An Overview of the Cynamics Platform
Founded in 2018 and headquartered in Boston, Cynamics supports an artificial intelligence (AI)-
driven, next-generation, network detection and response (NDR) platform that specializes in
inferring the entire network from small network samples to provide deep visibility and predict
threats before they can occur. An important aspect of this predictive analysis involves the
establishment of a network blueprint.
How Cynamics Works
The Cynamics platform is built on the observation that collecting, processing, and analyzing
100% of traffic in today’s networks is no longer practical, due to exponentially growing network
sizes, in terms of data volumes and architecture. Instead, the company uses a small percentage
of network traffic flow (less than 1%) to gain visibility on 100% of the network, along with the
actual nature of the traffic from a threat perspective. This is a powerful concept because it
enables threat analysis to scale across a large network infrastructure.
Cynamics is a SaaS-based solution, and it has several appealing features from the
implementation side. For example, it doesn’t require that security engineers instrument any
type of traffic collection agents or deploys any appliances to the network. This is useful because
many enterprise teams have strict operational requirements and constraints on such tangible
changes to the network. Thus, the Cynamics approach is completely non-intrusive and implies
no risk to the client’s network. This is becoming a dominant requirement these days after all
the supply chain attacks into appliance-based solutions in recent years demonstrated how
these appliances are actually a double-edged sword that could provide attackers with a direct
route to the organizational core network.
Algorithms that drive the creation of network visibility include the use of novel machine
learning and deep learning to predict threats. This helps explain how 1% of traffic samples can
be used to infer 100% of the network. Predictive models of network state in each endpoint,
asset, and gateway can be created from samples—and Cynamics makes the compelling case
that this can be done from a modest sample of traffic.
How Cynamics is Deployed and Used
The Cynamics platform focuses on the continuous analysis of networks at multiple layers,
including main gateways and virtual private clouds (VPCs). By leveraging industry-standard
sampling protocols, Cynamics covers any type of network architecture and environment, mixed
between on-premise, cloud, and hybrid networks. Processing is autonomous and does require
manual curation by network engineers. The dashboard is designed to offer a simple visual
interface for operators that supports analysis, forensics, and response (see below).
Figure 4-1. Cynamics Network Dashboard
An additional use-case for Cynamics customers involves the automatic ability of their machine
learning models to constantly learn and evolve using external intelligence. This might involve,
for example, the detection of some new attack vector in a specific client context—perhaps a
financial services network. The Cynamics NDR platform would then utilize intelligence from this
threat to update any network blueprint for which this is a relevant threat.
About TAG Cyber
TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights
and recommendations to security solution providers and Fortune 100 enterprises. Founded in
2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-
for-play research by offering in-depth research, market analysis, consulting, and personalized
content based on hundreds of engagements with clients and non-clients alike—all from a
former practitioner perspective.
Copyright © 2022 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein.