Home >
Enterprise >
Participants >
Cybereason > Carbanak+FIN7 Configuration
|
Cybereason Configuration
Product Versions
- Cybereason Defense Platform v2020H2
- Cybereason Prevention (NGAV) + Endpoint Detection & Response, Advanced Threat Hunting & Forensics
Product Description
Cybereason offers an innovative and industry leading endpoint protection platform with multi-layered prevention, detection, response, and remediation via a single agent and is managed and accessible all via a single console. Cybereason’s data centric approach combined with behavioral based analysis provides unmatched visibility for defenders to be able to understand the full scope and impact of an attack within their environment. The unparalleled visibility reverses the adversarial advantage while increasing analyst efficiency and effectiveness, reducing security risk, and arming defenders with the power to stop even the most advanced attacks. Cybereason has implemented the ATT&CK framework directly into the Cybereason Defense Platform, making it easy for security teams to identify or search for threats in their environment using ATT&CK classifiers and terminology.
The Cybereason Defense Platform
Cybereason Defense Platform provides a multi-layered prevention approach that prevents known malware, unknown malware, ransomware, and fileless attacks. Cybereason’s anti-ransomware is unique, combining behavioral analysis and deception techniques to confidently prevent the primary goal of any ransomware: encryption.
Since not all threats can be prevented outright, Cybereason uses the same agent to collect raw data from the endpoint to detect and respond to unknown attacks regardless of level of sophistication and tactics. Data is collected and processed through our Correlation Engine, which is purpose-built to correlate data collected across all devices, allowing analysts to instantly identify all impacted devices in an attack within a single screen. This data is enriched with threat intel that includes IoC’s and flags certain events as evidence or suspicions providing an automatically generated root cause analysis. The final result is a visualized attack time-line with a structured, enriched, in-memory graph database that can be rapidly queried for malicious activity both automatically and manually.
Primary Features
- Single agent with four detection engines to minimize configuration and maximize detection and prevention
- Single integrated workflow to manage, detect, analyze and respond to threats
- Fully integrated endpoint protection with multi-layered prevention (NGAV / AV) as well as detection and response incorporating; machine learning, behavior analysis, indicators of compromise (IOCs) and advanced threat hunting
- Visualized attack timeline with summarized or detailed information for all impacted devices with single click remediation.
- Intuitive search and investigation screens to rapidly find and illuminate suspicious activity and threats with built in MITRE ATT&CK information
Cybereason Services
Note: Services were not evaluated as part of the 2020 Carbanak+FIN7 evaluation due to the scope of the evaluation.
Cybereason offers a full suite of services to augment customers' security teams with any combination of detection, investigation, breach containment, and response needs.
-
Cybereason MDR:
- 24/7 monitoring, incident triage, and recommendations
- Ongoing, proactive hunting to identify malicious activity
- Advanced analysis and remote remediation delivered through the Cybereason platform
- Incident Response: immediate and on demand incident response, including scoping, investigation, consultation, and containment of incidents
- Assessment Services: customized review of your environment to help identify and address misconfigurations, needed critical patches, and security policy enforcement
Product Configuration
- Collection Features: All Enabled
-
Configuration Used During Protection Evaluation
- Signatures: On - Prevent
- Machine learning: On - Prevent
- Behavioral Document Protection: On - Prevent
- Fileless prevention (Powershell, .NET): On - Prevent
- Exploit Protection: On - Cautious
- Anti-ransomware: On - Prevent
- Endpoint Controls: Off
-
Configuration Used During Detection Evaluation
- Signatures: On - Detect
- Machine Learning: On - Detect
- Behavioral Document Protection: On - Detect
- Fileless Detection (Powershell, .NET): On - Detect
- Exploit Protection: On - Cautious
- Anti-Ransomware: On - Detect
- Behavioral Allow-list: None