Cybereason saves hours of manual work and achieves a more secure environment

Secure Developer On-Demand Access to Production Resources at Scale

Cybereason – Case Study

Cybereason is a leader in endpoint protection, offering endpoint detection and response, next-generation antivirus, managed monitoring and IR services. Cybereason gives enterprises the upper hand over cyber adversaries.

Head Count



Boston, Tel Aviv, London, Tokyo

The Challenge:
Secure GCP and F5 Production
Access at Scale

Cybereason sought a solution to automate their existing manual process for dynamic permission management in GCP services and to F5 customer environments.

We were looking for a solution that will help us in an easy way to improve the auditing process and the current process of access management, reducing the risk and the attack surface.

Roy Ido
Information Security Manager @Cybereason

Apono allows us to generate temporary permissions upon request on a very granular set of restrictions, delivering huge value to the business by reducing the manual provisioning phase and optimizing the day-to-day work of multiple teams, including the R&D operations and security teams. The product itself is very easy to use from both admin and user side, and it is very flexible.

Alan Idelson
Chief Information Security Officer @Cybereason

The Apono Solution:
Just-in-Time Access

Apono’s solution empowered Cybereason to streamline their workflows by eliminating the need for manual intervention. Cybereason wanted to ensure that access to GCP services and machines in F5 was granted only temporarily and with a high level of granularity. Previously, achieving this level of detail required hours of work on a weekly basis. However, with Apono’s automated permission management platform in place, Cybereason was able to effortlessly manage and enforce temporary access permissions with the desired level of granularity.


Just-in-Time (JiT) On-Demand Access

Access that is tailored to the task at hand in both granularity and duration by issuing just-in-time permissions that can be revoked after a pre-defined period or when a task has been completed. Simplifying granting, changing, and revoking permissions directly from the company Slack.


Contextual Automatic Access Workflow

Developer context-aware incident response and on-call automated permissions workflow leveraging the Apono PagerDuty integration.


Continuous Access Monitoring & Conversion to Auto-Revoked Policies

Monitor unused access and over-privileges and turn to “Just-in-Time”, “Just Enough” permissions.