New tools for investigation and robust infrastructure security

August 2024 News & Events, Information Security


Brandon Rochat

Cybereason continues to enhance its security platform, focusing on improved investigation, protection, and infrastructure management capabilities. Recent updates introduce significant improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Enhanced protection includes behavioural execution prevention and new sensors for Docker and Kubernetes, ensuring robust threat detection and prevention. Infrastructure management sees advancements in custom reputation management, fileless mode protection, sensor tampering protection, and streamlined sensor deployment processes, all aimed at increasing security efficacy and operational efficiency.

Investigation enhancements

Cybereason has refined its file search capabilities, allowing users to choose between standard searches based on filters and YARA rule-based searches. The introduction of dynamic filters helps users pinpoint the exact machines they need to investigate, significantly speeding up the search process.

Users can now apply their queries within specific timeframes ranging from the last hour to the last seven days, with a default setting of 24 hours. Additionally, the query results can be customised to display a specific number of results per page, enhancing the ability to focus on relevant data quickly.

Enhanced protection

Cybereason's Cloud Workload Protection (CWP) now includes new sensors that can be deployed on Docker hosts or Kubernetes clusters. These sensors collect security data, which is then integrated into the Cybereason Defence Platform, providing comprehensive threat detection and prevention across cloud environments.

This feature leverages detailed research data from Cybereason's EDR solution to detect and prevent malicious processes based on their behaviour. Behavioural Execution Prevention (BEP) offers inline prevention on the endpoint, reducing response times and improving overall security efficacy.

Infrastructure management

The custom reputation screen has been significantly enhanced. Now, users can manage reputations from private lists directly within the console. This feature helps minimise false positives, while ensuring critical threats are detected based on the specific environment.

Users can now select protection modes, such as .NET or AMSI, based on their organisation's requirements. This flexibility ensures optimal protection against fileless malware threats. Enhanced sensor tampering protection safeguards Cybereason processes on Windows endpoints from unauthorised modifications or termination attempts, improving endpoint resiliency.

Furthermore, the new sensor installer packages for sensor groups simplify the deployment process, allowing pre-configured sensors to be added to specific groups efficiently. Sensors now check for updates every few hours, downloading but not installing them until an administrator triggers the upgrade. This improvement enables the update of up to 1000 sensors per hour without impacting network performance.

Cybereason has broadened its feature support for Linux operating systems, including device control, personal firewall control, remote shell, and NGAV support for on-file access scans. This expansion helps reduce the Linux attack surface, enhancing overall security.

The platform now supports Windows 10 21H2, MacOS 12 (Monterey), Amazon Linux 2, and Debian 10, ensuring comprehensive coverage across various operating systems.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From the editor's desk: Keeping them out, keeping you aware
News & Events
Alarm, intrusion, and perimeter protection have been part and parcel of South African society for years. Many years ago, a home alarm consisted of wires covering one’s windows, which caused an alarm ...

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
New State of Physical Access Control Report from HID
HID Global Editor's Choice Access Control & Identity Management News & Events
HID released the 2024 State of Physical Access Control Report, identifying five key trends shaping access control's future and painting a picture of an industry that has been undergoing considerable transformation.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Workforce Consortium to reskill 95 million people
Editor's Choice News & Events AI & Data Analytics
ICT Workforce Consortium of global leaders has come together, committing to train and upskill 95 million people over the next 10 years, as 92% of jobs analysed are expected to undergo either high or moderate transformation due to advancements in AI.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
Tech Trailblazers seeks the most innovative and diverse investors in enterprise tech
News & Events
This year, the global enterprise tech startup awards, the Tech Trailblazers, is looking for the most innovative and diverse VCs as well as its usual hunt for groundbreaking tech start-ups.

Read more...
ONVIF standards drive growth in physical security market
News & Events
ONVIF has announced that more than 30 000 product models in the $120  billion global physical security market meet the ONVIF conformance requirements for interoperability.

Read more...