As per Gartner and TAG Cyber, in Cynamics we are creating a new category - Next Generation (NG) Network Detection and Response (NDR) - recognizing hidden patterns preceding attacks.
Unlike legacy NDR solutions, Cynamics is not analyzing the actual packet data/payload (which is mostly encrypted anyway) and not doing any packet inspection. Instead, Cynamics unique approach is all about analyzing network patterns. Cynamics' patented and academically acknowledged AI technology is analyzing network patterns across the entire network: from the gateways, through the network assets (which are discovered autonomously), down to the endpoints, resulting in this novel approach for NDR - hidden pattern recognition that are preceding attacks.
All this is done without a single client, agent, or probe as well as no port mirroring, spanning, or tapping - Low touch self-provisioned solution that is built for scale - pull sampled flow data (less than 1%) from the main Firewall (North-South) and Core switch (East-West) using industry-standard sampling protocols which are built into every gateway: Netflow, sFlow, IPFIX and jFlow for legacy networks, and flow logs for cloud environments. Cynamics can sample any type of network and everywhere in the network (even isolated internal networks using our passive samples collector).
Different networks can be significantly different from each other - with different sizes, data volumes, architectures, and characteristics. This is why we invented a new AI technology [reference to paper] that enables us to normalize the patterns of different client networks. By normalizing the patterns, our technology can see something that no one else can - suddenly, patterns that precede attacks, threats, and anomalies look the same between network X and network Y, thus enabling us to recognize them long before the attack actually starts.
The normalization offers astonishing benefits - Cynamics models know how your network should behave in its different layers and levels – gateways, assets, endpoints, servers, machines - and how each of their patterns should look, and how these hidden patterns should change, and once the change is not as expected, it will immediately recognize the attacks, threats, and anomalies. In the paper, we show how this approach can provide much better accuracy than the previous state-of-the-art approaches that are not recognizing hidden patterns. Cynamics ability to have a broader/global view of the client’ interconnected infrastructure allows even to unveil new attack vectors that existing solutions miss. Anti-ransomware is one vector. Cryptojacking, data breaches, and Log4j are all just the tip of the iceberg. Cynamics is capable of much more. See more details in these whitepapers: