New tools for investigation and robust infrastructure security

August 2024 News & Events, Information Security


Brandon Rochat

Cybereason continues to enhance its security platform, focusing on improved investigation, protection, and infrastructure management capabilities. Recent updates introduce significant improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Enhanced protection includes behavioural execution prevention and new sensors for Docker and Kubernetes, ensuring robust threat detection and prevention. Infrastructure management sees advancements in custom reputation management, fileless mode protection, sensor tampering protection, and streamlined sensor deployment processes, all aimed at increasing security efficacy and operational efficiency.

Investigation enhancements

Cybereason has refined its file search capabilities, allowing users to choose between standard searches based on filters and YARA rule-based searches. The introduction of dynamic filters helps users pinpoint the exact machines they need to investigate, significantly speeding up the search process.

Users can now apply their queries within specific timeframes ranging from the last hour to the last seven days, with a default setting of 24 hours. Additionally, the query results can be customised to display a specific number of results per page, enhancing the ability to focus on relevant data quickly.

Enhanced protection

Cybereason's Cloud Workload Protection (CWP) now includes new sensors that can be deployed on Docker hosts or Kubernetes clusters. These sensors collect security data, which is then integrated into the Cybereason Defence Platform, providing comprehensive threat detection and prevention across cloud environments.

This feature leverages detailed research data from Cybereason's EDR solution to detect and prevent malicious processes based on their behaviour. Behavioural Execution Prevention (BEP) offers inline prevention on the endpoint, reducing response times and improving overall security efficacy.

Infrastructure management

The custom reputation screen has been significantly enhanced. Now, users can manage reputations from private lists directly within the console. This feature helps minimise false positives, while ensuring critical threats are detected based on the specific environment.

Users can now select protection modes, such as .NET or AMSI, based on their organisation's requirements. This flexibility ensures optimal protection against fileless malware threats. Enhanced sensor tampering protection safeguards Cybereason processes on Windows endpoints from unauthorised modifications or termination attempts, improving endpoint resiliency.

Furthermore, the new sensor installer packages for sensor groups simplify the deployment process, allowing pre-configured sensors to be added to specific groups efficiently. Sensors now check for updates every few hours, downloading but not installing them until an administrator triggers the upgrade. This improvement enables the update of up to 1000 sensors per hour without impacting network performance.

Cybereason has broadened its feature support for Linux operating systems, including device control, personal firewall control, remote shell, and NGAV support for on-file access scans. This expansion helps reduce the Linux attack surface, enhancing overall security.

The platform now supports Windows 10 21H2, MacOS 12 (Monterey), Amazon Linux 2, and Debian 10, ensuring comprehensive coverage across various operating systems.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Unlock the future of security operations in Bloemfontein
DeepAlert News & Events Surveillance
Security professionals and business leaders are invited to revolutionise their offsite monitoring operations at the DeepAlert Product Road Show, taking place on 16 – 17 September 2025, at the Schoemanspark Golf Club, Bloemfontein.

Read more...
Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
Your Wi-Fi router is about to start watching you
News & Events Surveillance Security Services & Risk Management
Advanced algorithms are able to analyse your Wi-Fi signals and create a representation of your movements, turning your home's Wi-Fi into a motion detection and personal identification system.

Read more...
ProtecLink 2025: Ithegi Electronics supports a safer, smarter security ecosystem
News & Events
If you are a security buyer, operations lead, or technology partner, do not miss ProtecLink 2025, to be held in Polokwane on 16 September 2025, at the Polokwane Royal Hotel.

Read more...
Secutel maintains ISO certifications
News & Events Fire & Safety
Secutel Technologies has successfully recertified all four of its ISO standards, a reflection of its continued commitment to excellence, client trust, and operational integrity.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
SABRIC appoints Andre Wentzel as interim CEO
News & Events Financial (Industry) Associations
The South African Banking Risk Information Centre (SABRIC) has announced the appointment of Andre Wentzel as interim chief executive officer, effective immediately.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Paxton cuts emissions by over a third
Paxton News & Events
Paxton has announced a significant reduction in its carbon footprint, cutting emissions by 961 tonnes of CO2e in its 2023 second reporting year.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.