Cybereason adds new Cybereason XDR for Cloud Workloads to fully extend detection and response into the cloud

While many Cybereason security partners will be less familiar with cloud concepts and terms, the solution is designed so any Cybereason partner will be able to offer it to customers.

Today, cybersecurity vendor Cybereason is announcing the availability of its new next generation solution, Cybereason XDR for Cloud Workloads. It extends the Cybereason XDR platform to secure cloud workloads and containers at petabyte scale, adding additional protection for cloud workloads which are massively growing in both number and importance. It also breaks down additional siloes, including between SecOps and DevOps teams.

“One of the things we have been seeing in detection and response is that enterprise organizations have siloes, such as detection response for endpoint, for cloud endpoints, and for SaaS,” said Israel Barak, Cybereason’s CISO. “We have been bringing all these together, because attacks don’t discriminate between workstations and clouds. Siloed systems slow down the ability to understand root case and impact, and to roll out a response. With Cybereason XDR for Cloud Workloads, we are announcing the extension of our XDR platform to components related to cloud workloads such as Kubernetes and managed and unmanaged cloud, to extend detection and response into them as well.”

The technological key to this solution is its ability to support Linux without needing to use kernel drivers.

“Cybereason has been doing detection and response for Linux from it early days, and we do this detection and response for Linux without requiring kernel drivers, Barak said. “That enables us to extend it into cloud platforms that are Linux-based in a way that makes deployment very easy across all types of cloud workloads. If your workloads are managed by AWS, you can’t deploy drivers in the same way.”

The Cybereason MalOp Detection Engine processes petabytes of data on a daily basis, enabling security analysts to understand the full impact of a cyberattack in real time.

“It’s a different subject matter,” Barak said. “XDR is a platform that enables us to corelate data and reduce time for detection and response, but when it is cloud specific, expertise is needed that does not impact collection – which equals money. Both are very specific subject matters that require expertise. So what this really is is an extension of our XDR expertise by leveraging our platform.”

Barak said the key here in expanding the addressable market with the new solution isn’t just selling to new customers, but reaching far more endpoints in the cloud with existing customers.

Israel Barak, Cybereason’s CISO

“It’s not just new clients we would be able to reach, but the value we would be able to deliver,” he indicated. “As more and more organizations take more critical business applications into cloud platforms, a growing amount of risks sit on them. This means that more risk needs to be managed on the cloud environment, so this helps them better manage risk. In addition, while the growth in the number of traditional endpoints has been steady, it is relatively low. The amount of endpoint growth in cloud workloads grows exponentially year-over-year, so the total addressable market will expand exponentially.”

Barak also stressed that Cybereason XDR for Cloud Workloads will not require specific cloud background and skills for partners to be able to sell.

“One of the challenges we have seen in the market around partners is that most security people – in the past, but also today – are challenged with understanding how to protect cloud architectures,” he said. “It requires working with DevOps and Cloud operations, and knowing what things are running in the cloud. Those are new for most cloud partners, and their terms are different, and can be hard for them, because security practitioners are not familiar with them. Option number one is to teach them what these are, but that takes time. Option number two is to simplify what is happening and bring it into terms that they are used to. This also means using the same paradigm that security practitioners are used to to extend into cloud platforms. We use the same process that Cybereason partners are used to, and extend the same process and workflows so they don’t have to learn a new subject matter. This means that any Cybereason channel partner would be able to offer this and it doesn’t require specific cloud expertise.”