We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM’s Cost of a Data Breach Report that has been tracking this statistic for years. In the 2021 report, IBM found that, on average, it takes an average of 212 days to identify a breach and then another 75 days to contain the breach, for a total of 287 days.
A new solution overview document provides insights on how XDR provider Cynet tackles the difficult problem of greatly improving threat visibility. Cynet takes a modern approach that includes a greater level of native technology integration and advanced automation purposely designed for organizations with smaller security teams than Fortune 500 organizations. A live webinar will discuss the same topic (Register here)
Cynet’s Keys for Threat Visibility
Einstein said that the definition of insanity is doing the same thing over and over while expecting a different outcome. The old approach to threat visibility involving multiple protection technologies and trying to sift through a sea of alerts and information is obviously not working well. Cynet’s different – and seemingly saner – approach to prevent, detect, and respond to modern-day threats involves several integrated capabilities.
According to the new Cynet solution overview, the following key technologies are used to provide extended threat visibility along with enhanced response capabilities.
Include Multiple Threat Detection Technologies
Cynet includes multiple prevention and detection technologies, all natively orchestrated in the platform:
- NGAV – Fundamental endpoint protection based on known bad signatures and behaviors.
- EDR – To detect and prevent more complex endpoint threats that bypass NGAV solutions.
- NTA – To detect threats that have made their way into the network and so-called lateral movement.
- UBA – To detect unusual activity that could signal stolen credentials, a rogue insider, or bots.
- Deception – To uncover intrusions that have bypassed other detection technologies
- CLM – To mine the extensive log data generated by IT systems.
- SSPM – To find and correct configuration errors in SaaS applications.
images from Hacker News