EDR

At the core of the Cybereason platform is the Cybereason EDR component. Cybereason EDR enables security teams to detect and respond to advanced attacks in an efficient way that provides them an edge against any attackers in their environment

Cybereason EDR works on a number of different levels:

1. Threat detection to enable the platform to find and alert you of potential and confirmed malicious activity. Threat detection is built on a considerable set of out-of-the-box proprietary detection rules that Cybereason develops, but also custom detection rules, custom reputations, and behavioral allowlisting exceptions that you add for your environment.

   Threat detection lies at the heart of the Cybereason platform EDR capabilities. The Cybereason platform EDR capabilities are powered by the Cross Machine Correlation (CMC) Engine. The CMC Engine analyzes the data that sensors have collected, classifies events that occur on the endpoint, and then applies proprietary detection rules to identify behavior that could be, is highly likely to be, or is definitely a threat. Cybereason continually updates and improves the platform native classification abilities, behavioral analysis models, and detection rules to conclusively identify threats and avoid flagging benign behaviors.

   After the Cybereason platform analyzes the data, the platform generates detections that help you see and understand events and activities of interest on your organization machines. These events and activities include both benign and malicious events. You can use the information in these detections to create investigation queries that help you search for more events and activities.

   If the Cybereason platform native detections do not include behavior that is malicious in your environment, or if these native detections flag behavior that is benign in your environment, you can create custom rules or add items to your platform allowlist and blocklist.

2. MalOp response to enable you to address threats. When Cybereason detects a potentially malicious operation, the platform generates a MalOp. MalOp response enables you to view, understand, and analyze the activities that the MalOp includes, and to respond to and stop potential problems.

This section describes Cybereason EDR capabilities and explains how to use them to help your security operations.

Topics:

• Endpoint Data Collection
• Endpoint Data Correlation
• CMC Engine
• Custom Detection Rules
• Create a Custom Detection Rule - Tutorial
• Manage Behavioral Allowlisting Rules
• Add a Behavioral Allowlisting Rule - Tutorial