Platform Overview

CyberCyte EAR creates a cyber defense framework to identify and respond to what is more important. It unifies threat, vulnerability, and hardening to enable accurate and fast identification of risks. The platform enhances an organization's defense capabilities, amplifies threat visibility, and revolutionizes automated defense mechanisms. Once deployed, the system empowers organizations to proactively defend against evolving threats by providing advanced insights. A unique visibility layer is created for accurate risk prioritization by integrating forensic artifacts and audit data.

The platform accurately prioritizes threats and risks by analyzing forensic artifacts using a robust classification system. The solution immediately identifies security gaps and creates a consolidated analysis framework for cyber assets, threats, and vulnerabilities against security controls.

Forensic artifact enrichment enables the discovery of risks that occurred in the past before security assessments were performed. This way of analysis enables the identification of additional risks not identified by the AV/EDR/XDR solutions as these systems analyze real-time activity. The solution also performs a complete analysis of the endpoints to assess how effective security applications are working and how security controls are applied. Remediation actions can be executed through the platform to minimize the dependency on other operations teams.

CyberCyte EAR Benefits

· Enable immediate identification of security gaps.

· Measure ransomware infection and information leakage risk by executing EDR and DLP effectiveness assessments covering all endpoints and servers.

· Validate the effectiveness of the existing security infrastructure and the security controls.

· Identify and remediate configuration gaps based on CIS, DoD, BSI, and MSFT security baselines.

· Create a centralized remediation and response infrastructure.

· Analyze unknown forensic artifacts to identify hidden threats and uncompliant activity.

· Track zero-day and exploited vulnerabilities.

· Map the impact of the discovered risks against standards like NIST, ISO 27001 and CIS through the GRC dashboard.

Main Features

· Automate threat hunting and scenario execution based on YARA and SIGMA rules to detect passive threats inside the IT infrastructure.

· Create a consolidated visibility for assets, threats, and vulnerabilities for accurate prioritization.

· Unify threat hunting, investigation, and forensic analysis processes in a single solution that can be offered as an MDR service.

· Create a unique visibility layer by integrating forensic artifacts and audit data to enable security teams to identify complex threat patterns easily.

· Automate classification and risk-scoring to reduce the noise from excessive security alerts based on digital forensic analysis.

The platform provides a simple wizard for summarizing the main features of the platform. The wizard can be accessed anytime by clicking the wand icon on the top right section of the user interface.

The modules of the platform are accessible from the left menu.

• Home provides the results of every artifact and asset analysis with dashboards. The dashboards are Threat Overview, Risk Analysis by Artifact, Risk Analysis by Rule Name, Risk Analysis by Asset, KPI Analysis, Windows Host Summary, and Unclassified Artifacts Analysis.

• Threat Hunter provides Notable Events, Analysis & Investigation, Visualization, Hunting Settings, and E-Mail/Teams Settings.

• Threat Response provides Response Management, Case/Incident Management, Remediation & Response Settings, and Case Management Settings.

• Security Assurance provides Hardening & Configuration Management, Vulnerability Management, Remediation, Software Management, Remediation & Response Settings, and Hardening & Configuration Management Settings.

• Asset Management provides Endpoint Management and Group Management.

• Rules & Policies provides Artifact Classification, Policy Management, SIGMA/YARA Rules, and Artifact Collection Parameters.

• GRC provides Assessment Management, Risk Management, Assets, Evidences, Parameters, and GRC settings.

• Settings & Reporting provides Agents & Sensor Settings, Deployment Settings, Notification Settings, Integration Settings, Credential Settings, Organization Settings, Reporting, Users & Groups.

• Troubleshooting provides an Event Log, Alert Log, Version & Exception Overview.