Technology Partners

Uncover Cloud Detection and Response (CDR) insights across your enterprise with the Sysdig integration. Important alerts and events from Sysdig are transmitted to Cybereason XDR to identify MalOps that cross critical thresholds.

Cybereason and Google Cloud have partnered to deliver the most powerful unified XDR solution available on the market today. XDR combines the petabyte-scale of Google Cloud with the Cybereason MalOp Engine in a single solution that delivers instant attack detection and guided incident response.

Cybereason and Slack have partnered on an XDR integration that can identify compromised Slack accounts, ensure that malware is not hosted or distributed via Slack, and automatically reach out to users with suspicious authentications to accelerate incident triage and investigations. The integration uniquely leverages Slack’s Security API, which feeds key data and activity to Cybereason XDR, and also enables analysts to modify Slack permissions from the Cybereason console.

Cybereason and Okta have partnered to help protect your employees and all the ways they work. XDR integrates with Okta to ingest authentication, access, and privileged user activity. In addition, alerts and context from ThreatInsight is fused with XDR context across email, endpoint, and network to provide an actionable attack view of any malicious operation (MalOp).

Cybereason and Netskope have partnered on an integration to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from Netskope Web Proxy is fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including account takeover and use of compromised credentials.

Cybereason and Zscaler have partnered on an integration to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. Zscaler Internet Access (ZIA) and Private Access (ZPA) can stream events into Cybereason XDR. Important events and preventions are correlated as signals with broader endpoint, identity, and application activity to identify subtle signs of malicious behavior, including account takeover and use of compromised credentials.

Cybereason and Mimecast have partnered on an integration to extend protection, detection, and response to the many ways we work today. With XDR, data from Mimecast Email Protection is fused with broader endpoint, email, identity, and application activity to provide an actionable attack view of any malicious operation (MalOp), even if the attack weaves between data siloes or traverses from phishing email to endpoint compromise.

Cybereason and Proofpoint have partnered on an integration to extend protection, detection, and response to the many ways we work today. With XDR, data from Proofpoint Targeted Attack Protection (TAP) is fused with broader endpoint, email, identity, and application activity to provide an actionable attack view of any malicious operation (MalOp), even if the attack weaves between data siloes or traverses from phishing email to endpoint compromise.

Cybereason and Oracle have partnered to protect global enterprises against advanced cybersecurity threats at every endpoint and across the enterprise. Enterprise customers benefit from the Cybereason XDR Platform machine learning prevention, detection and automated remediation capabilities; Oracle Cloud Infrastructure (OCI) provides global scalability with microsecond latency and low costs.

Cybereason and Fortinet have partnered on integrations to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from Fortigate Firewall & IPS is fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

Cybereason and Vectra have partnered on integrations to deliver a comprehensive view of threats across networks, endpoints, and the many ways we work today. With XDR, Vectra Cognito Detect signals are fused with endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

Leverage a unified, efficient workflow from threat triage to investigation and response. High fidelity data from Cybereason MalOps can be sent to Splunk for further analysis and search.

Cybereason and Amazon have partnered to provide security teams with complete visibility, detection, and response across the modern IT enterprise. Through an integration wtih AWS CloudTrail, Cybereason XDR is able to identify signs of account takeover, anomalous access, and help teams quickly respond to malicious operations.

Cybereason and Palo Alto Networks have partnered on integrations to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from Palo Alto IDS/IPS & Firewall technologies are fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

MalOp data from Cybereason can be shared with Darktrace to further enable advanced security investigation and analysis.

Cybereason and Juniper Networks have partnered on integrations to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from Juniper IDS/IPS & Firewall technologies are fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

Cybereason and F5 Networks have partnered on integrations to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from F5 Networks VPN, Web Application Firewalls, and Firewall are fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

Cybereason and Check Point have partnered on integrations to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from Check Point IDS/IPS & Firewall technologies are fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

Cybereason and ThreatConnect have partnered on integrations to apply leading threat intelligence signals across the data, events, and behaviors identified by the Cybereason XDR Platform.

Cybereason and Symantec have partnered on integrations to deliver a comprehensive view of threats across clouds, endpoints, and the many ways we work today. With XDR, data from Symantec Web Proxy and DLP are fused with broader endpoint, email, identity, and application activity to identify subtle signs of malicious behavior, including lateral movement, suspicious network traffic, and signs of command & control.

Cybereason and IBM have partnered on an integration that allows customers to send high-fidelity data and insights into the QRadar SIEM console. Cybereason and IBM have partnered to offer a unified workflow by importing high fidelity data and enabling advanced response actions from within the Resilient SOAR workflow."

Augment the Cybereason MalOp data with Trellix Intelligent Sandbox file analysis and threat intelligence capabilities.

The Cybereason and Sumo Logic integration allows customers to send high-fidelity data and insights from Cybereason into the Sumo CloudSIEM console.

Cybereason and Rapid7 have partnered to enable analysts a unified, efficient workflow by automatically importing high fidelity, contextualized data into Rapid7 IDR SIEM.

Cybereason and Exabeam have partnered to enable analysts a unified, efficient workflow by automatically importing high fidelity, contextualized data into Exabeam UEBA.

Cybereason and ServiceNow have partnered to enable analysts a unified, efficient workflow by automatically importing high fidelity, contextualized data into ServiceNow ITSM.

Cybereason and Swimlane have partnered to offer a unified workflow by importing high fidelity data and enabling advanced response actions from within the Swimlane SOAR workflow.

Cybereason and SCADAfence have partnered to give endpoint controls alongside high-fidelity behavioral indicators of compromise across endpoints and operational network equipment.

Cybereason and EclecticIQ have partnered to optimize security workflows by synchronizing reputation feeds and enhancing detections of malicious activity.

With this integration, suspicious files and various indicators of compromise (IOC) can be easily uploaded to VirusTotal for security analysis.

The Polarity and Cybereason integration allows users to rapidly understand if anyone in their environment has been affected by malware.

Cybereason and ThreatQuotient have partnered to optimize security workflows by synchronizing reputation feeds and enhancing detections of malicious activity.

With this integration, get additional insights into SafeBreach as it runs attack simulations across your environment. You can quickly view the results of attack simulations run in SafeBreach, and how Cybereason detected or prevented these items. This helps you tune and better customize to your environment, and improve the quality and resilience of your cyber defenses.

Cybereason and AttackIQ have partnered to empower security teams to efficiently tune and optimize security controls, while getting complete visibility into potential blind spots.

With this integration, Cybereason sends endpoint telemetry to Axonius, adding context to your enterprise asset management workflows and strengthening overall security efficacy.

The Cybereason endpoint platform is certified by OPSWAT, enabling security and IT teams to better protect enterprise assets and adhere to compliance requirements.

Cybereason partners with MITRE in many ways, including participation in the MITRE Center for Threat-Informed Defense, active participation in the MITRE ATT&CK Evaluations, and direct mapping to the MITRE ATT&CK Framework across our XDR platform. When ingesting and enriching data across identity, email, endpoints, and clouds, behavioral data is identified and mapped to MITRE ATT&CK tactics and techniques. Our Attack Simulations often highlight MITRE Adversary Emulation Plans, and a mapping of our detections to the framework is available upon request.

Cybereason and ExtraHop have partnered to offer a unified workflow by auto enriching of security telemetry and extending response capabilities from within the ExtraHop console.

Ananda Networks provides an AI-based network fabric, enabling organizations to create their own private, high-performance, low-latency networks, connecting remote users and devices to applications in the data center or cloud with unparalleled speed, security, and simplicity.

Sevco is the cloud-native security asset management platform for enterprises that require an accurate IT inventory. Its patented telemetry technology creates a unified inventory that is updated continuously to deliver real-time asset intelligence and help security and IT teams identify and close their previously unknown security gaps.

Cybereason XDR assists with the investigation of Defender for Endpoint alerts, bringing together identity, workspace, and network context in the MalOp view.

Cybereason MalOp data can be sent to Google Chronicle for further data exploration and threat hunting. Cybereason XDR consolidates alerts across a broader IT & security environment, improving threat detection and doubling analyst efficiency.

Adaptive-Shield helps teams detect and fix risks, with over 120 SaaS integrations. This data can be shared with Cybereason MDR to power asset criticality and Extended Response workflows.

Data from Cisco ISE, Firepower NGFW, ASA Firewall, AnyConnect VPN, Umbrella Firewall, Email Security, and Umbrella DNS & Web Gateway is fused with Cybereason XDR to identify subtle signs of malicious behavior.

Cybereason asset data can stream into Claroty, while Claroty shares important alerts and events with XDR for broader correlation and faster investigations.

CyberArk identity data from business applications, distributed workforces, hybrid cloud environments and the DevOps lifecycle can be shared with Cybereason MDR to power asset criticality and Extended Response workflows.

Cybereason MalOp data can be streamed to Devo's cloud-native logging and security analytics platform for workflow and threat management use-cases.

By integrating Cybereason XDR with Dropbox, notable events and access can be streamed for analysis and correlation across identity, endpoint, and network signals.

With Cybereason DFIR, Exterro Forensic Toolkit can be easily deployed to the right assets, with output gathered in a Google Cloud Platform bucket.

Cybereason XDR connects via API to Google Workspace to ingest, enrich, and analyze key events and activity. User activity across access, email, and file sharing is fused with behaviors across global endpoints.

With Cybereason XDR, alerts from the Jamf Protect Mobile Threat Defense solution can be streamed for correlation with EDR endpoints, along with workspace, identity, and network suspicious events.

The Lacework Polygraph Data Platform integrates with Cybereason XDR, sharing correlated events across endpoint, identity, and cloud telemetry to identify attack patterns and prioritize by the highest risk.

OneLogin SSO and Cybereason XDR integrate to provide visibility into important events happening across identities, endpoint, and the broader network.

Cybereason XDR correlates Ping Identity telemetry around user access, privilege changes, and anomalous events into broader activity across endpoint, other identities, and network.

The Tidal Platform gives defenders and enterprises tools to tailor security programs to relevant adversary behaviors. Cybereason contributes to the Tidal Product Registry, a curated repository of vendor capabilities mapped to MITRE ATT&CK.

Alerts generated by Zimperium can be shared with Cybereason XDR to determine if malicious activity has extended to other endpoints, identities, or impacted other networks.

Duo Security integrates with Cybereason XDR to stream events for threat detection analysis. Important events are surfaced in XDR as Suspicious Events and correlated with broader signals from the IT enterprise.

Cybereason XDR connects with Azure AD Sign-In, Audit, and Context to identify signs of account takeover and use of compromised credentials. Alerts are consolidated and correlated with endpoint and identity context.

Cybereason XDR connects with Office 365 to analyze mail and user telemetry, Microsoft alerts, and supports response actions. Important signs of malicious activity are displayed in the MalOp's visual timeline.

Cybereason integration with Azure Sentinel enables importing of MalOps events into Microsoft Sentinel, enhancing investigation and correlation capabilities.

Cybereason and Cymulate partner together to allow teams to validate EPP effectiveness, validate that relevant events are being triggered and prioritized properly, and continuously validate SIEM performance.

Cybereason and Beyond Identity have partnered to provide full visibility into endpoint health and risk status, enabling better decision-making when granting access to corporate resources.

Leverage a unified, efficient workflow from threat triage to investigation and response. Advanced response actions can be triggered and automated from within Splunk Phantom workflows.

With the partnership with Cybereason, data from Balbix can be shared with Cybereason Managed Detection and Response services to power asset criticality and Extended Response workflows.

Cybereason's integration with D3 allows incident responders and threat hunters to respond to endpoint incidents in D3 while leveraging playbook orchestration to remediate endpoints with Cybereason EDR.

Cybereason and Google Chronicle Siemplify offer a unified workflow from threat detection to investigation and response. MalOps can be streamed from Cybereason EDR to Chronicle SOAR to trigger automated actions and response workflows.

Leverage a unified, efficient workflow from threat triage to investigation and response with Cybereason and PAN XSOAR. Advanced response actions can be triggered and automated from within XSOAR platform workflows.