As Seen On

as seen on authority

Competitive Analysis

Cynet 360 Vs NIST Compliance

SUMMARY

The National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) establishes information security standards and guidelines for critical infrastructure and is in wide use by organizations of all verticals. NIST CSF breaks down cyber resilience to 5 categories: Identify, Protect, Detect, Respond and Recover.

This document details how the Cynet 360 platform maps to the various NIST categories and controls. When properly installed and configured, Cynet 360 provides both supplemental and direct support across all categories:

  1. Identify

    Direct support via vulnerability assessment and risk ranking, as well as supplemental support via log collection, aggregation and contextualization, File Integrity Monitoring and File Activity Monitoring.

  2. Protection

    Direct support via attack prevention technologies such as Antivirus, Next-Generation Antivirus, Threat Intelligence and automated prevention for network-based attack.

  3. Detect

    Direct support via attack detection technologies such as Endpoint Detection and Response, Network Analytics, User Behavior Analysis and Deception.

  4. Respond

    Direct support via local/global remediation actions for infected hosts, compromised user accounts, malicious files/processes and attacker-controlled traffic. These actions can be applied manually or as automated playbooks.

  5. Recover

    Supplemental support via log collection and analysis.

Requirement Testing RequirementComments
Asset Management
(ID.AM-3, ID.AM-4, ID.AM-6)

The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

  • Cynet 360 provides supplemental support for NISTCSF control requirements ID.AM-3, ID.AM-4 and ID.AM-6 by collecting and analyzing all account management, access granting/revoking, and access/authentication logs.
  • Cynet 360 correlation rules provide alerting on account authentication failures. Cynet 360 investigations provide evidence of authorized/ unauthorized network access.
  • Cynet 360 creates visibility into all assets in the organization and can divide them into different groups by their respective business profile and customize the security level to align with perceived business risk.
Governance
(ID.GV-1, ID.GV-2, ID.GV-3)

The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

  • Cynet 360 provides supplemental support for NISTCSF control requirement ID.GV-1, ID.GV-2, and ID.GV-3 by collecting and analyzing all account management and access/authentication logs.
  • Cynet 360 correlation rules provide alerting on account authentication failures. Cynet 360 investigations, reports, and tails provide evidence of account management activity (account creation, deletion, and modification) and account access/authentication activity to support efforts of enforcing security policies within the organization.
Risk Assessment
(ID.RA-1)
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
  • Cynet 360 provides direct support for NISTCF control requirements ID RA 1 -6 and supplemental support for NISTCSF control requirements ID.RA-1.
  • Cynet 360 provides full vulnerability assessment and risk ranking along with assigning risk rank to all entities within the environment. Cynet 360 identifies all entities (hosts, files, user accounts, network traffic and destinations) that introduce a likely threat to the environment.
  • Cynet 360 provides supplemental support for NISTCSF control requirements ID.RA-1 by collecting and analyzing all suspicious network activity or activities indicative of cybersecurity risks.
  • Cynet 360 correlation rules provide alerting on events indicative of potential cybersecurity threats or attacks on the network.
  • Cynet 360 investigations, reports, and tails provide evidence of cybersecurity events in support of early detection and incident response.
Access Control
(PR.AC-1, PR.AC-2, PR.AC-3, PR.AC-4, PR.AC-5)
Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.
  • Cynet 360 provides supplemental support for NIST-CSF control requirements PR.AC-1, PR.AC-2, PR.AC-3, PR.AC-4, PR.AC-5 by collecting and analyzing all account management, and network access/authentication logs. Cynet 360 correlation rules provide alerting on account authentication failures.
  • Cynet 360 User BehaviorAnalytics profiles user activity and alerts upon anomalies that are indicative of malicious presence. Cynet 360 investigations, reports, and tails provide evidence of account access/authentication activity.
Awareness and Training
(PR.AT-3)
The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.
  • Cynet 360 provides supplemental support for NIST-CSF control requirement PR.AT-3 by collecting and analyzing all third-party accounts or process activities within the environment to ensure third-parties are performing activities according to defined roles and responsibilities.
  • Cynet 360 correlation rules provide alerting on account authentication failures. Cynet 360 investigations and reports provide evidence of vendor account management and authentication (success/failure) activities.
Data Security
(PR.DS-1, PR.DS-4, PR.DS-5, PR.DS-6)
Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
  • Cynet 360 provides direct support for NIST-CSF control requirements PR.DS-1 and supplemental support for NIST-CSF control requirements PR.DS-4, PR.DS-5, PR.DS-6 by collecting and analyzing all system logs relating to the protection of data integrity, availability, and mobility.
  • Cynet 360’s File Integrity Monitor (FIM) tracks file changes, while Cynet 360 File Activity Monitoring monitors all creation, deletion, access and modifications. Cynet 360 correlation rules provide alerting on remote account authentication failures. Cynet 360 investigations, reports, and tails provide evidence of remote account access/authentication activity.
Information Protection Processes and Procedures
(PR.IP-1, PR.IP-3, PR.IP-4, PR.IP-7, PR.IP-8, PR.IP-11, PR.IP-12))
Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
  • Cynet 360 provides supplemental support for NIST-CSF control requirements PR.IP-1, PR.IP-3, PR.IP-4, PR.IP-7, PR.IP-8, PR.IP-11, PR.IP-12 by collecting and analyzing all Cynet 360 correlation rules provide alerting on account management activities.
  • Cynet 360 investigations, reports, and tails provide evidence of account management and authentication (success/failure) activities.
Maintenance
(PR.MA-1)
Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.
  • Cynet 360 provides supplemental support for NIST-CSF control requirement PR.MA-1 by collecting and analyzing all logs from HMI, engineering work-stations and servers.
  • Cynet 360 correlation rules provide alerting on critical and error conditions within the environment.
  • Cynet 360 investigations, reports and tails provide evidence of environment conditions as well as process and system start-ups/shut- downs.
Protective Technology
(PR.PT-1, PR.PT-2, PR.PT-3, PR.PT-4)
Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.
  • Cynet 360 provides supplemental support for NIST-CSF control requirement PR.PT-1, PR.PT-2, PR.PT-3, PR.PT-4 by collecting logs relating to technical security solution access management and authentication activities.
  • Cynet 360 correlation rules provide alerting on audit logging events (log cleared, stopped), FIM, software installations, access provisioning and authentication activities.
  • Cynet 360 deploys its own AV/NGAV to proactively protect against execution of malware, exploits, fileless and other malicious processes.
  • Lastly, Cynet 360 investigations, reports and tails provide evidence around the aforementioned activities.
Anomalies and Events
(DE.AE-1, DE.AE-2, DE.AE-3, DE.AE-4, DE.AE-5 )
Anomalous activity is detected in a timely manner and the potential impact of events is understood.
  • Cynet 360 provides direct support of NIST-CSF control requirements DE.AE-3 and DE.AE-5, while providing supplemental support for NIST- CSF control requirement DE.AE-1, DE.AE-2, DE.AE-4 by collecting and analyzing logs related to security events throughout the environment.
  • An inherent function to Cynet 360 is the ability to correlate and aggregate event data across the environment. Cynet monitors user activity, network traffic and process behavior and employs various technologies to detect and alert upon any anomalies, indicative of malicious activity and presence.
  • Cynet 360 also includes Deception technology which plants decoys across the environment and alerts upon malicious interaction.
Security Continuous Monitoring
(DE.CM-5, DE.CM-2, DE.CM-3, DE.CM-4, DE.CM-5, DE.CM-6, DE.CM-7, DE.CM-8)
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.
  • Cynet 360 provides direct support of NIST- CSF control requirements DE.CM-1, DE.CM-2, DE.CM-3, DE.CM-6, and DE.CM-7 as well as supplemental support for NIST-CSF control requirements DE.CM-4, DE.CM-4 AND DE.CM-4 by providing continuous monitoring, analysis, and reporting of network, physical access and other events indicative of malicious cyber activities.
Detection Processes
(DE.DP-1, DE.DP-2, DE.DP-3, DE.DP-4, DE.DP-5)
Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.
  • Cynet 360 provides direct support of NIST-CSF control requirement DE.DP-4 and supplemental support of NIST-CSF control requirement DE.DP-1, DE.DP-2, DE.DP-3, DE.DP-5 by logging and monitoring around process and procedures in the environment.
  • Further, Cynet 360 correlation engine provides alerting on activities to assigned individuals.
  • Cynet 360 reporting, investigations and tails provide evidence around these activities as well as support maintenance of processes and procedures.
Response Planning
(RS.RP-1)
Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.
  • Cynet 360 provides supplemental support for NIST-CSF control requirement RS.RP-1 by collecting and analyzing all cybersecurity events from Cynet 360 attack protection technologies: AV, NGAV, EDR, UBA, Network Analytics and Deception, and providing notifications to assigned personnel.
  • Cynet 360 correlation rules provide alerting on cybersecurity events while investigations, reports, and tails provide evidence behind cybersecurity events.
  • Cynet 360 provides a wide set of remediation actions to eliminate attackers’ presence and activity from infected hosts, malicious processes, compromised user accounts and attacker- controlled traffic.
  • Additionally, Cynet 360 supports creation of a response playbook that automates the triggering of a set of remediation actions per malicious activity in respect to the organization’s policies and procedures.
Communications
(RS.CO-3, RS.CO-4)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
  • Cynet 360 provides supplemental support for NIST-CSF control requirement RS.CO-3 and RS.CO-4 by collecting and analyzing all cybersecurity events from Cynet 360 attack protection technologies: AV, NGAV, EDR, UBA, Network Analytics and Deception, and providing notifications to assigned personnel. Cynet 360 correlation rules provide alerting on cybersecurity events while investigations, reports, and tails provide evidence behind cybersecurity events.
  • Cynet 360 supports creation of a response playbook that automates the triggering of a set of remediation actions per malicious activity in respect to the organization’s policies and procedures.
  • Cynet 360 supports creation of various reports in respect to the organization’s policies and procedures.
Analysis
(RS.CO-3, RS.CO-4)
Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.
  • Cynet 360 provides supplemental support for NIST-CSF control requirement RS.CO-3 and RS.CO-4 by collecting and analyzing all cybersecurity events from Cynet 360 attack protection technologies: AV, NGAV, EDR, UBA, Network Analytics and Deception, and providing notifications to assigned personnel. Cynet 360 correlation rules provide alerting on cybersecurity events while investigations, reports, and tails provide evidence behind cybersecurity events.
  • Cynet 360 supports creation of a response playbook that automates the triggering of a set of remediation actions per malicious activity in respect to the organization’s policies and procedures.
  • Cynet 360 supports creation of various reports in respect to the organization’s policies and procedures.
Mitigation
(RS.MI-1, RS.MI-2, RS.MI-3)
Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident. Cynet 360 provides direct support for NISTCSF control requirements RS.MI-1, RS.MI-2, RS.MI-3 by three types of mitigation actions:
  • Preset remediations: direct removal of malicious activity and presence across infected hosts, compromised user accounts, malicious files/processes and attacker- controlled traffic.
  • Custom remediations: user defined remediation which optionally chain together several preset remediations, and/or join a custom script that communicates with other environment components such as AD, firewall, proxy, etc. to expand the mitigation across the entire environment.
  • Automated playbooks: selecting a group of preset/custom remediations and set them to get triggered automatically per a chosen malicious activity.
Additionally, Cynet 360 provides collecting and analyzing logs related to incident response. Cynet 360 correlation engine provides alerting on vulnerabilities within the environment. Cynet 360 investigations, reports and tails provide evidence to support incident analysis and remediation of exposure or vulnerabilities.

Cynet 360 provides a wide set of remediation actions to eliminate attackers’ presence and activity from infected hosts, malicious processes, compromised user accounts and attacker- controlled traffic. Additionally, Cynet 360 supports creation of a response playbook that automates the triggering of a set of remediation actions per malicious activity in respect to the organization’s policies and procedures.
Improvements
(RS.IM-1, RS.IM-2)
Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities. Cynet 360 provides supplemental support for NISTCSF control requirements RS.IM-1, RS.IM-2 by collecting and analyzing logs related to incident response. Cynet 360 reports provide evidence to support incident analysis and remediation of exposure or vulnerabilities.
Improvements
(RC.IM-1, RC.IM-2)
Recovery planning and processes are improved by incorporating lessons learned into future activities. Cynet 360 provides supplemental support of NIST-CSF control requirements RC.IM-1 and RC.IM-2 by collecting and analyzing logs relating to recovery operations. Cynet 360 reports provide evidence around the recovery operation events.
Communications
(RC.CO-3)
Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors. Cynet 360 provides supplemental support of NISTCSF control requirement RC.CO-3 by collecting and analyzing logs relating to recovery operations. Cynet 360 reports provide evidence around the recovery operation events.

Watch Platform Demo

chatfortres cynet testimonial
chatfortres cynet testimonial

Detect and Respond to cyber threats faster with our Autonomous End-point Breach Protection.

Let our team monitor and detect cybersecurity threats against your network, users, files and hosts 24/7 via our ThreatFortress Cynet360 XDR and Response Automation platform.

Cynet Gartner awards
Automated Response Remediation End-point Monitoring

Real-time Detection and Response to Cyber Threats

Cyber Alert Monitoring
Threat Hunting
Cyber Attack Investigation

Protecting companies from 5 devices to 10,000 around the world.

AUTONOMOUS BREACH PROTECTION

ThreatFortress Cynet XDR prevents and detects threats on endpoints, networks, and users and triggers for each identified threat an automated investigation flow that reveals the attack’s scope and root cause and applies automated remediation. The 24×7 MDR team continuously monitor and optimize this process to maintain top quality and precision

Learn more

Deception Technology Included

Lure Attackers to Reveal Their Presence with Advanced Deception Technology. That's right part of the ThreatFortress system sets traps for cybercriminals to further protect your system against attack.

Learn More
chatfortres cynet testimonial
chatfortres cynet testimonial
chatfortres cynet testimonial

ThreatFortress Cynet360 Platform Demo

Got Questions?

Schedule a time to speak to your cybersecurity consultant for free to help you understand your options. Or Email Help@ChatFortress.com and our team will respond to your questions.

Schedule a time now:

ThreatFortress Features

XDR Prevention and Detection

Helping to protect your business with real-time threat prevention and detection services for your Users, Hosts, Networks and Files. XDR Prevention and detection of a myriad of attack vectors, utilizing the capabilities of the following security technologies:

Complete coverage of all attack vectors that involve endpoint, user and network.

Cynet Prevention & Detection leverages Cynet Sensor Fusion to provide the integrated capabilities of Next-Generation Antivirus, Endpoint Detection and Response, Network Analytics, Deception and User Behavioral Analytics. Cynet also moves beyond the incremental value of these capabilities, by unveiling advanced threats that can be detected only by concurrent analysis of endpoint, user and network activities.

Next Generation Anti-Virus

Block execution of malware, exploits, fileless, Macros and ransomware.

Endpoint Detection and Response

Detect advanced attacks by continuous monitoring of endpoint file and process activities.

Network Analytics

Monitor network traffic to unveil reconnaissance, credential theft, lateral movement and data exfiltration attempts.

User Behavior Analysis

Profile the behavior of all user accounts to pinpoint anomalies that indicate an attempted compromise. Learn More

Deception

Plant various types of decoy files across your environment to lure attackers into revealing their presence. Learn More

Response Automation

Providing fully automated or manual response actions to threats. Manual and automated remediations of infected hosts, malicious files, compromised user accounts and attacker-controlled traffic.

Full automation of response workflows across the entire environment.

Cynet Response Orchestration includes a full set of remediation actions to address infected hosts, malicious files, attacker-controlled network traffic and compromised user accounts. Remediation can be performed either directly on the endpoint or by involving infrastructure components such as firewall, AD, etc. Cynet supports response automation by gathering several remediation actions into playbooks that are activated upon occurrence of respective alerts.

Preset Remediations

Remove malicious presence and activity with pre-built actions for hosts, files, users and network.

Custom Remediations

Build your own response workflows by chaining various remediations together and adding scripts to communicate with core components such as firewalls and AD.

Response Playbooks

Automate incident response workflows by using Cynet’s playbooks to resolve security events without the need for human intervention.

24/7 MDR SOC Services

Providing you with 24/7 monitoring of all of your endpoints by real humans and SOC Anlysts. CyOps is Cynet’s 24/7 SOC team of threat researchers and security analysts that complement Cynet 360 technology with unmatched security expertise, available to Cynet’s customers at no additional charge. CyOps assist Cynet customers with in-depth investigation, proactive threat hunting, malware analysis and attack reports, ensuring that every security event is handled and resolved.

Proactive Threat Hunting

Continuous search through our customers’ environment to detect and address live attacks.

Incident Response

Engage CyOps upon any suspicious activity you see in your environment, to detect, respond and remediate.

Attack Investigation and Reporting

Get reports on attacks that CyOps detects across our customers’ install-base, including IOC and mitigation practices.

File Analysis

Submit any suspicious file to an expert analysis for information regarding its nature and potential risks.

Privacy | Terms of Service |
ChatFortress LLC © Copyright 2020 All Rights Reserved