Machine learning is one of information security’s biggest buzzwords, with many security vendors talking about how their product uses this technology to automate data integration.
Dan Sullivan at TechTarget's SearchSecurity examined the Cybereason Endpoint Detection and Response Platform to see how its analytics engine performs behavioral analysis on possible threats.
He pointed out that Cybereason avoids using agents in the kernel. Unlike other endpoint platforms, Cybereason runs in user space. This setup means the collection agents have very little impact on device performance, Sullivan said, noting that with Cybereason, “a 1% to 3% CPU utilization is not uncommon.”
The Malop Hunting Engine is "the core big data analytics component" of Cybereason, wrote Sullivan, explaining that the engine analyzes endpoint data "for new threats, anomalies, risks and non-signature-based attacks."
Data integration is “fundamental” in allowing Cybereason to help security analysts see an entire attack. “By integrating multiple forms of security event data, and making it accessible through a centralized interface, infosec professionals can query the scope of devices involved, review the timeline of events and assess different mitigation strategies,” Sullivan wrote.
The central interface, he continued, provides less skilled security analysts with the information they need to fully understand a security incident and respond to it. “By collecting, integrating, analyzing event data, the Cybereason platform frees them from the more mundane aspects of data collection and analysis," he wrote.
Sullivan concluded that Cybereason “is well suited for large and midsize enterprises and those with demanding infosec requirements. The combination of multiple detection techniques mitigates the weaknesses inherent in any single technique.”
Read the full article on SearchSecurity’s website.