An Overview of the Cynamics Platform

Founded in 2018 and headquartered in Boston, Cynamics supports an artificial intelligence (AI)-

driven, next-generation, network detection and response (NDR) platform that specializes in

inferring the entire network from small network samples to provide deep visibility and predict

threats before they can occur. An important aspect of this predictive analysis involves the

establishment of a network blueprint.

How Cynamics Works

The Cynamics platform is built on the observation that collecting, processing, and analyzing

100% of traffic in today’s networks is no longer practical, due to exponentially growing network

sizes, in terms of data volumes and architecture. Instead, the company uses a small percentage

of network traffic flow (less than 1%) to gain visibility on 100% of the network, along with the

actual nature of the traffic from a threat perspective. This is a powerful concept because it

enables threat analysis to scale across a large network infrastructure.

Cynamics is a SaaS-based solution, and it has several appealing features from the

implementation side. For example, it doesn’t require that security engineers instrument any

type of traffic collection agents or deploys any appliances to the network. This is useful because

many enterprise teams have strict operational requirements and constraints on such tangible

changes to the network. Thus, the Cynamics approach is completely non-intrusive and implies

no risk to the client’s network. This is becoming a dominant requirement these days after all

the supply chain attacks into appliance-based solutions in recent years demonstrated how

these appliances are actually a double-edged sword that could provide attackers with a direct

route to the organizational core network.

Algorithms that drive the creation of network visibility include the use of novel machine

learning and deep learning to predict threats. This helps explain how 1% of traffic samples can

be used to infer 100% of the network. Predictive models of network state in each endpoint,

asset, and gateway can be created from samples—and Cynamics makes the compelling case

that this can be done from a modest sample of traffic.

How Cynamics is Deployed and Used

The Cynamics platform focuses on the continuous analysis of networks at multiple layers,

including main gateways and virtual private clouds (VPCs). By leveraging industry-standard

sampling protocols, Cynamics covers any type of network architecture and environment, mixed

between on-premise, cloud, and hybrid networks. Processing is autonomous and does require

manual curation by network engineers. The dashboard is designed to offer a simple visual

interface for operators that supports analysis, forensics, and response (see below).

Figure 4-1. Cynamics Network Dashboard

An additional use-case for Cynamics customers involves the automatic ability of their machine

learning models to constantly learn and evolve using external intelligence. This might involve,

for example, the detection of some new attack vector in a specific client context—perhaps a

financial services network. The Cynamics NDR platform would then utilize intelligence from this

threat to update any network blueprint for which this is a relevant threat.

About TAG Cyber

TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights

and recommendations to security solution providers and Fortune 100 enterprises. Founded in

2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-

for-play research by offering in-depth research, market analysis, consulting, and personalized

content based on hundreds of engagements with clients and non-clients alike—all from a

former practitioner perspective.  

Copyright © 2022 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.