Today’s threat landscape features constant evolution of sophisticated threats. Prevent the execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.
Apply multiple monitoring vectors to pinpoint behavioral patterns that indicate malicious activity is taking place.
Exploits (documents & browser) / Macros / LOLbins / Powershell & WMI / Scripts / Thread Injections
Identify and prevent execution of malware with known signatures.
Utilize over 30 live feeds of various Indicators of Compromise.
Identify files with high similarity to know malware hashes.
Ensure only legitimate process can gain access to critical areas in memory.
Analyze files before execution using unsupervised machine learning to discover malicious attributes.
Monitor process at runtime and terminate upon detection of malicious behavior.
Today’s attackers can easily bypass your prevention measures and utilize tools to operate under the radar.
Continuously monitor your endpoints for active malicious presence to make rapid and efficient decisions that eliminate threats.
Apply local host, file, and process remediation - from power tools, such as host isolation, to surgical schedule task deletion.
Build custom remediation for validated malicious activity to be applied automatically in any future occurrence.
Use validated IOCs and respective remediation to hunt for threats across the entire environment and disclose hidden attack instances.
Prevent execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.
Utilize real-time user activity monitoring to achieve a baseline, utilizing the number of hosts they log into, location, frequency, internal and external network communication, accessed data files and executed processes.
Real-time activity context is achieved through continuous correlation of user activities with other entities’ events, including endpoints, files, and external network locations. This provides rich context in order to determine associated risk.
Leverage internal knowledge of users’ roles, group, geolocation and working hours to define access patterns to SaaS and on-prem resources that are likely to indicate user account compromise.
Examples include first-time logins to resources, login outside of working hours, login to multiple machines within a short timeframe, etc.
Real time monitoring of all the interactions users initiate, including hosts that they log into, number of hosts, location, frequency, internal and external network communication, data files opened, executed processes, and many more.
User is logged in to his laptop and logs in to a sensitive database.
User is logged in to multiple resources within a short timeframe.
User remotely logs in to a file server via VPN for the first time.
User that typically works on an on-prem desktop logs in remotely to the organization’s Dropbox.
Cynet’s deception security supports various types of decoys, to detect threats in various stages of the attack’s lifecycle, including: data files, credentials, and network connections. In each type, the consumption action triggers the alert – login attempt with a decoy password, connection attempt with RDP or URL, and opening a data file.
Cynet’s cyber deception provides both off-the-shelf decoy files as well as the ability to craft your own, all while taking into account your environment’s security needs.
The attacker’s top object is to get hold of sensitive data – IP, PII, business plans, etc. Cynet crafts and plants decoy data files and links – similar to what attackers would seek in the target organization – and plants them across endpoints and servers in the environment.
When an attacker opens a decoy data file at its premise, an alert is triggered and the file sends Cynet the malicious IP address at which it resides.
Prevent the execution of malicious code by enforcing a chain of interlocking protection layers on executed files and running processes.
Gathering information on the attacked environments is a prerequisite for efficient malicious expansion, and is typically executed by any type of port scanning.
Active communication with malicious sites includes malware distribution, phishing, and known C2C based on intelligence feeds.
Gaining user account credentials is a key enabler of lateral movement. To achieve that, attackers exploit networking mechanism weaknesses to extract password hashes from intercepted internal traffic.
For advanced attackers, the first compromised endpoint is merely a mean, not an end by itself. The attack’s true objective resides on other endpoints or the server. There are numerous vectors to spread across an environment, many of which generate unique network traffic.
The final stage in any attack is to exfiltrate compromised data from the internal environment to the attacker’s premises. A common way to evade perimeter defenses is to disguise the exfiltration as a legitimate protocol, such as DNS, HTTPS, etc.
Cynet provides a pre-built remediation tool set for each entity type: file, host, network and user.
With these pre-built remediation and incident response tools, Cynet accelerates and optimizes incident response workflows. These tools equip security teams with a full remediation arsenal without ever needing to shift from our console.