Automate Breach Detection and Response. Consistently Triage Alerts. Reinforce Security Process.
Enhance the Experience of SOC Analysts, Security Management, IT OPS/ Networking, and Compliance
A SOFTWARE PRODUCT SUITE THAT CONFIGURES TO YOUR NETWORK
Security Operations teams: the Cyber Crucible software assists in the day-to-day work of keeping organizations secure. It augments manual efforts with automated intrusion detection and alert management. The result: actionable visibility and automated incident response, which is critical when every minute counts.
Overall business value: the platform elevates “security speak” to “business leadership speak” for breaches and other security issues. Our reporting and dashboarding allows the SOC to quickly communicate to Business Leadership, Legal, and Compliance. Ultimately, Cyber Crucible helps manage the largest business risks through technology and automation.
Positive downstream impact on IT: the software enables Ops and Networking to work with Security and get deeper visibility into system health.
AUTOMATED DISCOVERY + ANALYSIS + RESPONSE
We address time-consuming, costly, and mundane manual activity to stay ahead of savvy hackers.
Manual vs Automated
We leverage AUTOMATION – teams can’t easily manage thousands of daily alerts.
Slow vs Fast
Going FAST is needed because costs explode as hackers have time to act.
Imprecise vs Accurate
ACCURATE data is crucial to improving breach discovery (avg. time is 224 days).
Costly vs Efficient
Being EFFICIENT with time, money, and energy gives teams breathing room.
BIG ROI – HOW ONE CUSTOMER GOT CONTROL
The Customer’s Profile: at the time, this organization was $700+ Million annual revenue. They had a network environment with 30,000 connected machines and a security team with less than 10 people. From a strategic standpoint, they had a focus on regulated data and compliance.
The Problem Before: Cyber Risk was unmanaged. And, the small team manually could only address 2,250 daily alerts, even though the equipment generated 7+ million. That equated to and average of 1% of the alert volume being analyzed. This meant that the team only had the capacity to focus on the high-confidence alerts. This problem was allowing cyber risk to exist since the lower-confidence alerts were neglected; hackers like to hide in the least obvious places.
The Results After Cyber Crucible: we introduced a managed Cyber Risk approach, leveraging the automation power of the software. This action gave the SOC team the capacity to analyze all +7 million alerts. We saved time and cost by performing Stage 0-3 analysis automatically. Unfortunately, during this two-week monitoring period we discovered and confirmed 5 intrusions that had gone unnoticed. To fight back, since our quick-acting platform is automatically addressing issues 24/7 we stopped the intrusions pre-theft. To verify that no data was actually exfiltrated, we forensically confirmed the hacker’s behaviors which validated the bad guys didn’t get that far in the attack.
As a result of this effort, the Security team built stronger processes and got trust with the rest of the business. They provided new protocol going forward that the team could manage with their same amount of full time staff.
HOW IT WORKS
CYBER CRUCIBLE CORE (Easy-to-Use Threat Evaluation and Reporting by Leveraging Automation)
Security Departments state that they face two big challenges: 45% contend the issue is inexperienced employees, while the other 55% say the problem is keeping up with alerts. Confusion in security operations is dangerous since teams likely do not know what data has been stolen, sometimes for months. There is a shortage of experienced cyber security experts, so equipping junior resources is mission critical to maintaining your strong security posture.
Business Leadership has challenges managing security posture, too. Execs, legal, and compliance tend to struggle speaking the same language as Security in the event of an incident or breach.
Imagine a way for Security Ops to present information that equips leadership without requiring manual reporting activities when under a time crunch…
That’s where we come in.
Cyber Crucible Core is for markets that don’t have enough qualified cybersecurity experts and no means of executing quick, simple response to threats. Our product automates intrusion analysis (IR) to turn thousands of hacker alerts into a compiled report by leveraging our secure AWS cloud for evaluation, reporting, and dashboarding.
Different from manual analysis, Cyber Crucible’s patented platform solution uses machine learning and allows one junior analyst to be as effective as multiple senior cybersecurity experts, who also happen to be in short supply.
COLLECTIPEDE (Core’s Network Packet Capture Sidekick)
The Collectipede product is used in conjunction with Cyber Crucible’s flagship Core product. It provides security teams with a lightweight, on-prem network packet capture capability (also known as PCAP) to create “Investigation Bundles” that are sent to Cyber Crucible Core. Once indexed, teams have the ability to search a mix of real-time and historical network traffic, which is valuable data to help Core’s analytics find indications of a breach.
When Collectipede sends Investigation Bundles to Core, the platform utilizes machine learning and other advanced analytics capabilities. This is important because stolen data typically hides encrypted among “good” data, so humans miss the subtle indicators when exclusively doing manual analysis. As well, humans usually lack the resources or proper tools to understand the data.
The result of automating? Cost and risk reduction, paired with human capital efficiency. Collectipede is available as a hardware appliance, virtual machine, or installable software. The hardware appliance has three tiers, designed to provide small- to medium-sized customers excellent value and capability, while delivering larger organizations incredible scalability and flexibility for incident response.
How do Cyber Crucible Core and Collectipede work together? Here is an example: let’s say hackers send stolen materials outside the network to their own servers. This process is known as exfiltrating the data. To do this, they’ll use existing streaming data feeds that are already flowing out of the network, and employ a variety of techniques to hide the data from your security and compliance resources. Think of live conferencing, video, or audio streams, for example. With Cyber Crucible Core analytics, we are able to reconstruct and play back samples of the stolen data that Collectipede captures.
ALERTGLOW (Triage Thousands of Daily Alerts with Automation)
Security Operations Centers may receive alerts every minute or even multiple per second, yet to analyze those alerts it can take hours, days, or sometimes weeks. Moreover, even if 90% of alerts are valid, removing the 10% of erroneous alerts can be a huge time-waster for any Security Analyst. AlertGlow helps teams get local alert analysis and automatic triage capability. Then, the “Promotion Manager” helps regulate what alerts go to AWS Cloud for analysis, and which alerts don’t. Hackers hide in “uninteresting”, low-confidence alerts that many organizations don’t have the resources to examine without automation. AlertGlow makes it possible.
Together, Collectipede and AlertGlow assemble and reorganize the usable data that your environment is already creating (as Investigation Bundles). You are also removing the time-consuming, manual sorting to speed up process and efficiency. Ultimately, AlertGlow is an orchestrator making SOC analysts’ lives much easier, and making your operations more consistent by removing human misinterpretation and manual error.
Current integrations for alerts: Snort, Suricata, Cisco FirePower, Cisco Umbrella, Carbon Black Defense, with more coming soon…
ZENSIPHONER (Targeted Endpoint Device Forensic Collection)
With AlertGlow in place working to triage thousands of alerts, sometimes it will find anomalies on endpoint devices that are connected to your network. Now available for Windows OS, ZenSiphoner was created to combat the latest, diverse Advanced Persistent Threats (APTs) by installing an agent on user endpoint devices and isolating threats. ZenSiphoner then catalogs the threat’s behavior and takes action.
How does it work? Once AlertGlow notifies ZenSiphoner of an issue, it can begin “harvesting” the next-generation virus. Since it’s so new, there is no catalog of data to help fight it. So, in a quarantined area, we safely nurture the threat to maturity to observe it. Our harvesting approach solves a problem that major vendors struggle with: their window of analysis is too narrow.
ZenSiphoner monitors and extracts key data as the APT’s script unfolds. Typically, these attacks evolve over days or weeks in the background, building on themselves in various stages to penetrate deeper in your broader environment. Whether the offending endpoint device is a cell phone, a desktop computer, or a server, ZenSiphoner can help provide rich context to the network data captured from Collectipede. When we do analysis in Cyber Crucible Core we can see what the hacker is doing: usernames tapped, encryption keys used, targeted machines, and other details.
EASY TO DEPLOY, GET FUNCTIONALITY FAST UPON INSTALL
Deployment can be done in stages to get started with Cyber Crucible. Once installed, we send Investigation Bundles to the cloud for analysis in a nearly continuous stream. You will start to get insights within hours, and ongoing thereafter.
How might an organization deploy Cyber Crucible? Here’s a possible scenario: with just one physical location, all you would need is a bundled instance of Cyber Crucible Core and Collectipede. When you’re ready to scale to other physical locations, simply add one more instance of Collectipede each. Do you have dozens of business units under one roof? No problem…one instance of Collectipede is needed per location, regardless of the number of networks connecting to it. To leverage automated alert triage, we suggest bundling AlertGlow by location. Customers take this step when they need to automatically generate clean Investigation Bundles to send to the cloud for analysis and reporting. AlertGlow can typically start making alert triage decisions within 15-minutes upon install.
We can do same day equipment set-up. Equipment can be can be leased or purchased, month-to-month or annual options available.
DON’T JUST TAKE OUR WORD FOR IT
While our solution applies to any industry, let’s take a quick case study from a hospital. Medical treatment facilities are facing a growing cyber threat landscape, as well as compliance challenges. Average cost of a breach in Healthcare is over $10 million, or $408 per record stolen. Cyber Crucible is in production, enabling this Healthcare customer to get control day-in and day-out.
“It’s an exciting, all-in-one solution that not only detects breaches but isolates compromised data. With escalating cost and frequency of cyber theft to any regulated entity, it just makes sense. We’re really excited about what cyber crucible is doing.”
-Exec Leaders at Regional Hospital System