enterprisesecuritymag

Cybereason: Rewriting the Security Rulebook

Lior Div, Co-founder & CEO, CybereasonLior Div, Co-founder & CEO As malware attacks increase in complexity and novelty, organizations need a security strategy that is more foolproof than firewall, web-filtering, and password protection. The answer to this: data analytics. It’s ironical that on one hand it is data which is getting stolen and on the other hand, it’s also data that holds the power to combat these intruders. Data generated by the attacker’s activity is the hallmark of cybercrime and precisely the reason analytics is becoming the primary tool in cybersecurity. Analytics not only helps establish context but also provides meaning and visibility.

"At the heart of Cybereason hunting engine is a custom-built in-memory graph that asks 8 million questions per second, 24/7 to uncover malicious tools and tactics"

Projecting the same line of vision is Cybereason that offers the most powerful cybersecurity analytics platform, enabling organizations to stay one step ahead of the ever-evolving threat vertical. Founded in 2012, with security experts from the Israel Defense Forces Unit, what makes Cybereason a cut above other industry players is their extensive experience in hacking operations. At the helm of Cybereason is Lior Div, CEO and co-founder who is also an outstanding achiever when it comes to security. Div is a specialist in hacking operations, forensics, reverse engineering malware analysis, cryptography, and evasion. With deep technical expertise governing all their offerings, Cybereason’s full-stack, behavior-based hunting system analyzes more data, more deeply than anyone else in the market.

Ahead of Adversaries

To defend against the most advanced attacks, Cybereason’s Deep Detect and Respond (EDR) solution focuses on collecting and analyzing behavioral data at a scale way beyond what is possible by human beings. Through their Deep Behavioral Intelligence Engine that maintains tens of millions of relationships among the data, a real-time picture of a customer’s environment is provided. The Deep Behavioral Intelligence Engine does not simply store collected data but uses preconfigured detection models to hunt for malicious activities and tactics, techniques, and procedures (TTPs) while executing their hacking campaigns. Moreover, through single-click remediation, EDR helps reduce the impact of an attack.

With security experts from the Israel Defense Forces Unit, what makes Cybereason a cut above other industry players is their extensive experience in hacking operations


Another platform that simplifies analytics largely is Deep Investigate, a sophisticated investigative workbench that enables analysts to conduct customized, advanced analysis. Within Deep Investigate’s console, analysts can pivot across affected users, network connections, machines, and processes to track the attacker’s activities, tools, and techniques.

All of Cybereason’s platforms can be deployed on-premises or in the cloud. While in on-premise deployment customers can apply their own security standards, all of Cybereason’s cloud deployments are done via AWS cloud security best practices in AWS secure data centers.

Cybereason’s EDR was the solution of choice, in the case of a clinical, financial, and operational consulting services provider for healthcare firms. The client’s perimeter defenses weren’t providing endpoint visibility. While the company had network perimeter defenses like a firewall and antivirus software, greater visibility was required as their employees were working from home. On deploying Cybereason the results were immediate and the client was remediating attacks in an hour! Additionally, the consulting company replaced their antivirus software with Cybereason’s next-generation antivirus to reduce agent fatigue, simplify vendor management, and reduce the risk of software conf licts. Instead of endpoints being a blind spot, the client’s team now has endpoint information at their fingertips and can protect computers no matter where they are.

The Upper-Hand in Endpoint Security

Through all their implementations, Cybereason’s hunting engagement service is a clear hero. Their team is trained to hunt for slow malicious activity and deep dive into data to provide insights into attack methodologies used by adversaries. The information is collected through sensors that are placed by the company on all endpoints. Best of all, these sensors do not hamper user productivity and can be deployed in as little as 24 hours. It collects data from Windows and Mac OS X alongside monitoring Linux and Windows servers. Cybereason comes preconfigured with a library of models that look for malicious activities and tools, tactics, and procedures that attackers use while executing their hacking campaigns. Malicious activity models cover the entire attack lifecycle, allowing detection of infiltration, command and control, lateral movement, privilege escalation, and damage.
After this, using algorithms and machine learning, the hunting engine recognizes behaviors that are way beyond what is possible by even the most intelligent human beings. At the heart of Cybereason hunting engine is a custom-built in-memory graph that asks 8 million questions per second, 24/7 to uncover malicious tools and tactics. In the end, Cybereason exposes the attack through end-to-end operations enabling firms to discover how adversaries gained access and remediate with precision.

Cybereason’s unparalleled security services can be better highlighted through the case study of a Fortune 500 bank. The client needed to replace its endpoint detection and response tool with one that provided the security team with a complete attack story by automatically collecting and analyzing endpoint data. The bank, which has more than 60 million customers across the world, was using an outdated tool that collected reams of data from hundreds of thousands of servers and computers but didn’t provide any context. Analysts had to undertake the time-consuming process of manually querying the data to make sense of it. With Cybereason the bank could automatically collect and correlate endpoint data and alert when malware was detected, saving security analysts precious time. The deputy CISO at the bank commented, “Lots of tools are very good at providing visibility, but no other product could say, ‘This is the thing you need to look at.’ That’s what Cybereason provides. We need a tool that gives us those unique alerts because we’re a big bank and a big target.”

End-to-End Security

For the maximum benefit of clients, Cybereason offers a service called advanced analysis to help organizations gather and analyze additional artifacts from an environment to aid in the investigation process. Cybereason malware experts will conduct custom threat research and consult with peers in the threat intelligence community to understand how malicious activities discovered might affect an organization. The advanced analysis allows businesses to get in-depth insights as well as build greater resiliency from future incidents.

Keeping in mind that clients are trusting Cybereason with their most sensitive information, the security of that data is the company’s chief priority. They follow application security best practices including OWASP guides and NIST standards. Moreover, to drive absolute value, Cybereason offers both onboarding and ongoing support. The team at Cybereason consists of elite professionals that educate customers on how to use their products most effectively and ensure smooth rollouts. Given their dedication, it comes as no surprise that the company has observed year and year revenue growth and a 200 percent increase in clientele.

With the world becoming hyper-connected, Cybereason’s mission is to protect all people and information and empower the defender. With most of their use cases revolving around endpoint detection and response, the company plans to expand their services beyond traditional hardware. The vision is to protect wearables, cars, and IoT devices, in other words, anything that is connected to the internet.
- Sandeepa M
    December 15, 2018