Today we are talking about a solution that uses an investigation system to identify potential threats and provide indications to contrast the risks of hacking.
Cymptom uses a very detailed detection and prevention system that helps to analyze all risky situations within the system network using a Mitre mapping of the network.
Analysis and investigation play a fundamental role in identifying malicious actions and provide useful indicators in prevention and today, with this interview, we will find out more.
1) What are the analysis phases that Cymptom uses?
Cymptom collect information from various resources inside the orgnaziation such as Active Directory, DNS, DHCP etc. to map the entire organization, its security posture and any possible attack paths
2) How does Cymptom mapping the posture of security through Mitre?
Cymptom is an official contributor of the MITRE ATT&CK framework and all of its findings are mapped to the tactics and techniques in MITRE ATT&CK. Cymptom analyzes the network and checks the feasibility of each technique from the MITRE ATT&CK based on the data collected. Cymptom has a research group that researched each tactic and technique in the framework and developed a deterministic logic to effectively validate it's exploitability.
3) What are the advantages of using Cymptom for a company?
Cymptom allows organizations to uncover the attack vectors that are most likely to exploited by an attacker based on the likelihood, exploitability and potential gain of an attack to happen. This insight empowers organizations to continuously improve their security posture in an efficient, data-driven manner.
4) 3 fundamental points that describe your solution.
- 1. Identify vulnerabilities and attack paths inside your organization.
- 2. Prioritize security issues based likelihood and potential impact.
- 3. Effectively strengthen your security posture by focusing on the mitigations that makes the best security advancement.
5) What are the current threats?
We are seeing how attacks become more sophisticated with multi-stage attack vectors. Even Ransomware are using lateral movement inside the organization to infect entire networks and not only a single computer. This threat requires organizations to strategize their security as a whole and not on a per-asset basis.
6) How Cymptom sees the future of cybersecurity?
With the fast adoption of cloud computing, SaaS and APIs with existing on-premises security challenges (data centers, IOT, etc.), enterprise security will evolve to a strategic and holistic rather than tactical as it is now. Organizations cannot afford dozens of siloed tools and Security solutions will become broader, covering more assets and attack vectors to support the growing number of customer use cases. This is why Cymptom mission is the give organizations that visibility they need to better strategize their defense in depth and to get the data to measure their efforts.
