Home >
Enterprise >
Participants >
Cynet > Carbanak+FIN7 Configuration
|
Cynet Configuration
Product Versions
- Cynet version 4.1
Product Description
Cynet 360 natively integrates the endpoint, network, and user prevention & detection of XDR with automated investigation and remediation, backed by 24/7 MDR services—placing end to end breach protection within reach of any organization, regardless of its security team size and skill.
XDR Prevention and Detection
By including signals from endpoint, network and user controls, Cynet XDR provides a more holistic view of the entire environment, improving the ability to detect attacks based on the MITRE ATT&CK framework. Out of the box, Cynet XDR natively combines the prevention and detection capabilities of:
- NGAV
- EDR
- NDR
- UEBA
- Deception Technology
Because the components included are part of a single platform, all data and alert information is centralized and normalized, which would otherwise require SIEM tools to coordinate inputs from multiple vendor point solutions.
Automated Threat Remediation
The Cynet platform can apply a broad range of automated remediation actions across the entire environment. Cynet provides broader host remediations than most EDR tools (ex., restart, change IP, delete\disable service) and can additionally apply remediation actions to networks (ex., block traffic, clear DNS cache), users (ex., disable/enable, reset password) and other environment components (ex., firewall, proxy, active directory).
Cynet provides a pre-built, remediation toolset for each entity type: file, host, network and user to accelerate and optimize incident response workflows, equipping security teams with a full remediation arsenal without ever needing to shift from the Cynet console.
Clients can use prebuilt remediation playbooks or define custom automated response playbooks for various attack scenarios that chain together automated remediation actions. Incident response procedures already tested in earlier incidents can be applied, allowing security teams to focus on more advanced threats. Any pre-set or custom remediation action can be saved as a playbook either by itself, or chained with other remediation actions.
Automated Incident Response with Full Investigation and Remediation
The Cynet Incident Engine provides a fully automated Incident Response tool for cross-environment investigation and remediation. Following high-risk alerts, the Cynet platform automatically initiates an investigation to determine the root cause of the identified threat and then determines the full breadth and impact of the attack across the environment. Remediation actions can be automatically applied for each investigation finding. With no configuration needed, Cynet automatically completes a full incident investigation and remediation on behalf of the security team.
Managed Detection and Response
Cynet XDR extends and improves any company’s security resources with a team of world-class cybersecurity experts – CyOps. The CyOps team continuously monitors client environments 24/7 to ensure any attacks are uncovered, provide ad-hoc threat investigations and forensic analysis, and guide clients through any necessary remediation steps. Moreover, CyOps 24/7 Managed Detection and Response is automatically included in the Cynet XDR platform – at no additional cost.

Product Configuration
Security policy
- All detection & collection engines enabled and set to detection mode for the first two days of testing.
- Prevention scenarios tested on the last evaluation day utilized the same configuration with a modification to the Policy action to: Block malicious activities when detected.
On the 3rd day we corrected an issue with the alert classifications mechanism to reflect a more accurate MITRE technique & tactic identification to some of the alerts generated on the first two days.