Response Orchestration

Eliminate Malicious Activity and Presence
from all Parts of the Environment

Request a Demo

The Challenge

Successful cyberattack entails the remote control of endpoints, stealth of user account credentials, running malicious processes and generating traffic to the attacker’s premises.

The Solution

Cynet is the only solution to provide incident response tools for cross-environment remediation: infected hosts, compromised user accounts, malicious processes and attacker-controlled network traffic.

Pre-built Remediation

Cynet provides a pre-built remediation toolset for each entity type: file, host, network and user.

With these pre-built remediation and incident response tools, Cynet accelerates and optimizes incident response workflows, equipping security teams with full remediation arsenal without ever needing to shift from Cynet’s console.

Pre-Built Remediation Use Cases

User

Cynet detects anomalous login attempt

Disable the user locally on the host using Cynet’s built in Disable User remediation.

Network

Cynet detects a host initiating suspicious traffic to unknown external address.

Block traffic from this host to the address using Cynet’s built in Block Traffic remediation.

Host

Cynet runs IOC search and discovers malicious service running on host.

Cynet enables to surgically remove the service without need to isolate the entire host with its built in Delete Service remediation.

File

Cynet detects a suspicious file running on host.

Remove the file for further investigation using Cynet’s built-in Quarantine File remediation.

Man in the Middle

Cynet detects a Man in the Middle.

Flush the infected host’s DNS cache with Cynet’s built-in DNS Remediation.

Trojan Malware

Cynet’s investigation reveals live trojan malware running on a host.

Due to the threat’s criticality, the host is removed from the network with Cynet’s built-in Isolate Host remediation.

Custom Remediation

Cynet can expand its pre-built remediation and combine them with user-cerated scripts that communicate with core environment components such as firewalls and active directory as part of a large scale response orchestration workflows.

Custom Remediation Use Cases

Block IP on Firewall

Cynet detects a host initiating suspicious traffic to an unknown external address

Using Cynet Response Orchestration, the responder crafts a custom remediation that combines the built-in host isolation and a script that instructs the firewall to block all traffic to and from the address

Traffic to and from the malicious address is now blocked for all the environment

Disable User on Active Directory

Cynet detects suspicious user logon to a data base, indicating a compromised user account.

Using Cynet Response Orchestration, the responder crafts a custom remediation that combines the built-in host isolation and a script that instructs the Active Directory to disable this user account.

The compromised user account is now globally disabled from logging in to any host in the environment

Continuously Elevate Response Workflows
with Automated Playbooks

Cynet empowers responders to accelerate their workflows by defining automated response playbooks for various attack scenarios. Any pre-set or custom remediation action can be saved as a playbook either by itself, or chained with other remediation actions. Cynet automated playbooks ensure that manual response will take place only when necessary.

Detected Threat

Cynet raises an alert on suspicious activity within the environment, providing responders with the tools and context to investigate the incident’s scope and impact

Manual Remediation

The responder uses Cynet’s preset or custom remediations to fully eliminate malicious presence and activity from the environment

Setting Playbook

Save all the remediation actions that were used as a playbook to automate response in future occurrences

watch cynet in action

Request a Demo

The Cynet 360 Platform

Cynet Response Orchestration is a native part of Cynet 360, the only security platform that protects the entire environment, users, network, files and hosts by integrating the following technologies: