Use Case: Incident Response
The Cynet 360 Advanced Threat Detection and Response platform is a work horse for incident response teams. Today’s threats are complex and multi-staged, with continually changing variants that bypass traditional controls.
Using an adversary-centric approach to detection, and visibility of indicators on endpoints, user behavior, files and network communications, Cynet puts together the complete picture of an attack operation, precisely pinpointing when, where, and what threats are lurking, and the details behind them.
Because of its access to the endpoint, responding to confirmed threats via automatic or manual remediation can be done, providing enterprise security teams a powerful yet simple way to detect, disrupt and respond to advanced threats before they can do damage.
Single-click response actions include:
- Blocking of users or killing of processes
- Verifying files with dynamic analysis (sandbox)
- Changing IP or blocking traffic
- Deleting files
- Restarting hosts, changing passwords
This can be accomplished manually, if it fits into your security workflow, or automatically if quick remediation is needed, like in the case of in-memory attacks or ransomware.
Cynet records threat indicators over time for complete forensics, allowing for deeper understanding and actionable intelligence of attack operations for investigators.
Cynet – Advanced Detection and Response Platform
Today organizations must protect and detect on multiple fronts – files, networks, endpoints and users. A comprehensive platform, in which each front is investigated as part of the whole – is essential to achieving true organizational security.
Cynet analyzes files for threats that bypass the security perimeter, infiltrating corporate systems and data files. Attackers piggy-back on the vulnerabilities they discover in files, or in the software that is used to create or open a file, using these weaknesses to insert malicious code into the system.
Cynet exposes attacks on the network such as malicious IP addresses and botnets, password-based attacks, modification of network and server configurations, Denial-of-Service attacks and man-in-the-middle and compromised key attacks. Resulting service outages from these threats result in downtime, lost productivity and brand damage.
Cynet tracks user activities to create a baseline of typical user scenarios including working hours, file access, server access and typical network traffic. User behavior is monitored to uncover anomalies which can hint at attacks geared toward Intellectual Property theft, sabotage of IT systems, fraud, espionage or accidental insider threats.
Cynet scans and monitors endpoints for indicators of compromise that circumvent prevention systems. The platform detects and remediates the spread of advanced malware, Ransomware and other signature-less threats on Windows and Linux endpoints, which are often the hidden doors for hackers looking to break into critical systems.