Cynet adds Incident Engine automated response capability in Cynet 360 V4.0.

Cynet, which offers a breach detection service with a wide range of capabilities, is also branding itself as an XDR vendor with this release, reflecting the fact that the XDR term has come into wide use in the market since they began offering their services.

Today, XDR [Extended Detection and Response] provider Cynet is announcing the  availability of Cynet 360 V4.0, the latest version of their autonomous breach prevention platform. While some elements like their 24/7 Managed Detection have been enhanced, the major new feature is their Incident Engine, an automated response capability that quickly and automatically performs a full incident response workflow, including remediation.

A 2015 startup originally out of Israel, New York-based Cynet makes a breach protection service with broad capabilities.

“Our platform was built with several threat detection technologies incorporated natively into the platform,” said George Tubin, Cynet’s Director of Product Marketing. “We had an EDR focus because we focused on endpoint agents, and we could do more with endpoint agents than just look at endpoint telemetry. We look at network traffic that manifests itself on the network, user entity behavior analytics [UEBA], deception technology and EDR – all baked into a single platform with next generation AV. The first pillar of what we do is put all these control technologies on a single platform, with SOAR-like capabilities, and we spent a lot of time on automation of investigation, remediation, and creating custom playbooks.”

Tubin said that this broad platform capability is something that Cynet has always offered.

“We’ve had this all along, but its been more recent that the analyst community has begun talking about XDR,” he indicated. “So we evolved our positioning and messaging around XDR as XDR became an accepted category. We used to call ourselves EDR with extra capabilities.”

The target market is smaller enterprises and midmarket organizations.

“We don’t go after the Fortune 500, but rather the next level down, companies who have similar issues but who don’t have the resources of the large enterprises,” Tubin stated. “Because of the breadth of our platform, and because we are global, we compete with a huge list of companies, at least a couple dozen. That includes   lot of startups, EDR vendors like CrowdStrike and Carbon Black, and high end vendors like Palo Alto Networks and Cisco, who have very good tools, but still require a lot of integration.”

Cynet has a hybrid Go-to-Market model, but most of their hundreds of customers come through channel partners.

“The channel brings in an extremely meaningful percentage of those customers,” Tubin said. “It is a lot of our business. We have a lot of regional MSPs and MSSPs as partners, and we have a program to help MSPs become MSSPs by white labelling our full service.”

The most significant new capability in the Cynet 360 V4.0 release is the Incident Engine, an automated response capability that produces a visual map of an entire incident investigation and response.

“The Incident Engine takes all these alert signals coming in and does a fully automated investigation and remediation of all aspects of the attack,” Tubin indicated.

In as little as five minutes, the advanced tool automatically performs a full incident response workflow, including root cause analysis, full threat impact determination and remediation.

“No one else we have seen does this,” Tubin said. “It considers that each threat is just the tip of the iceberg. Some companies are too busy chasing alerts around to do further investigations. We recognize that the alert is just the start point for investigation, and this unveils hidden threats that might be overlooked and removes them very quickly before damage can be done.”

The explicit branding around XDR is also new with this release.

Cynet’s CyOps 24×7 detection and response services team is not new, but they are emphasizing it in this release.

“We have a full 24/7 MDR service, a group of cybersecurity experts available to monitor all client environments,” Tubin indicated. “Some MSSPs use it as well, if they don’t operate 24/7, or don’t have our specialized expertise in things like file analysis.”