We present a hands-on review tutorial on the Cynet Autonomous Security Platform to block all types of security attacks on any network.
Cynet is changing the face of the security industry with the first Autonomous Security Platform that consolidates all aspects of internal environment protection in a single interface.
The autonomous platform is threat-agnostic, converging all technologies and capabilities (including endpoint protection, EDR, network analytics, UBA, and vulnerability management) to answer the visibility, prevention, detection, and response needs of an any-sized organization.
At the same time, it is very easy and intuitive to deploy and manage. With that, the platform eliminates the need for complex multi-product security stacks, as well as the dependency on a highly-skilled security workforce.
Table of Contents:
Cynet Autonomous Security Platform
Cynet builds a simple platform which is easy to deploy and use.
It provides broad visibility across the network, endpoints, files, and users; protects against a very wide range of attacks including common as well as advanced, multi-layered attacks; and provides a team of security experts available 24/7 which in turn complements whatever expertise you have in place.
Fast & Easy Deployment
Cynet includes very flexible deployment methods: On-premise, IAAS, SaaS, and hybrid mode.
We evaluated Cynet using their SaaS version with a free trial across a broad spectrum of capabilities i.e. deployment, visibility, prevention, detection, and response.
Cynet was installed quickly in just a few minutes. We tried it on a few hundred endpoints. The speed and ease of the installation was extremely remarkable.
Complete Environment Visibility: Host, Network, User, File
Once installed, Cynet starts by mapping the entire internal environment: host configurations, executed files, network traffic, and user activities. Cynet takes its broad view to correlate and connect behaviors, evidence, indicators, and anomalies to detect attacks.
Very quickly, you get a dashboard of everything Cynet has uncovered.
Figure 1: Cynet Dashboard
Within minutes, we could already see all the live hosts.
Figure 2: Asset List
The immediate value that Cynet provides is its comprehensive visibility into the organization, including network sources and destinations, installed applications, host inventory, and unpatched vulnerabilities.
Cynet provides a network display of your internal environment with risky hosts marked in red and is clickable for a deeper look.
Figure 3: Network Map
Other insights provided upon installation are centered around vulnerability management and compliance in 4 main areas:
1) OS Updates: Cynet checks the installed Windows patch and raises an indication if the patches are missing. In addition, Cynet creates an inventory of the installed patches.
2) Unauthorized Applications: Cynet provides a list of blacklisted applications that can be customized and alerts if such applications are found.
Figure 4: Vulnerability Management: Unauthorized Applications
3) Outdated Applications: Cynet checks if a list of outdated application versions is installed, and if so, it alerts if anything is found.
4) Security Policy Validation: Cynet checks if a list of installed agents exists on the endpoints and are currently running and thereby alerts if anything is missing.
In addition, for correlation capabilities, vulnerability management data is available via the “Forensic” screen for creating any type of report, query, etc.
Using the data gathered, Cynet’s Forensics screen immediately allows users to search across files, hosts, users, and sockets. Every object is clickable to easily understand its history.
For example, you can search for common security issues such as users that have not replaced a password, what files are called upon startup, and what applications are running on your endpoints, and you can look for unauthorized access to applications using network visibility.
Figure 5: A list of hosts that were not updated over a specific period of time.
Figure 6: All files are running on a system start-up.
Figure 7: All users who haven’t changed their password during a specific period and logged in over the last week.
Figure 8: Save the search as a policy to trigger an alert or for future use.
As a part of the simplicity of the platform, every object is clickable, and once clicked, all data is presented in a simple way on a single timeline, with all the associated history and objects.
Figure 9: Host object including risk score, associated alerts, and all relevant data.
Mature security teams can also leverage all data being collected by Cynet through a fully-documented rest API.
Cynet Prevention
Prevention of Files\Running processes
Cynet utilizes multiple preventative layers to either prevent execution altogether or kill malicious processes during runtime.
- Known Malware – Identify and prevent the execution of malware with known signatures.
- Machine Learning-based NGAV – Analyze files before execution using unsupervised machine learning to discover malicious attributes.
- Threat Intelligence – Over 30 live feeds from various Indicators of Compromise.
- Fuzzy Hashing – Identify files with high similarity to known malware hashes.
- Memory Access Control – Ensure only legitimate processes and can gain access to critical areas in memory.
- Behavioral Analysis – Monitor processes at runtime and terminate upon detection of malicious behavior.
Figure 10: Prevention Example 1, Behavioral Analysis
Figure 11: Prevention Example 2, Memory Monitoring
Prevention of Malicious Network Traffic
Cynet detects a wide range of network-based attacks such as ARP poisoning, DNS responder, tunnelling attacks, and others. Alerts can be configured to apply automated traffic blocking and elevating protection from detection to proactive prevention.
Cynet Detection
Cynet’s approach to security is all about convergence. Namely, it not only brings together detection, correlation and automation but unlike point solutions, Cynet also converges its analysis across endpoints, for users, files, and networks.
In addition to traditional endpoint security, Cynet’s detection capabilities also include EDR, UBA, deception, and network analytics.
While seeing a live demo of the capabilities for the first time, it’s impressive to see the variety of alerts that can be generated such as malicious behavior, exploitation, ransomware, lateral movement, brute force, user login anomalies, DNS Tunnelling, privilege escalation, credential theft and much more.
In turn, these are the results of the multiple detection layers that Cynet includes.
Cynet prioritizes the alerts and makes them easy to understand and act upon by pre-correlating all related objects into a single view of the alert. It helps in highlighting actionable information, presenting additional information and recommendations with a click of a button.
Everything is wrapped in a simple, self-explanatory interface that can be used by anyone with a minimal level of expertise.
Figure 12: Alert
In addition to the comprehensive detection, Cynet claims to have a very low false-positive ratio, as a result of its multi-layered approach.
Cynet Response
Cynet provides advanced and comprehensive response capabilities for hosts, users, files, and networks.
For Example:
- Kill, delete or quarantine malicious files.
- Disable users and run commands.
- Shut down the process or restart the hosts.
- Isolate or block traffic.
Figure 13: Response Capabilities
Automated Response
For each alert that Cynet creates, the user can create and customize his own automatic remediation rule, in order to improve the incident response process and the prevention of real-time threats.
Figure 14: Automated Response
As part of this, Cynet provides a comprehensive rule creation mechanism that allows the user to customize the action according to the organization’s needs, such as: which group to apply the rule, whom to exclude, etc.
In addition, Cynet enables its users to tailor custom remediations, thereby chaining together various remediation actions and uploading scripts that communicate with firewalls, DCs, etc. for a wider response orchestration.
Figure 15: Custom Remediation Configuration
24/7 Security Team
Cynet comes with CyOps, a 24/7 security operations team, at no additional cost to complement the expertise that their customers lack. So what do you get? It’s not a watered-down service that incurs hidden costs if you go above a certain threshold.
It’s a proactive service if there is something that you should care about, a threat you missed, or if you need to perform forensics or hunt for threats when someone contacts you.
Their services include the following:
- Forensics: In the event of an incident, Cynet experts performed a breach post mortem.
- Malware analysis: Cynet malware reverse engineers analyze malware samples to get a full attack life-cycle, origin, and potential impact of malware, by quickly identifying threat actors, motivations and likely targets.
- Threat hunting: Cynet’s crowd-sourced intelligence from the customer ecosystem provides an unparalleled ability to uncover advanced threats across users, endpoints, files, and networks.
Conclusion
Cynet is banking on an industry moving from fragmentation to consolidation. From the looks of what they’ve assembled, they may be onto something big.
For organizations that do not have the resources and security expertise of a Fortune 500 company, Cynet is an ideal solution with its rapid deployment, single-pane-of-glass approach, and multiple technology capabilities which is a real game-changer.
Further Reading =>> Best Ransomware Protection Software Review
What’s next? If your organization is 300 endpoints or less, then you can sign up for Cynet’s SaaS free trial. If your organization is larger, then you can request a demo from Cynet’s website to get a personal walkthrough of the platform.
If you give it a try, feel free to share your questions/experiences with us in the comment section below. We would love to hear from you.
good article
The Cynet Platform is really helpful for blocking all types of security attacks.
Thanks for the guidance, really helpful…
Keep Posting
Thanks a lot for the explanation, very helpful.