The Cybereason Difference: Why PenTesters Don’t Want to be Our Valentine

February 15, 2021 | 2 minute read

This is the inaugural blog for our new series, The Cybereason Difference. Each post will explore a unique way that Cybereason empowers defenders. For this post, we decided to take a look at some of the reasons why we often get notes from our customers to the effect of, “I’m having fun watching our pentesters get frustrated over and over again as they attempt to bypass Cybereason - literally throwing the kitchen sink at it to no avail!”

When we think about the key things that set Cybereason apart from other cybersecurity tools, there are a few things that really stand out:

The Malop™: Short for malicious operation, the Malop™ is the realization of our operation-centric approach, presenting the complete picture of an attack rather than overwhelming analysts with piecemeal alerts.

Complete data collection: Detection of the most advanced and elusive attackers requires exhaustive and correlated data collection from the endpoint. Our platform processes 80 million events per second leaving adversaries nowhere to hide.

Indicators of Behavior (IOBs): Traditional Indicators of Compromise (IOCs) and signatures are useful for catching known malware; to catch never before seen malware we leverage Indicators of Behavior (IOBs) to stop even the most sophisticated attacks.

Automated response: Analysts can take remote remediation actions including machine isolation, killing processes, and opening remote shells, all from within an intuitive point and click interface—stopping attackers in their tracks and saving our customers untold amounts of time.

Future-ready: The flexibility of our product and the new innovations being added every day, make Cybereason future-ready for wherever the fight takes us.

Check back over the coming months for deep dives into each of these unique approaches—there’s a lot to unpack in there! For today, I am just going to share a story that is the culmination of all of the above components of The Cybereason Difference

We interview a lot of customers (how else will we know we’re getting it right?), and one thing keeps coming up that makes me smile ear to ear every time: Penetration testers hate Cybereason.

They really do. A lot. With a burning passion. With Cybereason they often can’t even get a single toe in the door, let alone establish a beachhead. They usually can’t get enough access to even start to enumerate the devices in the environment, and it makes their engagements with Cybereason a real pain in their backside.

Recently we did a webinar with Keith Barros, Senior Director of Information Security & Service Management at Seton Hall University. He joined the session to talk about how Cybereason is so intuitive, they can actually use student interns as Level-1analysts in their Security Operations Center (SOC). While he was discussing that, he also talked briefly about his experience with penetration tests since the university implemented Cybereason: 

The pentesters become very frustrated because they can't get as far as they would like and they keep complaining to us, ‘Can you give us an opening here because we can't see it? We can't get that far.’ I typically reply with, ‘No, that's the whole point of what we want you to do in the pentest is not be able to get there.’

I should have taken a picture of my smile. I was also recently talking to a cybersecurity pro at an insurance company in Canada. He had just completed the most successful penetration test of his tenure. Success, in this case, being judged by just how little progress into the environment the consultant was able to make. He was amazed because this penetration testing consultant seemed very talented. 

One of my favorite things he shared with me was:

“[The pentesting consultant] asked what we are running internally. He hasn't even enumerated the platform yet because it's booted him before he can get a persistent reverse shell…”

Now that’s an even better gift than a box of chocolates! 

The Malop, extensive data collection, indicators of behavior, automated response and isolation, and constant innovation keep us one step ahead of penetration testers (and attackers). Pentesters may hate us, but we love them,  wish them a happy Valentine’s Day, and send much appreciation for consistently proving-out the efficacy of our solution set. Thanks and good luck!

Justin Buchanan
About the Author

Justin Buchanan

Justin Buchanan, Director of Product Marketing, is responsible for the go-to-market strategy of Cybereason’s Endpoint Protection Platform (EPP) offerings. Driven by his background in IT and his deep understanding of customers’ desired outcomes, Justin is passionate about how Cybereason can help customers—and the security industry as a whole—reverse the adversary advantage and empower defenders.

All Posts by Justin Buchanan