With the newfound capital, Cybereason plans to accelerate R&D, pursue acquisition opportunities and strategic product integrations, and ramp up operations company-wide. It also plans to expand its partner program while continuing to build out its endpoint protection offerings, according to cofounder and CEO Lior Div.
“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market,” said Div. “We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners. We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”
CTO Yonatan Striem-Amit added: “Autonomous security will democratize security and transform the cybersecurity profession. Cybereason will build it through its innovative products and a partner ecosystem.”
Cybereason — which made waves in June after uncovering a global espionage campaign involving major telecom companies — was founded in 2012 by Div, Amit, Yossi Naar and emerged from stealth in 2014 with $4.6 million in funding. Many of its employees served in the Israel Defense Forces’ 8200 unit, an elite group specializing in cybersecurity.
The company’s toolset helps to prevent known and suspicious threats across enterprise networks with a combination of behavioral analysis, heuristics, and machine learning, and with a robust activity-monitoring PowerShell and .NET framework engines. The suite relays detailed info from every network endpoint in real time, and it contextualizes security alerts with related attack elements like the root cause, affected machines and users, and incoming and outgoing communcations.
Cybereason’s analytics dashboard bubbles to the top whole process timelines, along with all malicious activity across PCs and internet of things devices. Using the insights gleaned from them, IT teams can craft within the platform custom rules and behavioral whitelists that don’t sacrifice context, or that kick off remediation actions for every attack.
On the antivirus side of the equation, Cybereason prevents malware, ransomware, and file-less attacks in part by analyzing binaries for hundreds of different warning signs, including (but not limited to) rapid file encryption, removal of backups, and modifications to the master boot record. The subscription-based Replay tool allows for historic event investigations without impacting performance, and it provides filters and functions to correlate anomalies affecting users or machines going back months or years.
Customers who take advantage of Cybereason’s managed service gain access to an external monitoring team that investigates the scope of intrusions and recommends courses of action (e.g., cleaning malware, killing processes, deleting registry keys, quarantining files, and more). Said team is able to find and resolve misconfigured services and detect the presence of critical security updates, and to examine environments for removable services and ensure password policies are up to date. For issues that aren’t routine, they perform investigations and intrusion analyses in addition to reverse engineering and root cause evaluations.
In a February 2019 test conducted by the nonprofit MITRE Corporation, which manages federally funded research and development centers supporting U.S. government agencies, Cybereason’s suite bested competitors on the ATT&CK framework, a freely accessible knowledge base of cybersecurity tactics. Moreover, Cybereason claims that in the case of one client, its platform decreased the false-positive rate from 99% to 1%.
Cybereason has no shortage of competition in a cybersecurity market that’s anticipated to be worth $300 billion by 2024. SentinelOne, a startup specializing in autonomous endpoint protection, raised $120 million in June from a raft of investors including Redpoint Ventures and NextEquity. More recently, Expel nabbed $40 million for its risk-monitoring and security information, event management, and automated endpoint security solution. And in late July, Trinity Cyber raised $23 million for threat-combating products that combine detection with “adversary inference.”
But it’s clearly doing something right. Cybereason claims that it currently protects millions of endpoints across companies including Motorola, Flowserve, and Oschener Bank, among other name brands.
“Cybereason plays a leading role in helping companies manage cybersecurity risks and protect people’s information,” said SoftBank Group chief operating officer Marcelo Claure. “AI-driven technology like Cybereason’s is helping secure our increasingly connected world.”