Malicious Activity Models

Cybereason comes pre-configured with a library of models that look for malicious activities and identifies tools, tactics and procedures attackers use when executing hacking campaigns. This frees you from spending weeks configuring and tuning rules.

Malware models

Malware models

These models look for the tell-tale signs of known and unknown malware, malicious tools, and zero-day exploits that attackers use to get an initial foothold in your environment.
Command and control models

Command and control models

Spot network traffic from your environment to command and control servers controlled by your adversaries. Cybereason command and control detection models identify behaviors such as domain generation algorithms (DGA).
Lateral movement models

Lateral movement models

These models identify attackers trying to expand their foothold in your environment by using legitimate tools, a method that traditional security programs cannot detect.
Privilege escalation models

Privilege escalation models

These models examine user and process behavior to identify the attacker's attempt to gain a higher level of access to resources in your environment.
Data exfiltration models

Data exfiltration models

These models identify the attacker's attempt to exfiltrate data or cause other types of damage in your environment.
Ransomware models

Ransomware models

These models identify malware that encrypts files in attempt to extort money from users.