Ransomware prevention needs a novel approach. This is it.
Automated protection for all three stages of a data extortion attack.

Complements your existing security tools
Cyber Crucible co-exists cleanly with your existing endpoint solutions. It automatically configures itself to ensure you receive no conflicts from our software.
You won't notice, but our kernel analytics even keep a close watch on these other highly trusted security tools, in case attackers hijack them (it has happened!).
*We currently cleanly co-exist with every product in Gartner's Magic Quadrant for Endpoint Protection Platforms







Either Set & Forget, Or Power Advanced Cyber Operations
Cyber Crucible provides deep technical data on security and compliance that can be used by threat hunters, privacy officers, and incident response personnel (IR).
Even without dedicated experts relying on Cyber Crucible’s technical data to power their analysis, our customers still enjoy fully automated protection against ransomware extortion attacks.
Learn moreRoot-cause analysis in minutes
Cyber Crucible provides customers the ability to know how an attacker accessed a system, and critical data explaining what activities they performed on the system before executing their extortion software.
Our resilience means there are no gaps in visibility. Our kernel-level access means our visibility is unparalleled. We’re often the missing piece to conclude an investigation.
Learn moreMeaningful security notifications.
All Cyber Crucible-generated behavioral indicators are available for research and analysis, but notifications and alerts are timely, and rare.
Learn moreFull API access
Your data is your data. Leverage our streaming analytics and RESTful interfaces for integration for your XDR or dashboards.
Give your devops team the ability to automate the deployment and monitoring of Cyber Crucible agents.
Customize IT department tasks based on Cyber Crucible responses. Every function you see in the web application, is available for integration partners and automation.

Unrivaled performance on the edge
The team has developed novel edge computing behavioral analytics to provide the speed and resilience necessary to put extortion attacks a completely managed risk.
When attackers started cutting SIEM and security analytic servers during attacks, we were already ready.
Built on Zero Trust principles - because we had to
Automated extortion defense requires a great deal of mistrust and paranoia. The attackers are infiltrating trust applications, users, network devices, and even the operating systems themselves.
Cyber Crucible thrives in the type of hostile environment.
Learn moreData Loss Prevention (DLP)
DLP solutions focus on never-ending data classification efforts that have proven ineffective, despite consuming nearly unlimited services hours. Did we mention they are expensive, and usually don’t cover all of your critical data stores?
Cyber Crucible’s behavioral analytics provide a unique, valuable view into program behavior that prevent data theft, before the first file is stolen, in two ways: preventing the theft of the identities needed to access remote data stores, and preventing the data access of programs which fit the behavioral model of malicious data theft tools.
Behavior-based identity theft prevention
The Cyber Crucible team observed that the passwords, cookies, and tokens crucial to network and cloud-based identity access were always stolen and misused during extortion attacks.
We have applied the same kernel-level behavioral analytics to credential protection that we use to defend your data.
Now, your clients’ browser-based identity information, and your servers’ Active Directory identity database, are protected by Cyber Crucible analytics.


Do you want to host your own data?
For customers who need complete, end to end control over all Cyber Crucible software collection, processing, and storage, the Cyber Crucible virtual appliance provides exactly what you need.
The Cyber Crucible environment can be deployed as a Kubernetes-based appliance consisting of Docker containers. The configuration to achieve the same level of security and extensibility that the Cyber Crucible team has achieved in our own environment is available for your own organization.
Learn moreA fast, efficient, connected and secure platform
Automated responses to process highjacking
Ransomware attacks prevented
Protection against all ransomware families
Frequently asked questions
Cyber Crucible operates off of kernel level behavioral modeling, to discover data theft, credential theft, and ransomware encryption behaviors very quickly, rather than characteristics specific to a certain malware family or sample.
The Cyber Crucible developers routinely categorize the kernel level memory, process, and file behaviors of extortion tools as a quality assurance measure, to ensure they fit into one of the known defensive capabilities.
Locally to the machine (the Endpoint), behavioral analytics are used to Discover data extortion attack behaviors, and Respond by suspending the associated programs. The use of cloud analytics to provide additional data would, by the definition of the marketers of XDR (eXtended Discovery Response) products, means Cyber Crucible may be called an XDR product.We’ve taken features from each, and either name may be used, depending on the use case.
Cyber Crucible strives for a 0 false positive product environment. Having said that, there are sometimes false positives. Let’s discuss where these come from.
Currently, the false positive rate is approximately 1 response per week, per 1000 deployments/agents.
Cyber Crucible can be used in three ways:
- Set and Forget (Like Your Smoke Alarms)
- Daily or Weekly Threat Hunting
- Post-security incident forensic analysis
The best answer is…it depends on the quality and accuracy of the ransomware simulations, but we haven’t seen many high quality tests that match true attack tools and behaviors. The closer the test is to true extortion attack behavior, the better we “score”.
Cyber Crucible provides a rich set of data to assist, or even solve, post-attack root cause analysis. The four major sources of Cyber Crucible data for this are:
- Memory analytic results
- Process injection telemetry
- Process creation telemetry
- Credential store access telemetry
Attackers routinely use techniques which only leaves evidence in memory, inside the hijacked program(s) that are currently running. Killing those programs removes most of the evidence. Suspending those programs freezes all of the evidence for later analysis.
Cyber Crucible behavioral analytics automatically respond when data extortion is attempted, but telemetry indicating lateral movement is plainly visible to threat hunters and post-attack incident response. Automated defenses have stopped “east-west” movement cold while attackers begin snooping around in preparation for data theft. Threat hunters have quickly found and stopped attackers as they gained access to systems.
Cyber Crucible is currently co-existing in customer environments with every other vendor on the Gartner EDR Magic Quadrant. While customers typically need no additional configuration, other tools rarely need to whitelist Cyber Crucible, to prevent them from false positives (about Cyber Crucible).
Cyber Crucible’s software is updated automatically, unless configured not to. Updates are staged in the background, after being validated for authenticity and integrity (aka, “is this really a Cyber Crucible update, or an advanced hacker?”).
Cyber Crucible is currently co-existing in customer environments with every other vendor on the Gartner EDR Magic Quadrant.
Start a free trial today
Sign up for Cyber Crucible today to protect your system against ransomware extortion.