Successful cyberattack entails the remote control of endpoints, stealth of user account credentials, running malicious processes and generating traffic to the attacker’s premises.
Cynet is the only solution to provide incident response tools for cross-environment remediation: infected hosts, compromised user accounts, malicious processes and attacker-controlled network traffic.
Cynet provides a pre-built remediation toolset for each entity type: file, host, network and user.
With these pre-built remediation and incident response tools, Cynet accelerates and optimizes incident response workflows, equipping security teams with full remediation arsenal without ever needing to shift from Cynet’s console.
Pre-Built Remediation Use Cases
Cynet detects anomalous login attempt
Disable the user locally on the host using Cynet’s built in Disable User remediation.
Cynet detects a host initiating suspicious traffic to unknown external address.
Block traffic from this host to the address using Cynet’s built in Block Traffic remediation.
Cynet runs IOC search and discovers malicious service running on host.
Cynet enables to surgically remove the service without need to isolate the entire host with its built in Delete Service remediation.
Cynet detects a suspicious file running on host.
Remove the file for further investigation using Cynet’s built-in Quarantine File remediation.
Man in the Middle
Cynet detects a Man in the Middle.
Flush the infected host’s DNS cache with Cynet’s built-in DNS Remediation.
Cynet’s investigation reveals live trojan malware running on a host.
Due to the threat’s criticality, the host is removed from the network with Cynet’s built-in Isolate Host remediation.
Cynet can expand its pre-built remediation and combine them with user-cerated scripts that communicate with core environment components such as firewalls and active directory as part of a large scale response orchestration workflows.
Custom Remediation Use Cases
Block IP on Firewall
Cynet detects a host initiating suspicious traffic to an unknown external address
Using Cynet Response Orchestration, the responder crafts a custom remediation that combines the built-in host isolation and a script that instructs the firewall to block all traffic to and from the address
Traffic to and from the malicious address is now blocked for all the environment
Disable User on Active Directory
Cynet detects suspicious user logon to a data base, indicating a compromised user account.
Using Cynet Response Orchestration, the responder crafts a custom remediation that combines the built-in host isolation and a script that instructs the Active Directory to disable this user account.
The compromised user account is now globally disabled from logging in to any host in the environment
Continuously Elevate Response Workflows with Automated Playbooks
Cynet empowers responders to accelerate their workflows by defining automated response playbooks for various attack scenarios. Any pre-set or custom remediation action can be saved as a playbook either by itself, or chained with other remediation actions. Cynet automated playbooks ensure that manual response will take place only when necessary.
Cynet raises an alert on suspicious activity within the environment, providing responders with the tools and context to investigate the incident’s scope and impact
The responder uses Cynet’s preset or custom remediations to fully eliminate malicious presence and activity from the environment
Save all the remediation actions that were used as a playbook to automate response in future occurrences