COMPETITIVE ANALYSIS CYNET VS MICROSOFT DEFENDER ATP
Cynet vs Microsoft Defender ATP www.cynet.com 2 THE CYNET 360 DIFFERENCE Detailed Explanation
PREVENTION & DETECTION
Malicious activity manifests itself in one of three ways: file/process execution, network traffic and user behavior. Microsoft Defender ATP is oriented on file/process-based threats: malware, exploits, fileless, macros etc., and typically achieves good results on that field. However, Defender ATP lacks the ability to identify and block attacks that manifest only in anomalous network traffic (lateral movement, data exfiltration and network-based credential theft) or user behavior (anomalous login of compromised user account).
Cynet 360 XDR technology continuously collects and analyzes endpoint, user and network activities within the protected environment, powering the ability to identify and block both file/process-based attacks, as well network and user-based attacks, rendering complete coverage beyond the capabilities of Defender ATP.
Moreover, by fusing together all the environment activity signals, Cynet 360 is able to form the true context of each process execution network traffic and user behavior to unveil and block threats that are undetectable by monitoring just file/processes as Defender ATP does. In that way, Cynet would successfully block the execution of processes that Defender ATP allows to run.
Microsoft provides various add-on options to expand the coverage of Defender ATP. For example, purchasing Microsoft Azure ATP provides coverage for many network-based threats and purchasing Microsoft Threat Experts integrates targeted attack notifications. However, added features become very costly very quickly and are also quite burdensome to configure and maintain. Cynet 360 provides all capabilities in a single, unified platform.
Coverage Advanced cyberattacks leave their mark across all parts of the targeted environment: endpoints, files, process, user accounts and network traffic. Unlike Microsoft Defender ATP that has a limited number of endpoints/file remediations (isolate, kill process and delete/quarantine file), Cynet 360 Response Automation provides a complete set of remediation tools for infected endpoints, malicious files/ processes, compromised user accounts and attacker-controlled traffic. Moreover, Cynet 360 can act as a response orchestration interface that communicates with core components such as Firewalls and Active Directory to expand the response process across the entire environment.
Cynet vs Microsoft Defender ATP www.cynet.com 3 RESPONSE
Automation Cynet 360 Response Automation supports the use of preset and user-created remediation playbooks that automate the response for detected threats by chaining together several discreet remediation actions (for example, isolate the endpoint + disable user account in Active Directory as an automated response for user account compromise detection). These playbooks both scale the security team alert-handling capacity by automating repetitive tasks and radically increase the share of attacks that are autonomously addressed and resolved by Cynet 360 without need of human intervention.
Further, the Cynet 360 Incident Engine automates the entire response workflow, including automating investigation to reveal root cause and full impact of the identified threat and a wide set of remediation actions across hosts, process, files, users and network traffic. Fully automating the response workflow provides relief to overworked security teams that do not have the bandwidth, or expertise, to fully investigate and respond to every alert.
MONITORING & CONTROL
Continuously monitoring all entities and activities in the environment enables Cynet users to discover and address exposed attack surfaces (vulnerable systems and apps, unchanged user passwords, etc.). This eliminates the risk of nearly 60% of common attack vectors. Cynet 360 automates the collection and correlation of executed file/processes, user account activities, file access and network traffic, introducing unmatched speed and ease to all monitoring and control workflows.
Cynet vs Microsoft Defender ATP www.cynet.com 4 CYNET 360 VS MICROSOFT DEFENDER ATP COMPARISON TABLE
PREVENTION & DETECTION
Compromised user account detection
Anomalous user logins
Preset user activity rules
Malicious insider
Malicious network traffic
Tunneling based data With MS Azure ATP exfiltration integration
Credential theft (LLNMR\ With MS Azure ATP NBT-NS attacks) integration
Lateral movement (pass With MS Azure ATP the hash etc.) integration
Reconnaissance (scanning attacks)
Reputation
Deception
Decoys: data files, credentials, network shares, URL, RDP
RESPONSE
Host remediation Isolate, Restart, Isolate, Run Change IP, Delete\ Command, Run Disable Service, Script Delete\Disable Scheduled Task, Run Command, Run Script
Disable\Enable, User remediation Reset Password
Block Traffic, Clear With MS Azure ATP Network remediation DNS Cache integration
Orchestration
Expand remediation Partial with across the environment MS Azure ATP infrastructure: firewall, integration, limited proxy, AD, etc. to specific Windows OS versions
Automation
Chain discreet remediation Partial: only applies actions to a single flow to the host, file and that runs automatically some network when a predefined alert is remediations, triggered limited to specific Windows OS versions
INFRASTRUCTURE
OS support Windows XP P2 Windows 7 + 8 and above, Server require agent 2003 and above installation. Built Linux, Mac into Windows 10. Supported macOS versions: 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
Deployment model Flexible: On-prem, SaaS only SaaS or Hybrid
MDR Service
Full MDR integrated in the product offering
Cynet vs Microsoft Defender ATP www.cynet.com 5