Forensic Investigations

“Adding technology alone won’t stop Advanced Persistent Threats. An effective strategy must include improvements in your forensics and incident response (IR) capabilities.” — Gartner

Use Case:  Forensic Investigations


IT security teams get a broad package of critical, ready-to-go capabilities with the Cynet 360 platform. In addition to Endpoint Detection and Response, User and Entity Behavior Analytics, network traffic analysis and file analysis, the platform provides advanced Forensic Investigation capabilities.  Alerts, threats and their associated processes can be easily viewed and tracked within the friendly Cynet GUI.


A Complete Picture with Deep Dive Investigation:
Deep dive investigations allow organizations to quickly identify, hone in on and investigate suspicious incidents, detecting malicious activities on endpoints, within processes, through users and through network traffic data – before the damage is done.


Dynamic or Static Sandbox for Safe Investigations:


IT security teams can isolate and examine suspicious items utilizing the Cynet platform’s static or dynamic sandbox.  The enterprise environment is kept safe, while security staff get a fuller picture of the behaviors of items of that flag their interest.


Cyber SWAT Team 24/7 Expert Monitoring:


Cynet’s Cyber SWAT Team is a team of elite security experts – online all day, every day to actively monitor, assess, prioritize and respond to threats as they develop. Our Cyber SWAT Team can serve as an elastic extension of an organization’s existing SOC, while smaller organizations can leverage it to serve as their frontline SOC. The Cyber SWAT Team gives organizations:

  • Expert monitoring and assessment of organizational traffic and alerts
  • Application of frontline, real-time Threat Intelligence
  • Quick response – investigation, risk ranking, prioritization and remediation
  • A fully staffed SOC at a fraction of the cost


Rapid Incident Response, Full Investigations:


Customers of Cynet benefit from perpetual Incident Response, as part of the Cynet 360 platform. Organizations which are not using Cynet but which believe they are under attack can deploy, begin scanning and get results across thousands of endpoints in under 2-hours. Incident Response offers all Cynet 360 platform capabilities including Forensic Investigations, Threat Intelligence, cyber SWAT team and more.

The Cynet Platform
Make Your Security Simple


The Cynet security platform correlates and analyzes indicators across all fronts of the organization – networks, files, users and endpoints – to establish risk-ranking and hone in on previously unidentified threats.

Establishment of a Baseline

Cynet begins by collecting and then scanning indicators, assessing organizational traffic to define a baseline. These indicators are then used to establish a risk ranking, showing the severity of behavioral anomalies.

Correlation of Indicators

The risk rankings are established following the correlation of indicators across the 4 layers of protection – files, networks, users and endpoints. The indicators are filtered through Cynet’s correlation engine, which checks for anomalies including network configuration changes; suspicious changes in endpoints between scans; system file modifications; suspicious registry changes and other flag-raising activities. Decoys can also be applied for users, files and servers.

Vetting against Security Intelligence

Potential threats are then vetted against Cynet’s security intelligence module, where they are tested against dozens of anti-virus and anti-malware engines, threat reports and zero-day intelligence files. Threats identified as absolute threats are flagged and alerts issued.

 Inspection for Behavior Analysis

Items still appearing suspicious but not yet determined threats are then put through a static and if needed dynamic (sandbox) inspection. Within the sandbox, the file is executed in the context of the original scenario from which the file was found, indicators are collected during and after execution, including binary files and dependencies, such as DLLs. With this information, malicious behavior can be detected, identifying even difficult to uncover threats.

Cynet – the Total Security Platform

Today organizations must protect and detect on multiple fronts – files, networks, endpoints and users. A comprehensive platform, in which each front is investigated as part of the whole – is essential to achieving true organizational security.


Cynet analyzes files for threats that bypass the security perimeter, infiltrating corporate systems and data files. Attackers piggy-back on the vulnerabilities they discover in files, or in the software that is used to create or open a file, using these weaknesses to insert malicious code into the system.


Cynet exposes attacks on the network such as malicious IP addresses and botnets, password-based attacks, modification of network and server configurations, Denial-of-Service attacks and man-in-the-middle and compromised key attacks. Resulting service outages from these threats result in downtime, lost productivity and brand damage.


Cynet tracks user activities to create a baseline of typical user scenarios including working hours, file access, server access and typical network traffic. User behavior is monitored to uncover anomalies which can hint at attacks geared toward Intellectual Property theft, sabotage of IT systems, fraud, espionage or accidental insider threats.


Cynet scans and monitors endpoints for indicators of compromise that circumvent prevention systems. The platform detects and remediates the spread of advanced malware, Ransomware and other signature-less threats on Windows and Linux endpoints, which are often the hidden doors for hackers looking to break into critical systems.