Better, in more ways than one

Explore the features of the BluSapphire solution as they compare with equivalent features in Securonix

BluSapphire
Cybereason
Architecture
Open data platform with native threat detection functionalities and agentless architecture. Our Big Data lake enables seamless correlation and effortless log ingestion welcoming third-party solution management, making triage through the BluSapphire platform easy. With our multi-tenant architecture, cross-intelligence sharing becomes effortless. Discover our comprehensive in-house threat detection and response functionality.
The architecture primarily focuses on the endpoint, employing an agent-based approach. The acquisition of Empow has empowered Cybereason to establish a security analytics.
Deployment
Sensor, Log Collector - A simple VM or commodity hardware to ingest network traffic.No Firewall ports to open if outbound communication is open for all.Less than 2% of Network bandwidth consumption. BluSapphire's components do not sit in line hence, no risk of outage.
Agent-based functionality is specifically crafted to provide extensive coverage across infrastructure endpoints. In the case of XDR, APIs/ connectors are leveraged to streamline data ingestion and response. However, its usage is confined to the ecosystem and limited to 3rd party technology partnerships only.
Detection
The Comprehensive One platform eliminates security operations silos by seamlessly integrating native threat detection components and consolidating third-party telemetry. With effortless triage capabilities, it incorporates Native Threat detection components built on NBAD, UEBA, EDR, Deception.
While the EDR/ NGAV functionality in Cybereason offers comprehensive visibility and response functions on end points, it falls short in its ability to detect and respond to threats beyond end points in the IT landscape. For instance, it lacks features such as NBAD, Deception, UEBA, SIEM, and others that are crucial. Achieving comprehensive coverage necessitates heavy reliance on third-party products and vendor partnerships, thus making the overall solution a bolt-on function. Additing to it, the platform is extremely hard to tune, resulting in high false positive rates impacting overall efficieny of Security Operations.
Advanced Analytics
The open platform enables seamless data ingestion from any third-party source. BluSapphire's data lake operates on an open schema, ensuring a consistent data structure across different onboarded sources. This common schema facilitates efficient data management and analysis, simplifying the handling of complex data. The horizontally scalable data lake allows unrestricted data ingestion, with no limits commercially on the number of queries or dashboards for analysis and problem-solving purposes.
Cybereason offers good analytics capabilities and supports third-party log ingestion. However, it lacks long-term storage capabilities, which limits your ability to perform in-depth analytics. This is crucial given the current threat landscape and evolving compliance and regulatory requirements. Also, the analytics engine isn't super responsive as it slows down on exeuting mid level queries - which are quite essential for secuirty analysts for quick traige.
Response
Response functions are distributed across various components including endpoints, networks, Active Directory (AD), third-party security, and network devices or applications. There are no restrictions when working with Third Party APIs to execute response functions. REST APIs are available to facilitate seamless data exchange with third-party systems.
Analysts are typically expected to initiate incident response within 30 minutes of an incident. However, there are limitations on the number of third-party functionalities that can be used for executing response functions. These limitations are dependent on the technology partnership ecosystem or the existing built-in response capabilities available through API integration.Unfortunately, Cybereason lacks the ability to perform Security Orchestration, Automation, and Response (SOAR) functions. This means that it is not possible to design response functions based on the specific business context or alert type and ever changing use cases considering changing threat landscape
XDR
The Hybrid XDR solution is built from the ground up with native components along with Third Party integrations,  providing a unified platform to detect malicious signals across cloud, endpoints, users, and networks. By significantly reducing false positives, it greatly enhances the efficiency and effectiveness of security operations.
EDR-driven XDR capability heavily relies on integrating third-party threat detection functionalities to identify malicious signals across the IT landscape. However, these third-party threat detection systems primarily share "Alert Data" and do not provide access to the raw data they analyze to identify anomalies. Consequently, the ability to triage across the organization becomes limited, creating vulnerabilities in the XDR framework and compromising the overall effectiveness of the system.
Threat Hunt
Experience industry-first agent-less hunts directly on hosts. Eliminate the risk of overlooking any artifacts during hunt exercises. Execute hunts guided by the MITRE framework and hypotheses. Create and search for your own indicators/artifacts without limitations. BluSapphire offers meticulously curated threat intelligence from over 110+ sources. You are also free to consume threat intelligence of your choice. Effortlessly conduct hunts on data stored in your data lake.
Hunts are only performed on ingested log data, which limits the overall scope of the hunt. There is also a risk of overlooking important artifacts if the log data is not completely collected, especially considering that a majority of logs are never stored in the data lake. It's important to note that threat hunts are not real-time and do not rely on behavioral analysis.
Remote Forensics
Can fetch remote forensics real time from computer devices while staying completely agentless enabling analysts for analysis and or build assurance.
Limited functionality to fetch live forensics post Incident Response / remediation compromising on assurance. Heavily dependent on agent being present on the compute device for forensics.
Managed Detection and Response
Powered by BluHawk team - offers you a dedicated Point of contact and access to professional analyst, threat hunters, Incident response teams.
Functionality available. However, a boiler plate offering than customised to your business needs.
Unlimited Storage
Offers unlimited hot data storage. In Addition, BluSapphire offers flexibility in storing your data within your AWS S3 / Azure Blurb. Your data, your control at an affordable cost.
Functionality not available.
Contract Flexibility
No Contacting anymore - no lock-in. Pay monthly, move on if you do not like.
Contracts are pushing for a Vendor lock-in.
Time to Value
(Deployment + Tune + Ops Timeline)
Deployment closes in <48 hours, tune up & system operational in 3 days.
Deployment of Agent is pain taking task, on top of it, from XDR point of view - there are limited intergations only. Volume of false positives are way to high, does take high time to fine tune and make operations effective.
Interoperability
Open to work with any existing technology deployed within the organisation. With or without integration. 
Purely limited to the intergations built.
TCO
Low, One platform offers you holistic coverage by identification of threat signals across user, network, cloud.
High, platform offers coverage around End point majorly.
ROI
High, On Average >145%
Data unavailable
Our cyber-detection capabilities increased drastically. Agentless Quarantine has improved our response times
CTO, Large Investment Firm in NYC
Dramatically improved our SOC visibility and response times, while cutting our costs significantly.
VP – Security, Tier II MSSP