Startups > Cybereason

Cybereason

Cybereason helps enterprises detect and respond to advanced cyber threats across all endpoints.

Venture Round $938M total Founded 2012 La Jolla, California 671 employees

Cybereason is a cybersecurity platform combining EDR (Endpoint Detection and Response), XDR (Extended Detection and Response), and next-gen antivirus to detect and remediate threats across endpoints, servers, cloud workloads, and networks. Founded by Israeli Unit 8200 veterans, the platform uses behavioral analysis and cross-machine correlation to identify complex attacks with exceptional accuracy. The company has achieved perfect scores in MITRE ATT&CK evaluations and is trusted by Fortune 500 companies including Lockheed Martin. It differentiates through deep expertise in offensive cyber operations translated into defensive capabilities, enabling threat hunting and root cause analysis at scale.

Problem solved

Security teams struggle to detect sophisticated, multi-stage attacks across distributed endpoints and correlate threat signals in real-time, leading to extended dwell times and breach impact.

Target customer

Enterprise organizations and Fortune 500 companies with 10,000+ endpoints requiring advanced threat detection, incident response capabilities, and compliance needs; particularly defense contractors, financial services, and large tech companies.

Website LinkedIn Crunchbase Twitter / X

Founders

Lior Div

CEO & Co-founder

Commander in Israeli Unit 8200 with expertise in cyber offensive operations, forensics, reverse engineering, and malware analysis; led some of the largest cyber campaigns against nations and cybercrime groups.

Yonatan Striem-Amit

CTO & Co-founder

Former CTO of Cybereason; AI and incident response expert now building new ventures with Lior Div.

Yossi Naar

Chief Visionary Officer & Co-founder

Unit 8200 background; focuses on company vision and strategic direction.

Funding history

Series A $4.6M February 2014 Led by Charles River Ventures · None mentioned

Series B $25M May 2015 Led by Spark Capital · Charles River Ventures, Lockheed Martin

Series C $59M October 2015 Led by SoftBank Group · Charles River Ventures

Series D $100M June 2017 Led by SoftBank Group · None mentioned

Series E $200M August 2019 Led by SoftBank Group · SoftBank affiliates

Series F $275M July 2021 Led by Liberty Strategic Capital · None mentioned

Series F (Extended) $50M October 2021 Led by Google Cloud · None mentioned

Series G $100M April 2023 Led by SoftBank Group · None mentioned

Series H $120M March 2025 Led by SoftBank Corp. · SoftBank Vision Fund 2, Liberty Strategic Capital

Total raised: $938M

Industries

Artificial Intelligence (AI) Cyber Security Enterprise Software Intrusion Detection Network Security

Pricing

Tiered model with four plans: Professional, Business, Enterprise, and Ultimate. Estimated to start at $50 per endpoint per month, scaling down with volume. Enterprise pricing is custom. As of 2021, company reported $120M+ ARR with 200% YoY growth.

Notable customers

Lockheed Martin, SoftBank Corp., Wipro

Integrations

Google Cloud, Lockheed Martin (reseller), cloud workloads, network security tools

Tech stack

GSAP (JavaScript frameworks) ScrollMagic (JavaScript libraries) jQuery (JavaScript libraries) core-js (JavaScript libraries) Bulma (UI Frameworks) animate.css (UI frameworks) Wistia (Video players) Open Graph HTTP/3 DocuSign HubSpot CMS Hub (CMS) HubSpot Analytics (Analytics) Matomo Analytics (Analytics) Google Analytics (Analytics) Cloudflare Bot Management (Security) Imperva (Security) HSTS (Security) Ionicons (Font scripts) Typekit (Font scripts) Google Hosted Libraries (CDN) Cloudflare (CDN) HubSpot (Marketing automation) Google Tag Manager (Tag managers) OneTrust (Cookie compliance)

Website

cybereason.com/

Competitors

CrowdStrike

Larger market presence and broader ecosystem, but Cybereason differentiates through superior behavioral analysis and cross-machine correlation for complex threat detection.

Carbon Black

Traditional EDR player with solid market share, but Cybereason's XDR capabilities and 100% MITRE ATT&CK scores provide more comprehensive threat visibility.

Hexnode

Mobile-first focus with lighter weight, whereas Cybereason targets enterprise-grade advanced threat hunting and incident response.

Why this matters: Cybereason represents a rare case of founders with world-class offensive cyber expertise (Unit 8200 veterans) building defensive tools that achieve perfect scores in independent evaluations. With $938M in funding from SoftBank, Google, and Liberty Strategic Capital, plus marquee customers like Lockheed Martin, the company is shaping enterprise endpoint security standards and proving that behavioral analysis beats signature-based approaches.

Best for: Enterprise organizations with complex security environments, high-risk infrastructure, and incident response teams that need automated root cause analysis and real-time threat correlation across 10,000+ endpoints.

Use cases

Advanced Threat Detection at Scale

A defense contractor with 120,000+ endpoints uses Cybereason to automatically correlate behavioral signals across machines and identify sophisticated multi-stage attacks in real-time. The platform's 1:200,000 analyst-to-endpoint ratio means security teams can manage massive deployments without proportional staffing increases.

Incident Response and Root Cause Analysis

When a breach is detected, Cybereason automates the investigation by showing a clear timeline and path of the threat across email, endpoints, servers, cloud workloads, and networks. Analysts can instantly remediate by killing processes, isolating machines, and removing persistence mechanisms without manual hunting.

Compliance and Regulatory Reporting

Financial services firms use Cybereason's visibility and logging to demonstrate compliance with SOC 2, HIPAA, and other regulations by providing detailed forensics and audit trails of all endpoint activity and threat responses.

Alternatives

CrowdStrike Falcon Market leader with broader integrations and larger customer base, but Cybereason's behavioral analysis and perfect MITRE scores may offer better detection for complex, slow-moving attacks.

Microsoft Defender for Endpoint Native integration with Windows and Microsoft ecosystem at lower cost, but Cybereason excels in cross-machine correlation and advanced threat hunting for non-Microsoft environments.

Palo Alto Networks Cortex XDR Broader platform with network and cloud-native protections, while Cybereason specializes in endpoint-centric threat correlation and behavioral analysis.

FAQ

What does Cybereason do? +

Cybereason is an endpoint security platform that combines EDR, XDR, and next-gen antivirus to detect and respond to advanced threats across endpoints, servers, cloud workloads, and networks. It uses behavioral analysis and cross-machine correlation to identify complex attacks automatically, then provides automated root cause analysis and instant remediation capabilities.

How much does Cybereason cost? +

Cybereason offers four tiers (Professional, Business, Enterprise, Ultimate) with per-endpoint pricing estimated to start at $50/month and scale down with volume. Enterprise deployments require custom pricing. The company reported $120M+ ARR in 2020 with 200% YoY growth as of 2021.

What are alternatives to Cybereason? +

Top alternatives include CrowdStrike Falcon (market leader with broad integrations), Microsoft Defender for Endpoint (cost-effective Microsoft ecosystem option), and Palo Alto Networks Cortex XDR (broader platform with network protections). Cybereason differentiates through superior behavioral analysis and perfect MITRE ATT&CK evaluation scores.

Who uses Cybereason? +

Target customers are enterprise organizations and Fortune 500 companies managing 10,000+ endpoints. Notable public customers include Lockheed Martin (120,000-endpoint deployment and strategic investor), SoftBank Corp., and Wipro. The platform is used by defense contractors, financial services, and large tech companies.

How does Cybereason compare to CrowdStrike? +

Both are leading EDR/XDR platforms, but Cybereason differentiates through superior cross-machine behavioral correlation (1:200,000 analyst-to-endpoint ratio), perfect MITRE ATT&CK scores, and threat hunting expertise rooted in offensive cyber operations. CrowdStrike has broader market presence and integrations; Cybereason excels in detection accuracy for complex attacks.