Question Finding a Cybereason reseller

[ShenguiTurmi]

I've been very interested in Cybereason's products lately. Not only do they useowned machine learning and have Bitdefender's engine under the hood, and their EDR visibility rate is also in the top tier of MITRE testing.

But unfortunately, I contacted a few resellers I found on my own and they either no longer sell CR or just want to sell fully managed solutions. @Trident previously helped me find two UK reseller, but neither of them responded to my emails.

I wonder if anyone knows of an easy to close deal reseller like cyberforce that also represents Cybereason products, thanks immensely.

 

[ShenguiTurmi]

@Trident
Thinking it was time to give up on the cybereason, I reached out to a Japan reseller, but was thrown a bucket of cold water.

Q.
ライセンスの価格はどのように算出されますか？
A.
デバイスライセンスとなりますので、OS数に単価を掛けたものがご契約いただくライセンス費用になります。 なお、最低購入数量は300ID（300デバイス）からとなります。

Q.
How is the price of a license calculated?
A.
Since it is a device license, the license fee is calculated by multiplying the number of OS by the unit price. The minimum purchase quantity is 300 IDs (300 devices).

 

[[correlate]]

@Trident
Thinking it was time to give up on the cybereason, I reached out to a Japan reseller, but was thrown a bucket of cold water.

Q.
ライセンスの価格はどのように算出されますか？
A.
デバイスライセンスとなりますので、OS数に単価を掛けたものがご契約いただくライセンス費用になります。 なお、最低購入数量は300ID（300デバイス）からとなります。

Q.
How is the price of a license calculated?
A.
Since it is a device license, the license fee is calculated by multiplying the number of OS by the unit price. The minimum purchase quantity is 300 IDs (300 devices).

In this way, they set an incapacitating condition and guarantee the sale to the companies .

 

[Trident]

@ShenguiTurmi you merely wanna try it out of curiosity. The drama with looking for a reseller is not needed and so is the product.

 

[ShenguiTurmi]

@ShenguiTurmi you merely wanna try it out of curiosity. The drama with looking for a reseller is not needed and so is the product.

I would really buy it, but only if they made an offer that allowed me to buy, like 10u 20u I would be willing to pay for them, like I did for DeepInstinct and CrowdStrike, but 300u I definitely wouldn't buy

 

[simmerskool]

In this way, they set an incapacitating condition and guarantee the sale to the companies .

yes, but there's 60,000 users at MT surely we can find 300...

 

[Trident]

yes, but there's 60,000 users at MT surely we can find 300...

The transition should be carried out at once so this gives you 2 options:
1. Collaborate with 300 users whose faces you don’t see and rely on them to provide you with timely, legitimate payment.
2. Purchase 300 licenses and try to resell, which is risky, you may end up having 295 units timing out for nothing.

Both are not feasible.

 

[simmerskool]

The transition should be carried out at once so this gives you 2 options:
1. Collaborate with 300 users whose faces you don’t see and rely on them to provide you with timely, legitimate payment.
2. Purchase 300 licenses and try to resell, which is risky, you may end up having 295 units timing out for nothing.

Both are not feasible.

ok nevermind

 

[simmerskool]

PS MT Bot thinks: Both DeepInstinct and Cybereason offer advanced threat protection and detection capabilities using artificial intelligence and machine learning algorithms. However, DeepInstinct focuses on a proactive approach to security by detecting and preventing threats at the pre-execution stage, while Cybereason prioritizes incident response and mitigation after a threat has already infiltrated a network. Ultimately, the better choice depends on your specific security needs and preferences.

 

[Zero Knowledge]

From experience dealing with resellers when I bought Cylance back in the day it never works out.

I wouldn't do it again unless it was supplied by work/employer, and it's a waste of money buying a managed seat from a reseller, and you will never get the full benefits of the software or full control which you desire.

I know you want to try out Cybereason for curiosity's sake, but I would just move on and try and find other software you can play with without restrictions or ridiculous seat limits.

 

[simmerskool]

From experience dealing with resellers when I bought Cylance back in the day it never works out.

I wouldn't do it again unless it was supplied by work/employer, and it's a waste of money buying a managed seat from a reseller, and you will never get the full benefits of the software or full control which you desire.

I know you want to try out Cybereason for curiosity's sake, but I would just move on and try and find other software you can play with without restrictions or ridiculous seat limits.

I had same experience with Cylance at Cyberforce circa 2017; however, my current experience with DeepInstinct at Cyberforce is much better, ie, very good, so good made me wonder about Cybereason. (why they don't have it) I manage the entire Di console (best I can tell) and Cyberforce techs respond to Di questions quickly, with good insight. No Di issues & no questions the past week. I still need to finish Di admin guide, or should finish it.

 

[ShenguiTurmi]

I had same experience with Cylance at Cyberforce circa 2017; however, my current experience with DeepInstinct at Cyberforce is much better, ie, very good, so good made me wonder about Cybereason. (why they don't have it) I manage the entire Di console (best I can tell) and Cyberforce techs respond to Di questions quickly, with good insight. No Di issues & no questions the past week. I still need to finish Di admin guide, or should finish it.

cyberforce is the best reseller I've ever met to communicate with, an employee of a company I manage on behalf of didn't want to use deepinstinct (because they had their own thing and I couldn't force them, I was just helping them take care of some security issues), then he saw your reply, he went and contacted cyberforce and cyberforce was very quick to give him a quote, he paid $66 then got 1 device of cylance protect+optics.

 

[Origami_Alpha]

cyberforce is the best reseller I've ever met to communicate with, an employee of a company I manage on behalf of didn't want to use deepinstinct (because they had their own thing and I couldn't force them, I was just helping them take care of some security issues), then he saw your reply, he went and contacted cyberforce and cyberforce was very quick to give him a quote, he paid $66 then got 1 device of cylance protect+optics.

Hi, boss

 

[NormanF]

Enterprise security software usually is priced at minimum of multiple licences you need to buy. If you're a business, that's probably what you want.

If you're a home user or a small businessperson, forget it. They won't even sell to you!

 

[Trident]

Enterprise security software usually is priced at minimum of multiple licences you need to buy. If you're a business, that's probably what you want.

If you're a home user or a small businessperson, forget it. They won't even sell to you!

Apart from the obvious revenue, forecast and other financial reasons, this is done also to protect the software from attackers obtaining a copy. Frequently enterprise software reveals extremely detailed information what APIs are monitored and how the whole detection was produced, which can be useful to create evasion methods. It becomes more difficult when only legitimate businesses have access.

 

[WhiteMouse]

Apart from the obvious revenue, forecast and other financial reasons, this is done also to protect the software from attackers obtaining a copy. Frequently enterprise software reveals extremely detailed information what APIs are monitored and how the whole detection was produced, which can be useful to create evasion methods. It becomes more difficult when only legitimate businesses have access.

So, security through obscurity

 

[Trident]

So, security through obscurity

Not really through obscurity, more like proper authorisation. Home AVs hide a lot of information for a reason. For example the Avast IDP when it still was Norton AntiBot and AVG IDP used to display all factors of why a process is classified as malicious. At one point they realised this helps attackers create better malware and suspended showing these details.

 

[ShenguiTurmi]

Apart from the obvious revenue, forecast and other financial reasons, this is done also to protect the software from attackers obtaining a copy. Frequently enterprise software reveals extremely detailed information what APIs are monitored and how the whole detection was produced, which can be useful to create evasion methods. It becomes more difficult when only legitimate businesses have access.

Sometimes obscurity can increase security, but this does not seem to be the case for cybereason, who use the Bitdefender engine. Although they have their own EDR, having such strict purchase conditions for EPP doesn't seem reasonable to me.
Obviously, I could go and buy a copy of Bitdefender to try and bypass their static engine...
As for machine learning, I could use VirusTotal...
In summary, I don't think their obscurity provides much more security in terms of EPP.

 

[Trident]

Sometimes obscurity can increase security, but this does not seem to be the case for cybereason, who use the Bitdefender engine. Although they have their own EDR, having such strict purchase conditions for EPP doesn't seem reasonable to me.
Obviously, I could go and buy a copy of Bitdefender to try and bypass their static engine...
As for machine learning, I could use VirusTotal...
In summary, I don't think their obscurity provides much more security in terms of EPP.

You can use Bitdefender as well as you can use VirusTotal. Both won’t help if you were an attacker as VirusTotal detections are frequently different (sometimes for better, sometimes for worse) and Bitdefender will just throw a trojan.genericKD.xxxxx at you. VT is also a threat intelligent portal so attackers avoid it, they mostly use Joti. You also won’t really be sure why Bitdefender detects. If you look around in the EDR you will see API calls and others. Maybe you will try to do it via different api calls. Or if you see a detection from the sort of Gen.PowerShell.Hidden.B (this is a real name I’ve seen), maybe you can try not hiding the PowerShell window, who understands what’s on there anyway. Where emulations are involved, the attacker won’t be able to test it and see if there is detection or which Yara signatures triggered it.

So in any case, providing the software just to authorised businesses has some benefit in terms of preventing bypasses as well as exploits. The attacker won’t pay this money just to obtain a copy for trial and error.

 

[NormanF]

You can use Bitdefender as well as you can use VirusTotal. Both won’t help if you were an attacker as VirusTotal detections are frequently different (sometimes for better, sometimes for worse) and Bitdefender will just throw a trojan.genericKD.xxxxx at you. VT is also a threat intelligent portal so attackers avoid it, they mostly use Joti. You also won’t really be sure why Bitdefender detects. If you look around in the EDR you will see API calls and others. Maybe you will try to do it via different api calls. Or if you see a detection from the sort of Gen.PowerShell.Hidden.B (this is a real name I’ve seen), maybe you can try not hiding the PowerShell window, who understands what’s on there anyway. Where emulations are involved, the attacker won’t be able to test it and see if there is detection or which Yara signatures triggered it.

So in any case, providing the software just to authorised businesses has some benefit in terms of preventing bypasses as well as exploits. The attacker won’t pay this money just to obtain a copy for trial and error.

What if an attacker is a criminal organisation easily able to afford an endpoint security product? A software vendor or software reseller has no way to know the identity of an intended buyer or the end use. There will always be ways to obtain such software.