Ransomware prevention needs a novel approach. This is it.

Automated protection for all three stages of a data extortion attack.

A screenshot of the Cyber Crucible platform depicting the Incidents report section
Protect and prevent

Complements your existing security tools

Cyber Crucible co-exists cleanly with your existing endpoint solutions.  It automatically configures itself to ensure you receive no conflicts from our software.

You won't notice, but our kernel analytics even keep a close watch on these other highly trusted security tools, in case attackers hijack them (it has happened!).

*We currently cleanly co-exist with every product in Gartner's Magic Quadrant for Endpoint Protection Platforms

The Cyber Crucible logoThe Sophos logoThe Windows Defender logoThe Crowdstrike logoThe McAfee logoThe Sentinel One logo
A stylized image of a workstation with Cyber Crucible installedA stylized image of the alerts and notifications serviceA stylized image of the Root cause analysis serviceA stylized image of the incident monitoring service
Technical data

Either Set & Forget, Or Power Advanced Cyber Operations

Cyber Crucible provides deep technical data on security and compliance that can be used by threat hunters, privacy officers, and incident response personnel (IR).

Even without dedicated experts relying on Cyber Crucible’s technical data to power their analysis, our customers still enjoy fully automated protection against ransomware extortion attacks.

Learn more
Enhanced accuracy

Root-cause analysis in minutes

Cyber Crucible provides customers the ability to know how an attacker accessed a system, and critical data explaining what activities they performed on the system before executing their extortion software.

Our resilience means there are no gaps in visibility. Our kernel-level access means our visibility is unparalleled. We’re often the missing piece to conclude an investigation.

Learn more
A stylized image of a step that a hacker might access your data throughA stylized image of a step that a hacker might access your data throughA stylized image of a document protected from a hackers attack, by Cyber CrucibleA stylized image of a step that a hacker might access your data through
A stylized image of a notification depicting a new incident reportA stylized image of a notification depicting a suspended unauthorized process

Meaningful security notifications.

All Cyber Crucible-generated behavioral indicators are available for research and analysis, but notifications and alerts are timely, and rare.

Learn more

Full API access

Your data is your data. Leverage our streaming analytics and RESTful interfaces for integration for your XDR or dashboards.

Give your devops team the ability to automate the deployment and monitoring of Cyber Crucible agents.

Customize IT department tasks based on Cyber Crucible responses. Every function you see in the web application, is available for integration partners and automation.

A stylized image of an XDR system connected to Cyber Crucible via APIA stylized image of a dashboard connected to Cyber crucible via APIA stylized image of a custom integration connected to Cyber Crucible via APIThe Cyber crucible logo
Cyber Crucible requires an average of 4.8 MB MemoryCyber crucible requires only 0.89% CPU consumption
A stylized image of a performance chart showing Cyber Crucible at the top

Unrivaled performance on the edge

The team has developed novel edge computing behavioral analytics to provide the speed and resilience necessary to put extortion attacks a completely managed risk.

When attackers started cutting SIEM and security analytic servers during attacks, we were already ready. 

Cyber Resilience

Built on Zero Trust principles - because we had to

Automated extortion defense requires a great deal of mistrust and paranoia. The attackers are infiltrating trust applications, users, network devices, and even the operating systems themselves.

Cyber Crucible thrives in the type of hostile environment.

Learn more
Zero trust pillar: DevicesZero trust pillar: NetworkZero trust pillar: Infrastructure
Zero trust pillar: UsersZero trust pillar: DataZero trust pillar: Applications
A stylized image of a notification showing Cyber crucible suspending an unauthorized file copyA stylized image of a notification showing Cyber crucible suspending an unauthorized file copyA stylized image of a secure document protected by Cyber crucible
Protect and prevent

Data Loss Prevention (DLP)

DLP solutions focus on never-ending data classification efforts that have proven ineffective, despite consuming nearly unlimited services hours.  Did we mention they are expensive, and usually don’t cover all of your critical data stores?

Cyber Crucible’s behavioral analytics provide a unique, valuable view into program behavior that prevent data theft, before the first file is stolen, in two ways:  preventing the theft of the identities needed to access remote data stores, and preventing the data access of programs which fit the behavioral model of malicious data theft tools. 

Cyber crucible

Behavior-based identity theft prevention

The Cyber Crucible team observed that the passwords, cookies, and tokens crucial to network and cloud-based identity access were always stolen and misused during extortion attacks.

We have applied the same kernel-level behavioral analytics to credential protection that we use to defend your data.

Now, your clients’ browser-based identity information, and your servers’ Active Directory identity database, are protected by Cyber Crucible analytics.

A stylized image of a computer loginA stylized image of an email login
Cyber Crucible Appliance

Do you want to host your own data?

For customers who need complete, end to end control over all Cyber Crucible software collection, processing, and storage, the Cyber Crucible virtual appliance provides exactly what you need.

The Cyber Crucible environment can be deployed as a Kubernetes-based appliance consisting of Docker containers. The configuration to achieve the same level of security and extensibility that the Cyber Crucible team has achieved in our own environment is available for your own organization.

Learn more

A fast, efficient, connected and secure platform

*With an average memory usage of 4.8MB and average CPU consumption of 0.89%

Automated responses to process highjacking


Ransomware attacks prevented


Protection against all ransomware families


Frequently asked questions

Do you test against ransomware exhaustively?

Cyber Crucible operates off of kernel level behavioral modeling, to discover data theft, credential theft, and ransomware encryption behaviors very quickly, rather than characteristics specific to a certain malware family or sample.

The Cyber Crucible developers routinely categorize the kernel level memory, process, and file behaviors of extortion tools as a quality assurance measure, to ensure they fit into one of the known defensive capabilities.

Read more

Is Cyber Crucible an EDR, an XDR, or something else?

Locally to the machine (the Endpoint), behavioral analytics are used to Discover data extortion attack behaviors, and Respond by suspending the associated programs. The use of cloud analytics to provide additional data would, by the definition of the marketers of XDR (eXtended Discovery Response) products, means Cyber Crucible may be called an XDR product.We’ve taken features from each, and either name may be used, depending on the use case.

Read more

Do you have false positives? What is your false positive rate?

Cyber Crucible strives for a 0 false positive product environment. Having said that, there are sometimes false positives. Let’s discuss where these come from.

Currently, the false positive rate is approximately 1 response per week, per 1000 deployments/agents.

Read more

Is this a tool I have to monitor all of the time, like a normal security dashboard?

Cyber Crucible can be used in three ways: 
- Set and Forget (Like Your Smoke Alarms)
- Daily or Weekly Threat Hunting
- Post-security incident forensic analysis

Read more

Do you pass the ransomware assessment tests?

The best answer is…it depends on the quality and accuracy of the ransomware simulations, but we haven’t seen many high quality tests that match true attack tools and behaviors. The closer the test is to true extortion attack behavior, the better we “score”.

Read more

How can I investigate the root cause of an alert?

Cyber Crucible provides a rich set of data to assist, or even solve, post-attack root cause analysis. The four major sources of Cyber Crucible data for this are: 
- Memory analytic results
- Process injection telemetry
- Process creation telemetry
- Credential store access telemetry

Read more

Why do you respond by suspending programs?

Attackers routinely use techniques which only leaves evidence in memory, inside the hijacked program(s) that are currently running.  Killing those programs removes most of the evidence.  Suspending those programs freezes all of the evidence for later analysis.

Read more

Can Cyber Crucible stop lateral attacker movement?

Cyber Crucible behavioral analytics automatically respond when data extortion is attempted, but telemetry indicating lateral movement is plainly visible to threat hunters and post-attack incident response.  Automated defenses have stopped “east-west” movement cold while attackers begin snooping around in preparation for data theft.  Threat hunters have quickly found and stopped attackers as they gained access to systems.

Read more

What happens if one of my security products has a conflict with Cyber Crucible?

Cyber Crucible is currently co-existing in customer environments with every other vendor on the Gartner EDR Magic Quadrant.  While customers typically need no additional configuration, other tools rarely need to whitelist Cyber Crucible, to prevent them from false positives (about Cyber Crucible).

Read more

What is your software update strategy?

Cyber Crucible’s software is updated automatically, unless configured not to.  Updates are staged in the background, after being validated for authenticity and integrity (aka, “is this really a Cyber Crucible update, or an advanced hacker?”).

Read more

Do you co-exist with other security products?

Cyber Crucible is currently co-existing in customer environments with every other vendor on the Gartner EDR Magic Quadrant.

Read more

Start a free trial today

Sign up for Cyber Crucible today to protect your system against ransomware extortion.

Create an account