By Brandon Rochat, Cybereason regional sales director for Africa
The update introduces significant improvements in file search operations, investigation query results and cloud workload protection, providing more granular data and faster key artifact identification.
Enhanced protection includes behavioural execution prevention and new sensors for Docker and Kubernetes, ensuring robust threat detection and prevention. Infrastructure management advancements include custom reputation management, fileless mode protection, sensor tampering protection and streamlined sensor deployment processes –all aimed at increasing security efficacy and operational efficiency.
Investigation enhancements
Cybereason has refined its file search capabilities, allowing users to choose between standard searches based on filters and YARA rule-based searches. The introduction of dynamic filters helps users pinpoint the exact machines they need to investigate, significantly speeding up the search process.
Users can now apply their queries within specific timeframes ranging from the past hour to the past seven days with a default setting of 24 hours. Additionally, the query results can be customised to display a specific number of results per page, enhancing the ability to focus on relevant data quickly.
Enhanced protection
Cybereason’s cloud workload protection now includes new sensors that can be deployed on Docker hosts or Kubernetes clusters. These sensors collect security data, which is then integrated into the Cybereason defence platform, providing comprehensive threat detection and prevention across cloud environments.
This feature leverages detailed research data from Cybereason’s EDR solution to detect and prevent malicious processes based on their behaviour. Behavioural execution prevention offers inline prevention on the endpoint, reducing response times and improving overall security efficacy.
Infrastructure management
The custom reputations screen has been significantly enhanced, allowing users to manage reputations from private lists directly within the console. This feature helps minimise false positives while ensuring critical threats are detected based on the specific environment.
Users can now select protection modes, such as .NET or AMSI, based on their organisation’s requirements. This flexibility ensures optimal protection against fileless malware threats. Enhanced sensor tampering protection safeguards Cybereason processes on Windows endpoints from unauthorised modifications or termination attempts, improving endpoint resilience.
Furthermore, the new sensor installer packages for sensor groups simplify the deployment process, allowing pre-configured sensors to be added to specific groups efficiently. Sensors now check for updates every few hours, downloading but not installing them until an administrator triggers the upgrade. This improvement enables updates of up to 1 000 sensors per hour without impacting network performance.
Cybereason has broadened its feature support for Linux operating systems, including device control, personal firewall control, remote shell and NGAV support for on-file access scans. This expansion helps reduce the Linux attack surface, enhancing overall security.
The platform now supports Windows 10 21H2, MacOS 12 (Monterey), Amazon Linux 2 and Debian 10, ensuring comprehensive coverage across various operating systems.