Cynet review: Integrated breach protection platform for mid-sized organizations

Foreword
If you are a CIO/CISO of a mid-sized organization you know how challenging it is to navigate between multiple security products offerings, your actual security needs and organizational resource constraints. While it is now common knowledge that breach protection is an imperative, the way to reach this goal seems to become increasingly complex.

Cynet is trying to change the security industry with a consolidated breach protection platform that natively integrates proactive IT monitoring and control, attack prevention and detection, and comprehensive response orchestration in a single interface that is fast to deploy and simple to operate. Cynet pioneered the notion of protecting the internal environment as an inseparable entirety – user accounts, files and processes, network traffic and hosts.

Today, sound breach protection entails having advanced protection on the endpoints (examples: Symantec, Crowdstrike, Carbon Black), behavioral monitoring of the network traffic (examples: Darktrace, Microsoft Azure ATP, Vectra Networks,), a proactive vulnerability management tool (examples: Qualys, Tenable) and, in increasing numbers, a managed security service. Cynet consolidates all these offerings and more into a single cohesive platform that provides end-to-end proactive monitoring and control, attack prevention and detection, and response orchestration, backed by a 24/7 SOC to support all aspects of investigation and response. Cynet also offers a 14-day free trial of its platform.

Having all core breach protection built together from the ground up introduces unmatched operational simplicity, providing the security team with a single tool to master and manage, versus the common mainstream of complex multi-product security stacks. Additionally, having all visibility and attack protection technologies natively built from the ground up enables continuous correlation and validation which results in threat coverage that is both wide and accurate, with minimized false positives, as well as security robustness.

Based on our experience, Cynet built the platform to be simple, easy to deploy and use; to provide visibility across the network, endpoints, files and users; to ensure protection against a very wide range of attacks including common, as well as advanced, multi-layered attacks; and to provide a team of security experts available 24/7 complementing the customer’s in-house security expertise.

Platform Capabilities
We now describe in more detail the Cynet capabilities, from deployment to actual use across the environment, providing visibility, attack protection and response.

Deployed in Minutes
Cynet includes very flexible deployment methods: On-premise, IAAS, SAAS, and hybrid mode. Cynet is installed quickly—in just a few minutes. We tried it on a few hundred endpoints. The speed and ease of the installation were impressive.

Proactive Monitoring and Control
Cynet provides full visibility across all parts of the environment: hosts configurations, executed files, network traffic and user activity. Harnessing this visibility in the continuous search for entities that might pose a potential risk enables admins to materially reduce the attack surface of their environments, and render immunity against large portions of attack vectors.

Cynet core monitoring and control functionalities include the following:

• • Inventory management – registered hosts, installed software version, files, user accounts and host configurations.

• • Vulnerability assessment – automated discovery of vulnerable systems and applications

• • File integrity monitoring – defining the state of a fixed file as ‘known good’ and alerting upon any change that is indicative of malicious tampering.

• • Log collection and retention – collecting all authentication and access logs and retaining them for an unlimited length of time.

Attack Prevention and Detection
Cynet natively integrates multiple security technologies:

• • Next-Gen Antivirus – multi-layered protection against file- process-based attack vectors such as malware, exploits, fileless, Macros, LOLbins and scripting tools such as Powershell and WMI. Cynet utilizes machine learning based static analysis, sandboxing, process behavioral analysis, memory monitoring, fuzzy hashing and over 30 threat intelligence feeds providing protection against commodity and advanced malware alike.

• • Endpoint Detection & Response – detection of attacks that manifest in anomalous process behavior, indicating post-compromise malicious presence and activity at various stages of the cyber kill chain, coupled with automated triage and multiple tools for rapid and efficient investigation of the attack’s root cause, scope and impact, as well as analysis of suspicious files.

• • Network Analytics – detection and prevention of network-based attacks in various attack stages such as port scanning, ARP poisoning, DNS responder, SMB-based lateral movement and tunneling-based data exfiltration. Cynet utilizes various threat intelligence feeds to blacklist IPs and domains that are associated with malware distribution or phishing sites.

• • User Behavior Analytics – continuous monitoring of user activity and real-time risk score assignment that triggers an alert upon performance of anomalous activity that might indicate a compromised user account. User activity policies can be configured to alert upon risky or unusual behavior.

• • Deception – planting various types of false tokens across the protected environment -decoy files, passwords, network shares, RDP, URL and ODBC connection. Once an attacker is lured to interact with any of the decoys, an alert is fired containing various metadata on the attacker’s location and activities.

Response Orchestration
Adequately responding to discovered active threats entails the ability to remove any sort of malicious presence and activity, as well as interact with infrastructural components of the environment, such as firewalls, proxies and Active Directories, to expand the response workflow to apply to the entire environment.

Cynet provides the following response capabilities:

• • Preset remediations – essential building blocks for immediate, local response.
    o File/process- delete file, quarantine file or kill process.
    o User account – disable and enable the user locally on the host.
    o Host – isolate/ join, delete/disable schedule task, delete/disable service, run script, run command, change IP, restart.
    o Network – block traffic, DNS remediation (flushing DNS cache)

• • Custom remediations – Cynet users can chain together any number of preset remediation actions, as well as upload scripts to communicate with firewalls, proxies or Active Directory. A common example is a script that instructs the firewall to block an IP, or to the Active Directory to disable a user account. A chaining example can be isolate host and block traffic. Scripts and preset actions can be chained together as well.

• • Automated playbooks – playbooks take either preset or custom remediations to automate response to user-defined malicious activity. For example, a definite detection of a compromised user account can trigger a playbook that isolates the host from the network and disables the user account on the Active Directory. Automated playbooks are essential to streamline incident response workflows, enabling the security team to materially scale the volume of incidents they can handle.

CyOps – Security Services
Breach protection is more than technology alone. Cynet backs its breach protection platform with free 24/7 SOC operated by CyOps, an elite team of threat researchers and security analysts that augments and elevates Cynet customers’ in-house security skills.

• Proactive threat hunting – a continuous search for suspicious files and any behavior that might introduce an undetected risk.
• Incident response – in-depth investigation when a live attack is suspected, through full reporting of the attack scope and attributes.
• Threat intelligence – implementing real-time updating of threat knowledge to enrich and expand the scope of Cynet’s detection.

Conclusion
Cynet is oriented to an industry moving from fragmentation to consolidation. Based on our experience, it seems like Cynet has indeed achieved significant steps in that direction.

For organizations that do not have the resources and security expertise of a Fortune 500 company, we see Cynet as the ideal solution – its rapid deployment, single-pane-of-glass approach, and multiple technology capabilities is a real game changer.

Request a personal walkthrough of the platform

The content for this review was provided by Cynet.  IT World does not accept payment for reviews.