It has been a quiet day in the security operations center so far. The chatter overpowers your noise-canceling headphones; even Bob from Accounting stops by to say hi and tell you his latest joke. You might just take an extra-long lunch break today. Then it happens. Everyone goes dead silent as their computers are overwhelmed by wave after wave of alerts.
Is this alert accurate? Is it severe? How does this alert relate to everything else? What should we do? Did we miss anything? You know this song and dance. Alert. Investigate. Remediation. Doubt. Double-check. There is nothing left to do but go over each and every alert one at a time.
Or is there?
CyCraft prioritizes alert severity, automates investigations, and delivers actionable reports with contextual information, including the true root cause of the attack. Eliminate the guesswork with the CyCraft Advantage.
Our platform is a dual-cadenced system: severe alerts and regular reports. Our platform prioritizes alerts by severity; 10 being a severe malicious activity such as fileless attacks, and 1 being a low-severity activity such as Bob from Accounting playing Starcraft. As soon as an alert with high-severity is detected, our platform notifies you immediately, so you can respond immediately. In minutes, we can deliver you a full site forensic analysis, linking all the parts of the attack together.
Our full site analysis includes the full context behind the high-severity alerts that were previously sent. Your full site analysis report provides actionable intelligence covering your endpoints, processes, files, identity and access management (IAM), and your network. We automate forensic investigations. We replace guesswork with actionable intelligence. Your actionable report informs you which processes to stop, which files to delete, which malware to remove, which user accounts were infected and need resetting, and which URLs, IP addresses, and domains to block. And our platform offers remediation options to boot.
Your actionable report provides a comprehensive attack storyline that meticulously goes over each step of the attack process by process, from the first initial access to the last malicious process. Your attack storyline not only gives you the broadest perspective on the attack, allowing you to see the big picture but also dive down into finer details of the attack. See where the attackers went, what they did, and how they did it — step by step with relevant ATT&CK® technique. The most important node of your organization-level attack storyline is the first — the true root cause of the attack.
All too often, EDR vendors will claim to be able to track down the “root cause” of the attack. However, the attack on your organization may not have originated on that particular endpoint. We provide you with the true root cause of the attack — where the attackers first gained illegal access to your organization.
Locating the true root cause is the first step in containment. Once located, our continuous forensics begins detecting every malicious process of the attack and constructing your complete attack storyline. We spot every move.
Our continuous forensics heavily monitors lateral movement. If an attacker accesses an endpoint, we will detect it. If an attacker attempts to access a healthy endpoint from a compromised one, we will detect it. We even show you hidden devices that hackers may have leveraged that you don’t know about.
Monitoring lateral movement allows us to provide you with complete contextualized information. We will not only inform you which endpoints have been compromised but also how each malicious event relates to each other.
Our patented CyCraft AIR platform includes:
CyCraft is a cybersecurity company founded in 2017, focusing on autonomous AI technology. Headquartered in Taiwan, it has subsidiaries in Japan and Singapore. CyCraft provides professional cybersecurity services to government agencies, police and defense forces, banks, and high-tech manufacturers throughout the Asia-Pacific region. It has received strong backing from the CID Group and Pavilion Capital, a Temasek Holdings Private Limited subsidiary.