Today’s world of Endpoint Towards XDR
The year is 2023, organizations have been using endpoint agents for 30 years. At the beginning, endpoint agents were simple Anti-Viruses safeguarding against specific malicious software. Overtime, viruses evolved to worms: malicious software which self-spreads over the network. Then came along trojan horses: espionage software with command and control capabilities. Around the 2010’s, ransomware took over the stage and became the #1 risk for organizations, making endpoint security a CISO’s top priority.
Dozens of espionage and ransomware attack groups emerged and repeatedly penetrated organizations while utilizing advanced attack techniques called “fileless attacks,” in which no malware is involved. This created the immediate need for an EDR, the equivalent of an airplane’s “black box” which records all activities in a protected compartment, making an investigation possible under almost any unexpected scenario.
As time went by, customers' networks became more complex and complicated, with a messy mix of on-premise, private cloud and public clouds, all with exponentially growing traffic volumes. Environments became more mission critical and new types of lightweight endpoints were introduced, such as smart cameras, VOIP phones and printers, none of which can run EDRs and agents. Some run in containers with restricted OS access or use unsupported CPUs making them unsupported by most endpoint agents. In addition, the world of Internet Of Things (IoT and Medical-IoT) creates another challenge for organizations as they are unable to install agents on these closed devices. These created the demand for XDR (Extended Detection & Response), which extends the “black box recorder” from endpoint only, to any other data source (e.g. Network, Cloud, IoT logs)
XDR’s First Priority: Network Detection and Response (NDR)
Cybereason is well-known for its EDR as a major leading player in Gartner’s EPP Magic Quadrant. As a market leader, we acknowledge customers' need for network visibility and their ongoing effort to gain back control over unmanaged and partially managed risks. These risks include the lack of visibility across all their end-to-end surfaces and trust circles (Identity, Endpoints, Applications, Network, Infrastructure, Data).
XDR is meant to be the ultimate source of truth, uniting the critical puzzle pieces into a single picture. After the endpoint, the network is the most critical data source of all, since it reveals an attack from the network perspective and sheds light on unprotected endpoints that cannot run an agent (e.g. IoT, Medical-IoT, smart cameras, AWS Load Balancer, Google Code Functions, etc.), or were missed during the EDR deployment.
This is why we believe that extending coverage with Cybereason XDR together with Cynamics NDR creates a true added value for customers, without any risks and without getting carried away into over-blown projects and white elephants.
Cynamics NDR - Complete network coverage in minutes without any appliances or agents
Cynamics NDR continuously collects small network samples, much less than 1%, and uses unique AI technology to predict how the full network - 100% - behaves to predict attacks and threats before they have a chance to hit. In case of a threat, the customer gets an attack story based on auto-drill-down from the gateways, through the network assets down to compromised endpoints.
Cynamics leverages existing sampling protocols supported by every network gateway (firewalls, switches and public cloud providers). Hence the onboarding does not include any appliance deployment or agent installation. As a result, the Cynamics solution is extremely non-intrusive and low-touch, can be completed in a few minutes even for the most complex networks and adapts rapidly and seamlessly to network changes.
The Cynamics approach is radically different from existing legacy NDR solutions which are all based on appliances and cannot cover the entire network anymore.
Cynamics Success Story: Underline.com
Underline is an intelligent infrastructure platform with a full-service solution to design, finance, construct and operate open access fiber networks for U.S. communities. As a greenfield company, Underline was looking for a cybersecurity solution built from the ground up along with its network infrastructure.
The company needed to neutralize security incidents in real time but knew that the standard NDR solutions that use deep packet inspection wouldn’t be able to scale. This led them to Cynamics, which uses an industry-standard, built-in sampling techniques to minimize resource demand on the network. This solution is currently deployed in Underline’s first market, Colorado Springs, CO, and will be put to work in their upcoming markets: Fountain, CO and Salinas, CA.
With Cynamics, Underline is experiencing benefits that include:
Rapid deployment and simple installation: Following a successful proof of concept, Underline deployed the Cynamics solution in less than 15 minutes. Cynamics requires no network changes or modifications.
Ease of management: Cynamics requires little to no management by Underline, working behind the scenes to monitor the network and report any potential threats as they arise.
Minimal resource demand: Cynamics uses advanced sampling techniques to minimize resource demand on the network. The solution collects less than 1% of network traffic to infer 100% visibility into network threats, without blind spots or latency.
Jason White, Vice President of Technology, Underline, said: “Having a state-of-the-art, autonomous, AI-based solution watching our network 24/7 has created great peace of mind. We couldn’t be happier with the team or the product. This partnership has been instrumental for Underline’s growth and security posture.”
Eyal Elyashiv, co-founder and CEO, Cynamics, said: “Companies like Underline need complete network visibility that can grow with them, a flexible solution that fits both on-premise and cloud environments, doesn't create latency issues, and requires minimal maintenance efforts. We’re proud to offer a solution that meets all these criterias and more, and we look forward to Underline’s ongoing success.”
Cybereason & Cynamics
Cynamics allows organizations to gain 100% visibility of their network, even if not all of their assets can be protected by an EDR. As networks exponentially grow in their traffic volumes and complexity and dynamically change over time, some parts of the network may have blindspots due to security deployment gaps and may not be protected by their EDR. Moreover, there might be network endpoints that are not compatible with an EDR, such as SIP phones, smart cameras, and operational equipment.
The above scenarios may cause EDR blindspots, which can be eliminated with Cybereason XDR by extending the security picture beyond the endpoint, using multiple sources such as Firewall, Web Proxy, Email Security, DLP and Network Security such as NDRs. Cybereason XDR integrates with Cynamic’s agentless NG-NDR solution to ensure these blind spots will always be covered in any network, from the smallest office to the largest data center, as Cynamics constantly monitors the entire network. Bottomline: the joint solution offered by Cybereason & Cynamics provides complete network coverage and high quality of detections.
