understand alerts as quickly and efficiently as possible is critical in preventing a breach. Traditional approaches to detection, which treat each alert individually and without context, are no longer viable.

The Cybereason MalOp™ (short for malicious operation) provides the holy grail of detection: a contextualized view of the full narrative of an attack, correlated across all impacted endpoints, in a single screen. For security analysts, the MalOp shift their approach from alert-centric and reactionary to proactive and operation-centric (that is, enriched with a holistic understanding of the broader attack operation).

Cybereason MDR Complete extends the power of the MalOp in a way that enables our analysts to respond to the most critical malicious operations faster than any other company in the market. We do this through the MalOp Severity Scoring System (MOSS) and an automated remediation process known as Extended Response.

Once a MalOp is detected, the MOSS assigns a criticality score based on behavioral attributes and human expert analysis. Additionally, as part of the root cause investigation, every MalOp is mapped back to the MITRE ATT&CK Framework, which adds context to the attack's impact on the targeted host. Any MalOp deemed critical will automatically be prioritized for additional in-depth analysis and immediate response.

The MalOp Severity Score is comprised of three different components:

  • A Behavioral Score maps the MalOp to the MITRE ATT&CK Framework and assesses the extent of the attack.
  • Expert Analysis conducts root cause triage verification, actor attribution, and possible impact evaluations.
  • Customer Criticality adjusts the score based on the criticality of assets and their recoverability.

Extended Response

The Extended Response capability is the engine behind our industry-leading detection, triage, and remediation times. Once a MalOp is deemed critical by the MOSS, it kicks off an automated remediation process called Extended Response. 

Extended Response is a proactive and automated remediation capability powered by the Severity Score system logic. By automating the scoring of a MalOp, Cybereason threat responders can:

  • Detect within 1 minute - By leveraging the Cybereason Defense Platform and proactive threat hunting, Cybereason threat responders can detect all instances of the threat across the network.
  • Triage within 5 minutes - Quickly assess and understand the severity of an attack by using the information gathered by the MalOp Severity Score.
  • Remediate within 30 minutes - Immediately isolate the infected host and remediation actions based on the severity of the threat.

MalOp Severity Score and extended response

Business Benefit

Cybereason MDR delivers 24/7 security coverage and positions your security team with a future-ready posture designed to not only detect and remediate today’s threats but ensure protection against tomorrow’s attacks.

Other tangible business benefits include:

  • Time to value - Cloud-based deployment allows Cybereason MDR to be deployed across any size organization and any number of endpoints in minutes - not days.
  • Efficiency gains - Eliminate your skills gap with a team of elite security experts who can streamline your security operations.
  • Risk mitigation - Improve your organization’s security posture with proactive threat hunting, triage, and remediation.

The  MalOp™ Severity Score is available in all Cybereason MDR packages. Extended Response is included in MDR Complete but is only available as an add-on service in MDR Essentials.

Defenders can also leverage the Cybereason Mobile App to get instant access to their MDR dashboards, approve remediation actions, and communicate with our Global SOC Team from any authorized mobile device. Defenders can take immediate action by launching remediation actions for ongoing threats. This reduction in latency significantly reduces an adversary’s lateral movement and can prevent an attack from turning into a breach.

Contact a Cybereason Defender to learn more about how Cybereason MDR delivers prevention, detection, and response capabilities as a service, enabling us to uncover the most sophisticated and pervasive threats without having to manage them yourself.
Dan Verton
About the Author

Dan Verton

Dan Verton is Director of Content Marketing at Cybereason. Dan has 30 years of experience as a former intelligence officer and journalist. He is the 2003 first-place recipient of the Jesse H. Neal National Business Journalism Award for Best News Reporting – the nation’s highest award for tech trade journalism and is the author of the groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003). He most recently served as an intelligence advisor and co-author of a nationwide TSA anti-terrorism awareness training program.

All Posts by Dan Verton