Review: A fully autonomous cybersecurity platform? Cynet 360 comes close

orange monitors with lock icon network security cyber threat
Getty Images

Cybersecurity these days is a complicated endeavor. Threats can come from anywhere, via any medium. Organizations have tried to compensate by investing millions in various defenses, and still get breached on a regular basis.

The complexity of most defenses is the ally of the attacker. Some programs are only designed to seal off a single attack vector like email or network traffic. Some aren’t made to work well with others. And many have blind spots or overlaps with other programs that an attacker can use to slip past even a seemingly well-defended parameter. And almost every cybersecurity defense requires human overseers to properly configure the platform for deployment, to train it how to operate, or to take actions in response to alerts.

The goal of a fully autonomous and completely effective cybersecurity platform has never been fully realized. But that is exactly what the Cynet 360 autonomous breach protection platform aims to do. From our testing, it’s clear that they are very close, with a nearly zero touch installation process, complete visibility through agent sensors, and an automatic response rate that is about 98 percent accurate.

Cynet can be installed on premises, through the cloud or as a hybrid solution. The installation type only changes the location of the main console. And once the system is up and running, if allowed to perform on its own, humans won’t really need to touch it wherever it resides.

The secret to the platform’s success is the deployment of agents that act as both sensors and threat remediators. But don’t confuse Cynet 360 with an endpoint protection solution where the sensors report their findings back to the console and wait to receive instructions on how to respond to various threats. Instead, each agent is fully autonomous and capable of taking actions on its own.

The agents also don’t exist on an island, just watching over whatever asset they are installed within. Instead, they constantly talk with the other agents in the network, sharing intelligence about what they’re finding on their host. This can quickly help them to, for example, decide if an attack is an isolated incident or part of a campaign that is attacking multiple nodes at the same time. They can then take appropriate actions across an entire network if needed, evolving their protection and actions as the situation changes. Cynet calls this process sensor fusion, where the combining of sensory data from many sources results in more accurate information than could ever be gained by looking at each sensor individually.

Cynet Network Topology Deployment CSO

It’s easy to see where the agents you have deployed are residing. They will work with almost any Windows, Linux or Mac systems, even older ones like Windows XP. (Click image to enlarge.)

Agents can be deployed on almost any Windows, Linux or Mac system, including those with older, legacy operating systems like Windows XP. Each agent is about 10 megabytes in size. Because the agents use a sort of shorthand to communicate with one another, they generate very little traffic despite the fact that they are always talking. Each agent can be expected to create about 270 kilobytes of network traffic per day.

Given that the goal of Cynet 360 is total autonomy, it’s not surprising that the installation process also follows this pattern. Other than supplying the credentials, the whole process comes down to just two clicks. The platform is very careful about installing agents too, first putting them into system memory and then transferring to more permanent storage whenever there is downtime. In our testing it only took about 60 minutes to deploy 5,000 assets, and all with no user intervention needed.

Agents are powerful because they are able to change various flags and permissions on protected assets, even on the fly, in response to threats. They can take almost any remediation action including disabling the network card to isolate the host, disabling a user, deleting or quarantining files, resetting the system or any specific action such as running a command or script.

Cynet Dashboard CSO

The dashboard for Cynet 360 lets human operators see what the platform is doing, or to take actions if the program is not set to autonomous mode. It will soon be available as part of an Apple Watch.

The agents have a lot of intelligence and are trained to make the correct decisions, but users can also work with the console to modify their behavior. It’s relatively easy to assign new actions to agents, though working with Cynet 360 in this way kind of defeats the fire-and-forget nature of the platform.

Cynet Response Orchestration CSO

Although the agents are capable of taking remediation actions on their own, they can also be trained to take different actions as part of an organization’s cybersecurity strategy. Programming the agents is very straightforward.

Organizations that are not yet comfortable with turning over security to machines can set the level of automation they feel comfortable with. For example, agents can be set to record cybersecurity breaches they detect but not act on them, instead sending their data to a SIEM or other collection device. The interesting thing about Cynet 360 is that if you do that, the platform will show you every step along the cyber kill chain where an active attack was detected, and what action the agents could have taken to stop it if allowed to do so. That way, if humans are evaluating Cynet, they can see if the program’s actions would have been correct. According to company officials, this process convinces most of their skeptical clients to activate full automation within a few weeks.

Cynet Prevention and Detection CSO

Cynet 360 will show users every time one of its agents finds a threat and what actions were automatically taken. If not set to automatically remediate threats, it instead shows what action it could have taken had it been allowed to run autonomously.

Cynet 360 can even deploy deception assets as part of its installation process. If the program is running in fully autonomous mode, the deception assets are fairly unnecessary, since almost any attack is going to be mitigated long before an attacker can trip themselves up by accessing a fake host or file. However, even then they are useful for finding internal threats, as authorized users would have no way to normally touch a deceptive asset unless they are snooping around where they shouldn’t be browsing. It’s a nice extra feature, and a surprising one to see, that could be useful in certain circumstances.

Another surprising feature of the Cynet 360 platform is the fact that the company makes a team of cybersecurity specialists available to customers as part of their normal subscription model. Users pay a set fee based on the number of assets being protected by Cynet 360, but there is no threshold or extra charge for the 24-hour off-site expert help. Local users can send particularly tricky Cynet 360 alerts to the company’s security operations center for analysis and help, or simply to check the work of the agent sensors. Cynet is even making this “ask for help” feature available through an Apple Watch to give CISOs real time visibility into the platform and the ability to ask for assistance when attacked, right on their wrist.

Small and medium-sized organizations that have very little cybersecurity could easily add Cynet 360 as their one-stop autonomous defense tool, and be able to thwart most threats automatically, with the ability to call in human backup if needed. Larger organizations will probably see some overlap with Cynet 360 and some cybersecurity programs they already have installed. The platform is designed to work with most other defensive tools, though some antivirus programs may need to make Cynet 360 an exception to avoid overtaxing endpoints.

Cynet Agent Full Report CSO

Although Cynet 360 agents are designed to be able to act independently, they also file full reports about what they encounter and actions performed. Information like this can be valuable to human threat hunters or security auditors. (Click image to enlarge.)

Linking network sensors into a sort of overall brain and letting them act as agents to defend themselves and their assets is a brilliant concept that is actually being pulled off well by Cynet. Adding extra layers of protection like the deceptive asset net and a fully-staffed security operations center as a resource makes Cynet 360 an even safer bet. The platform can be active in 24 hours on almost any network, whether as the soul line of defense or one of many protections. Given the plethora of attacks these days, it won’t take Cynet 360 very long to prove both its concept and its value to any enterprise.