Home  >  APT29  >  Results  >  Cybereason  >  Configuration

Cybereason Configuration

Product Versions

Cybereason Ultimate: 19.1 Service Pack B

Cybereason Active Monitoring

Cybereason Active Response


Cybereason offers an innovative endpoint protection platform with multi-layered prevention, detection, response, and remediation via a single agent and accessible through a single console. Cybereason’s unique data centric approach provides unmatched visibility to understand the full scope and impact of an attack, increases analyst efficiency and effectiveness, and reduces security risk, giving you the power to stop even the most advanced attacks. Cybereason has implemented the ATT&CK framework directly into the Cybereason Defense Platform, making it easy for security teams to search for threats in their environment using ATT&CK classifiers and terminology.

The Cybereason Defense Platform

Cybereason Defense Platform provides a multi-layered prevention approach that prevents known malware, unknown malware, ransomware, and fileless attacks. Cybereason’s anti-ransomware is unique, combining behavioral analysis and deception techniques to confidently prevent the primary goal of any ransomware: encryption.

Since not all threats can be prevented outright, Cybereason uses the same agent to collect raw data from the endpoint for detection and response. All data collected is processed through our Cross-Machine Correlation Engine, which is purpose-built to correlate the data collected across all machines, allowing analysts to instantly identify all machines impacted in an attack. This data is enriched with threat intel that includes IoCs and flags certain events as evidence or suspicion. The final result is a visualized attack and time-line with a structured, enriched, in-memory graph database that can be rapidly queried for malicious activity both automatically and manually.

Primary Features:

  • Single agent with four detection engines to minimize configuration and maximize detection and prevention
  • Single integrated workflow to detect, analyze and respond to threats within Endpoing Security
  • Fully integrated endpoint protectionw ith antivirus (AV) defenses, machine learning, behavior analysis, indicators of compromise (IOCs) and endpoint visibility
  • Triage Summary and Audit Viewer for exhausting inspection and analysis of threats
  • Enterprise Search to rapidly find and illuminate suspicious activity and threats
Cybereason Services

Cybereason offers a full suite of services to augment SOCs with any combination of detection, investigation, breach containment, and response.

Cybereason Services include:

  • Active Monitoring: 24/7 monitoring, incident triage, and recommendations
  • Active Hunting: ongoing, proactive hunting to identify malicious activity
  • Active Response: advanced analysis and remote remediation delivered through the Cybereason platform
  • Incident Response: onsite incident response, including scoping, investigation, and containment of incidents

Product Configuration

  • Collection Features: All Enabled
  • Prevention Features
    • Signatures: Detect Only
    • Machine learning: Detect Only
    • Fileless prevention: Detect Only
    • Anti-ransomware: Detect Only
  • Detection Features: Default
  • Behavioral Whitelisting: None