The Power of the Fabric

Think of the Adaptive Detection Fabric as the critical piece of the puzzle necessary to build a strong, multi-layer security architecture for your organization. The words Adaptive Detection Fabric are more than buzzwords. Each word represents a unique value. Together, they deliver a powerful security solution that will quickly discover and contain the growing number of advanced threats that gain access to internal network resources. Consider the value of each of these words:


It starts with a highly distributed software solution designed with an open API architecture, allowing it to easily integrate with the tools already deployed in your security ecosystem—including firewalls, secure web gateways, intrusion prevention systems, CASB solutions, endpoint software, SIEMS, and more.
Like threads in fabric, the Cyphort solution weaves together the necessary connections to create a security whole that is greater than the sum of its parts, share critical information, and provide a broad layer of detection and protection across your internal network.


Advanced threats don’t like to follow the rules, which makes them difficult to detect. So rather than making security decisions based on a pre-defined set of rules, lists, and signatures (which are all limited and often outdated), the Adaptive Detection Fabric gathers data from multiple threat vectors—including Web, email, and lateral spread. It then employs patent-pending machine learning and behavioral analysis technologies to quickly correlate and identify a threat early in its progress moving through the cyber kill chain—before it can inflict damage on your business.


Once new threats are discovered, the fabric’s integration with your existing security tools can help your security ecosystem quickly “adapt” to the discovery. For example, the Adaptive Detection Fabric can work with your NAC tools to automatically contain and restrict movement of a new threat residing on an infected endpoint device, and strengthen your in-line security tools by applying new policies that will allow those devices to immediately block that advanced threat if they see it again.

The Adaptive Detection Fabric is a highly scalable software solution that is deployable across any number of locations. There are no specialized appliances and no “rip-and-replace” required.
Software deployment options include VMs, AWS cloud, or commercial servers. In any case, the Adaptive Detection Fabric can always be managed as a single integrated system.

How The Fabric Works

This short video provides an overview of how the components of the Adaptive Detection Fabric work together.

The Adaptive Detection Fabric is laser focused on finding the advanced threats that bypass your first layer of defense and often go undetected inside your network for weeks or months.

The Cyphort fabric relies on distributed collectors deployed at critical points throughout the network—at headquarters and all appropriate remote offices—to ensure comprehensive visibility and analysis of all potentially malicious traffic. These collectors have been specifically designed to continuously ingest traffic from the two primary threat vectors used by cybercriminals—Web and email (including email attachments and malicious web files).

In addition, specialized fabric collectors are available to ingest lateral spread traffic moving east-west through the network. This type of traffic often indicates significant progression through the cyber kill chain.

All collected data is fed continuously into the SmartCore analytics engine. This can be deployed on-premises or in the cloud. SmartCore correlates data from all threat vectors and applies a multi-stage analysis process that includes both machine learning and behavioral analysis technologies. The entire analysis process is often complete in seconds, and the output is a comprehensive profile on the newly discovered threat.

SmartCore can present its results through Cyphort’s Fabric Manager application, or it can integrate into most popular SIEMs. Threat information is always prioritized based on its severity and risk to the organization. Just as important, threat activity is aligned with its progression through each step of the cyber kill chain, enabling SOC and IR teams to prioritize their action plans.

Why the Fabric is Essential

Nearly every organization serious about cyber security has already invested in a strong security architecture with powerful tools and technologies deployed at key points in the network. This includes everything from perimeter security (firewalls, secure web gateways), cloud security (CASB tools), and endpoint security (AV, EDR).

So why invest in anything else?

These tools are optimized to prevent known attacks, not detect unknown attacks. In addition, they are constrained by performance requirements. In other words, they can’t afford to introduce any network latency that would impact Web, applications, or end user performance. Consequently, with the milliseconds they have available, they must make a block or allow decision by checking various rules and lists of content known to look bad. This is usually effective 70-80% of the time.

But advanced threats know how to “look” different to bypass those rules and evade detection.

Once these threats establish their position in the network, they can remain undetected for weeks or months. By the time they are discovered, they have often completed their progression through the cyber kill chain to achieve their mission of data exfiltration.

The Adaptive Detection Fabric was created to prevent that from happening.

The fabric focuses on undiscovered, advanced threats already inside the network.

These threats can change their looks, but their behaviors are much harder to change. So the fabric’s SmartCore analytics engine employs innovative machine learning and behavioral analysis technologies as it continuously examines all potentially malicious content moving north, south, east, and west throughout the distributed enterprise.

Also, SmartCore’s connection to Cyphort’s cloud-based Adaptive Threat Analytics service ensures that machine learning models are always updated to quickly identify the most subtle characteristics and indicators of malicious behaviors.

The bottom line is that the Adaptive Detection Fabric is an essential component of a comprehensive “lean forward” security architecture because it effectively closes the critical security gap that exists due to the limitations of the tools described above.

Validation of the Fabric

The Adaptive Detection Fabric continues to generate positive reviews from industry media and, most important, from customers that rely on the fabric to protect their organization.

“For us, Cyphort was a good choice because it mapped very nicely to the distributed nature of Barry University. We have a Cyphort appliance located at our main campus and then deployed sensors at each of our 20 other locations–It’s great to be able to cover all security needs and have that telemetry relayed to the main campus.”

Dr. Hernan Londono
Associate Vice President of Technology & CTO, Barry University

“Protecting our customers’ personal information is of the utmost importance, and that has become more of a challenge as threats are constantly changing. We look to Cyphort as another key piece of armor for helping us stay on top of new threats and continue our dedicated commitment to customer service.”

David Strobelt
Chief Information and Supply Chain Officer,
Modell’s Sporting Goods

“Cyphort gives us the ability to see the lateral movement, the north, south, east, west traffic, and look at your world in context, to me becomes one of the paramount important things, because you have to identify and stop very quickly…because things are going to happen.”

David Giambruno
Senior Vice President & CIO, Tribune Media

Ready to Build Your Own?

As noted earlier, we’ve designed the Adaptive Detection Fabric to be open and flexible. From a deployment standpoint, that means minimal complexity and disruption to your existing security infrastructure. The open architecture of the fabric allows it to be deployed on VMs, in the cloud, or on commercial servers.

If you’re ready to learn more, view the Deployment Options document below to get a high-level view of how each of these models might look from an architectural standpoint. To get more insight into a customized “Build Your Own” deployment for your organization, we invite you to click on Request Customized Fabric. After providing more information on a short form, we’ll generate a customized recommendation for an Adaptive Detection Fabric deployment that’s right for your organization.

Want to See the Fabric in Action?

Schedule a live demo at your convenience, and we’ll show you exactly how the Adaptive Detection Fabric can protect your organization.