Home  >  APT3  >  Results  >  Cybereason  >  Configuration

Cybereason Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE comments are included in italics.

Product Versions

Cybereason Complete without Services: 18.1 Service Pack B


Cybereason was built by analysts, for analysts with the goal of empowering the defender. Cybereason offers endpoint detection and response (EDR) and next-generation antivirus (NGAV) technology along with active monitoring and response services. The Cybereason defense platform provides unmatched visibility to understand the full attack scope, increases analyst efficiency and effectiveness, and reduces security risk via a one console with one agent for Windows, Mac, and Linux machines. As is evident in the evaluation Cybereason has implemented the ATT&CK framework into the platform, making it easy for security teams to search for threats in their environment using ATT&CK classifiers and terminology.

The Cybereason Defense Platform

Cybereason delivers Multi-Layered Endpoint Prevention that prevents known malware, unknown malware, ransomware, and fileless attacks. Cybereason’s anti-ransomware is unique, combining Behavioral Analysis & Deception techniques to confidently prevent the primary goal of any ransomware: encryption.

Since not all threats can be prevented outright, Cybereason uses the same agent to collect raw data from the endpoint for detection and response. All data collected is processed through our Cross-Machine Correlation Engine, which is purpose-built to correlate the data collected across all machines, allowing analysts to instantly identify all machines impacted in an attack. This data is enriched with threat intel that includes IoCs and flags certain events as evidence or suspicion. The final result is a structured, enriched, in-memory graph database that can be rapidly queried for malicious activity both automatically and manually.


Cybereason offers a full suite of services: none of which were included in this evaluation. Services help augment SOCs that need help with any combination of detection, investigation, breach containment, and response.

Cybereason Services include:

  • Active Monitoring: 24/7 monitoring, incident triage, and recommendations
  • Active Hunting: ongoing, proactive hunting to identify malicious activity
  • Active Response: advanced analysis and remote remediation delivered through the Cybereason platform
  • Incident Response: onsite incident response, including scoping, investigation, and containment of incidents

Primary Features:

  • Single agent with four detection engines to minimize configuration and maximize detection and prevention
  • Single integrated workflow to analyze and respond to threats within Endpoint Security
  • Fully integrated endpoint protection with antivirus (AV) defenses, machine learning, behavior analysis, indicators of compromise (IOCs) and endpoint visibility
  • Triage Summary and Audit Viewer for exhaustive inspection and analysis of threats
  • Enterprise Search to rapidly find and illuminate suspicious activity and threats

Product Configuration

  • Collection Features: All Enabled
  • Prevention Features
  • Signatures: Detect Only
  • Machine learning: Detect Only
  • Fileless prevention: Detect Only
  • Anti-ransomware: Detect Only
  • Detection Features: Default
  • Behavioral Whitelisting: None