printer friendly version

New tools for investigation and robust infrastructure security

Brandon Rochat

Cybereason continues to enhance its security platform, focusing on improved investigation, protection, and infrastructure management capabilities. Recent updates introduce significant improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Enhanced protection includes behavioural execution prevention and new sensors for Docker and Kubernetes, ensuring robust threat detection and prevention. Infrastructure management sees advancements in custom reputation management, fileless mode protection, sensor tampering protection, and streamlined sensor deployment processes, all aimed at increasing security efficacy and operational efficiency.

Investigation enhancements

Cybereason has refined its file search capabilities, allowing users to choose between standard searches based on filters and YARA rule-based searches. The introduction of dynamic filters helps users pinpoint the exact machines they need to investigate, significantly speeding up the search process.

Users can now apply their queries within specific timeframes ranging from the last hour to the last seven days, with a default setting of 24 hours. Additionally, the query results can be customised to display a specific number of results per page, enhancing the ability to focus on relevant data quickly.

Enhanced protection

Cybereason's Cloud Workload Protection (CWP) now includes new sensors that can be deployed on Docker hosts or Kubernetes clusters. These sensors collect security data, which is then integrated into the Cybereason Defence Platform, providing comprehensive threat detection and prevention across cloud environments.

This feature leverages detailed research data from Cybereason's EDR solution to detect and prevent malicious processes based on their behaviour. Behavioural Execution Prevention (BEP) offers inline prevention on the endpoint, reducing response times and improving overall security efficacy.

Infrastructure management

The custom reputation screen has been significantly enhanced. Now, users can manage reputations from private lists directly within the console. This feature helps minimise false positives, while ensuring critical threats are detected based on the specific environment.

Users can now select protection modes, such as .NET or AMSI, based on their organisation's requirements. This flexibility ensures optimal protection against fileless malware threats. Enhanced sensor tampering protection safeguards Cybereason processes on Windows endpoints from unauthorised modifications or termination attempts, improving endpoint resiliency.

Furthermore, the new sensor installer packages for sensor groups simplify the deployment process, allowing pre-configured sensors to be added to specific groups efficiently. Sensors now check for updates every few hours, downloading but not installing them until an administrator triggers the upgrade. This improvement enables the update of up to 1000 sensors per hour without impacting network performance.

Cybereason has broadened its feature support for Linux operating systems, including device control, personal firewall control, remote shell, and NGAV support for on-file access scans. This expansion helps reduce the Linux attack surface, enhancing overall security.

The platform now supports Windows 10 21H2, MacOS 12 (Monterey), Amazon Linux 2, and Debian 10, ensuring comprehensive coverage across various operating systems.

Share this article:

Further reading: