YOUR 24/7 MANAGED SECURITY SERVICE

COMPLETE 360 DEGREES OF MANAGED CYBERSECURITY AND SOC AT THE COST OF A STANDARD ANTI VIRUS PROTECTION.

malware

NGAV

Automated prevention of malware, exploits, fileless, Macros, LOLBins and malicious scripts

DETECTION

EDR

Detection and investigation of advanced threats on the endpoints

CONSULTANT ALERT

UBA

Detection and prevention of attacks that involved compromised user accounts

PHISING PASSWORD

DECEPTION

Planting fake passwords, data files, configurations and network connections to lure attackers to reveal their presence

network analytics

NETWORK ANALYTICS

Prevention and detection of network-based attacks

response orchestration

RESPONSE ORCHESTRATION

Manual and automated remediation actions for files, users, host and network

NEXT-GEN ANTIVIRUS

Today’s threat landscape features constant evolution of sophisticated threats. Prevent the execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.

 

WE PREVENT EXECUTION OF MALICIOUS FILES

Integrate threat intelligence with ML static analysis to discover malicious attributes of Trojans, worms exploits and other attack vectors.

SMB SOC prevent malicious files text



Malware / Ransomware / Backdoors / Crypto-miners / Banking trojans / Rootkits / Worms

WE TERMINATE MALICIOUS PROCESS

Apply multiple monitoring vectors to pinpoint behavioral patterns that indicate malicious activity is taking place.

SMB SOC terminate malicious process text



Exploits (documents & browser) / Macros / LOLbins / Powershell & WMI / Scripts / Thread Injections

NEXT-GEN ANTIVIRUS PROTECTION

malware

Known Malware

Identify and prevent execution of malware with known signatures.

warning

Threat Intelligence

Utilize over 30 live feeds of various Indicators of Compromise.

Next generation antivirus
Zero Day Protection
fuzzy hashing

Fuzzy Hashing

Identify files with high similarity to know malware hashes.

memory access control

Memory Access Control

Ensure only legitimate process can gain access to critical areas in memory.

ai static analysis

AI Static Analysis

Analyze files before execution using unsupervised machine learning to discover malicious attributes.

Behavioral Analysis

Behavioral Analysis

Monitor process at runtime and terminate upon detection of malicious behavior.

Behavior Analysis

ENDPOINT DETECTION & RESPONSE

Today’s attackers can easily bypass your prevention measures and utilize tools to operate under the radar.

Continuously monitor your endpoints for active malicious presence to make rapid and efficient decisions that eliminate threats.

SMB SOC EDR

UNMATCHED CONTEXT FOR CLEAR AND ACCURATE ALERTS

CORRELATION

Unlike standard EDR security tools, Cynet leverages the full power of full visibility into network traffic and user activity.

VERDICT

Correlating all these activity signals together enables Cynet’s alert engine to apply strict validation on any suspicious behavior prior to generating an alert.

ALERT

Once the alert is created, Cynet provides all the required context for rapid and efficient, triage, prioritization, and onward steps on a single screen.

RESPONSE POWER KIT

Incident Response

Immediate Action

Apply local host, file, and process remediation - from power tools, such as host isolation, to surgical schedule task deletion.

Custom Remediation

Custom Remediation

Build custom remediation for validated malicious activity to be applied automatically in any future occurrence.

Elevate Protection

Elevate Protection

Use validated IOCs and respective remediation to hunt for threats across the entire environment and disclose hidden attack instances.

Response power KIT

USER BEHAVIOR ANALYTICS

Prevent execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.

User Behavior Baseline
User Behavior Baseline

User Behavior Baseline

Utilize real-time user activity monitoring to achieve a baseline, utilizing the number of hosts they log into, location, frequency, internal and external network communication, accessed data files and executed processes.

Real-Time Activity Context

Real-Time Activity Context

Real-time activity context is achieved through continuous correlation of user activities with other entities’ events, including endpoints, files, and external network locations. This provides rich context in order to determine associated risk.

ENHANCE ACCURACY WITH USER VERIFICATION

Leverage internal knowledge of users’ roles, group, geolocation and working hours to define access patterns to SaaS and on-prem resources that are likely to indicate user account compromise.

Examples include first-time logins to resources, login outside of working hours, login to multiple machines within a short timeframe, etc.

ENHANCE ACCURACY WITH USER VERIFICATION

USER BEHAVIOR ANALYTICS: COMMON SCENARIOS

Real time monitoring of all the interactions users initiate, including hosts that they log into, number of hosts, location, frequency, internal and external network communication, data files opened, executed processes, and many more.

Anomalous login

Anomalous login

User is logged in to his laptop and logs in to a sensitive database.

Multiple Concurrent Connections

Multiple Concurrent Connections

User is logged in to multiple resources within a short timeframe.

New VPN Connection

New VPN Connection

User remotely logs in to a file server via VPN for the first time.

Off Hours SAAS Login

Off Hours SAAS Login

User that typically works on an on-prem desktop logs in remotely to the organization’s Dropbox.

DECEPTION

LURE ATTACKERS TO REVEAL THEIR PRESENCE WITH ADVANCED DECEPTION TECHNOLOGY.

 

Cynet’s deception security supports various types of decoys, to detect threats in various stages of the attack’s lifecycle, including: data files, credentials, and network connections. In each type, the consumption action triggers the alert – login attempt with a decoy password, connection attempt with RDP or URL, and opening a data file.

 

Cynet’s cyber deception provides both off-the-shelf decoy files as well as the ability to craft your own, all while taking into account your environment’s security needs.

Deception

DETECT ATTACKS AT THE CREDENTIAL THEFT STAGE: DECOY PASSWORDS

Passwords are extremely valuable to attackers attempting to expand their foothold within a compromised environment. Cynet crafts and plants text files containing false passwords along attackers’ potential routes. Any attempt to log in with these passwords triggers an alert.
Detect Attacks Decoy Passwords

DETECT ATTACKS AT THE LATERAL MOVEMENT STAGE: DECOY CONNECTIONS

When seeking to expand compromise across the environment to access organizational resources, internal network shares and RDP connections are extremely attractive. Cynet’s decoy connections enable the reliable detection of attackers during the hard –to-detect lateral movement stage.
Detect Attacks Decoy Connections

DETECT ATTACKS AT THE LATERAL MOVEMENT STAGE: DECOY CONNECTIONS

DATA FILES

The attacker’s top object is to get hold of sensitive data – IP, PII, business plans, etc. Cynet crafts and plants decoy data files and links – similar to what attackers would seek in the target organization – and plants them across endpoints and servers in the environment.

Detect Attacks Decoy Data Files

DECOY DATA FILE BEACONING

When an attacker opens a decoy data file at its premise, an alert is triggered and the file sends Cynet the malicious IP address at which it resides.

Detect Attacks Decoy Data Files

NETWORK ANALYTICS

Prevent the execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.

Reconnaissance

Reconnaissance

Gathering information on the attacked environments is a prerequisite for efficient malicious expansion, and is typically executed by any type of port scanning.

Risky Connections

Risky Connections

Active communication with malicious sites includes malware distribution, phishing, and known C2C based on intelligence feeds.

Response power KIT
Credential Theft

Credential Theft

Gaining user account credentials is a key enabler of lateral movement. To achieve that, attackers exploit networking mechanism weaknesses to extract password hashes from intercepted internal traffic.

Lateral Movement

Lateral Movement

For advanced attackers, the first compromised endpoint is merely a mean, not an end by itself. The attack’s true objective resides on other endpoints or the server. There are numerous vectors to spread across an environment, many of which generate unique network traffic.

Data Exfiltration

Data Exfiltration

The final stage in any attack is to exfiltrate compromised data from the internal environment to the attacker’s premises. A common way to evade perimeter defenses is to disguise the exfiltration as a legitimate protocol, such as DNS, HTTPS, etc.

RESPONSE ORCHESTRATION

DATA FILES

Cynet provides a pre-built remediation tool set for each entity type: file, host, network and user.

With these pre-built remediation and incident response tools, Cynet accelerates and optimizes incident response workflows. These tools equip security teams with a full remediation arsenal without ever needing to shift from our console.

RESPONSE ORCHESTRATION

PRE-BUILT REMEDIATION USE CASES

USER

Response Orchestration User

Cynet detects anomalous login attempt.

Disable the user locally on the host using built-in Disable User remediation.

NETWORK

Response Orchestration Nezwork

Cynet detects a host initiating suspicious traffic to unknown external address.

Block traffic from this host to the address using built-in Block Traffic remediation.

HOST

Response Orchestration Host

Cynet runs IOC search and discovers malicious service running on host.

Cynet enables built-in Delete Service remediation to surgically remove the service without needing to isolate the entire host.

FILE

Response Orchestration File

Cynet detects a suspicious file running on host.

Remove the file for further investigation using built-in Quarantine File remediation.

MAN IN THE MIDDLE

Response Orchestration Man in the Middle

Cynet detects a Man in the Middle.

Flush the infected host’s DNS cache with built-in DNS Remediation.

TROJAN MALWARE

Response Orchestration Trojan Malware

Cynet investigation reveals live trojan malware running on a host.

Due to the threat’s criticality, the host is removed from the network with built-in Isolate Host remediation.

BLOCK IP ON FIREWALL

Response Orchestration Block IP on firewall
Cynet detects a host initiating suspicious traffic to an unknown address.
Using Cynet Response Orchestration the responder crafts remediation that combines the built-in host isolation and a script that instructs the firewall to block all traffic to and from the address.
Traffic to and from malicious address is now blocked to all the environment.

DISABLE USER ON ACTIVE DIRECTORY

Response Orchestration Disable user on AD
Cynet detects suspicious user logon to a data base, indicating a compromised user account.
Using Cynet Response Orchestration the responder crafts remediation that combines the built-in host isolation and a script that instructs the Active Directory to disable this user account.
The compromised user account is now globaly disabled from logging in to any host in the environment.
Cynet CREAplus

BREACH PROTECTION ANYWHERE, ANYTIME.

SIGN-UP FOR FREE DEMO