Cyberbit, the wholly owned subsidiary of Elbit Systems, has announced a new version of its adaptive Endpoint Detection and Response (EDR) platform, which now provides advanced and semi-automated threat hunting, centralised response capabilities, and an improved Software Developer Kit (SDK) for detection customisation.
Originally developed to meet requirements of high-risk organisations, Cyberbit's new EDR enhancements help customers decrease threat detection and response times while minimising false positives, drastically improving cyberattack countermeasures and cutting distractions for security teams.
Cyberattacks continue to shift tactics, with hackers launching fileless malware that is undetectable by ransomware safeguards, antivirus and other traditional endpoint protection platforms. Cyberbit EDR's approach detects a broad range of attacks without relying on indicators of compromise (IOCs), including signature-less, fileless and targeted attacks as well as ransomware. The adaptive approach automatically tailors a behavioural detection policy to the customer's organisation, which ensures the highest levels of accuracy based on each environment.
"Cyberbit provides one of the most effective solutions for detecting unknown, signature-less and targeted threats, including fileless attacks and ransomware, by using machine learning and behavioral analytics, enabling quick identification of root cause and response," said Danielle VanZandt, research analyst at Frost & Sullivan. "Cyberbit's approach proved to provide its customers with substantially higher detection and response capabilities, while keeping low false positive ratios. As a result, security teams can focus on high priority alerts and are not distracted and overloaded with false alarms."
The new release includes the following key features:
Analyst in a Box: Analysts often work with fragments of the attack story; using their knowledge and experience, they seek traces of attacks buried in data. Cyberbit's EDR platform assists analysts by automating much of the hunting process, leveraging behavioral analytics and machine learning, which serves as an "analyst in a box," speeding up threat identification and often saving weeks of investigative effort.
SDK and customization: Advanced customers can add proprietary detection algorithms to address their unique security requirements. They can also access the EDR's big-data repository using Application Programming Interfaces (APIs), and use their own functions and tools to proactively investigate and hunt threats.
Centralized response capabilities: well suited for large, dispersed organizations, security managers can access any endpoint in the organization from a central location and rapidly investigate and respond to an incident, which eliminates the need to be physically present at the compromised endpoint.
Adi Dar, CEO of Cyberbit, said, "It takes only one fileless or signature-less attack to bring down an organization; however, these attacks are invisible to endpoint security systems. Customers now understand that this is where they need to focus. Our EDR is gaining traction as one of the most reliable means to protect against advanced attacks, and this new release helps customers stay ahead of new threats and save time with next-generation SOC technology."
Cyberbit was recently named by CRN magazine one of 20 coolest endpoint security vendors for 2017. Cyberbit EDR is the winner of the Frost and Sullivan Technology Leadership Award for Cybersecurity Detection and Response, and the winner of the Network World Asia Reader's Choice Rising Star award for endpoint security. Cyberbit recently announced a contract with Infor to provide its EDR platform.