A fast, efficient, connected and secure platform
Automated responses to process highjacking
Ransomware attacks prevented
Protection against all ransomware families
Cyber Crucible operates off of kernel level behavioral modeling, to discover data theft, credential theft, and ransomware encryption behaviors very quickly, rather than characteristics specific to a certain malware family or sample.
The Cyber Crucible developers routinely categorize the kernel level memory, process, and file behaviors of extortion tools as a quality assurance measure, to ensure they fit into one of the known defensive capabilities.
Locally to the machine (the Endpoint), behavioral analytics are used to Discover data extortion attack behaviors, and Respond by suspending the associated programs. The use of cloud analytics to provide additional data would, by the definition of the marketers of XDR (eXtended Discovery Response) products, means Cyber Crucible may be called an XDR product.We’ve taken features from each, and either name may be used, depending on the use case.
Cyber Crucible strives for a 0 false positive product environment. Having said that, there are sometimes false positives. Let’s discuss where these come from.
Currently, the false positive rate is approximately 1 response per week, per 1000 deployments/agents.
Cyber Crucible can be used in three ways:
- Set and Forget (Like Your Smoke Alarms)
- Daily or Weekly Threat Hunting
- Post-security incident forensic analysis
The best answer is…it depends on the quality and accuracy of the ransomware simulations, but we haven’t seen many high quality tests that match true attack tools and behaviors. The closer the test is to true extortion attack behavior, the better we “score”.
Cyber Crucible provides a rich set of data to assist, or even solve, post-attack root cause analysis. The four major sources of Cyber Crucible data for this are:
- Memory analytic results
- Process injection telemetry
- Process creation telemetry
- Credential store access telemetry
Attackers routinely use techniques which only leaves evidence in memory, inside the hijacked program(s) that are currently running. Killing those programs removes most of the evidence. Suspending those programs freezes all of the evidence for later analysis.
Cyber Crucible behavioral analytics automatically respond when data extortion is attempted, but telemetry indicating lateral movement is plainly visible to threat hunters and post-attack incident response. Automated defenses have stopped “east-west” movement cold while attackers begin snooping around in preparation for data theft. Threat hunters have quickly found and stopped attackers as they gained access to systems.
Cyber Crucible is currently co-existing in customer environments with every other vendor on the Gartner EDR Magic Quadrant. While customers typically need no additional configuration, other tools rarely need to whitelist Cyber Crucible, to prevent them from false positives (about Cyber Crucible).
Cyber Crucible’s software is updated automatically, unless configured not to. Updates are staged in the background, after being validated for authenticity and integrity (aka, “is this really a Cyber Crucible update, or an advanced hacker?”).
Cyber Crucible is currently co-existing in customer environments with every other vendor on the Gartner EDR Magic Quadrant.