CyberCyte FAQ

CLICK TO SECURE YOUR WORKFORCE

Agentless Collection of Artifacts Like Sysmon and Autoruns 

FAQ

What is CyberCyte EAR?
CyberCyte EAR is a Blue Team Platform for discovering and responding to risks more accurately before the attackers identify them. The solution provides Automated Security Control Assessment (ASCA), security gap identification, and centralized remediation/response capability in a single framework. The effectiveness of the existing security infrastructure and controls are validated through the platform. Asset, threat, hardening, and vulnerability information is consolidated for accurate risk prioritization. A completely new visibility layer is created by integrating forensic artifacts and audit data to enable the security teams to identify complex threat patterns easily. Cybersecurity professionals can minimize the risks faster and easier through a simplified remediation and response framework. Finding the needle in the haystack is now easier with CyberCyte EAR.
What problem does your solution solve?

Alert fatigue and misconfigurations are the sweet spot for hackers. 90% of applications OWASP tested had some form of misconfiguration. Mandiant research indicates that 47% of attacks are discovered after external party notification, and the average dwell time is 21 days.

For the foreseeable future, many security incidents will be related to the inability to prioritize risks and misconfigured security controls.

CyberCyte EAR provides Automated Security Control Assessment (ASCA), security gap identification, and centralized remediation/response capability in a single framework.

We have a heavily invested cyber security infrastructure utilizing EDR, NDR, XDR, SIEM/SOAR, EASM, CAASM, DLP, and other solutions. What value can CyberCyte EAR offer?
  • Enable Continuous Security GAP Assessment based on a consolidated information data set on asset, threat, hardening, and vulnerability.
  • Discover risks not identified before using open frameworks utilizing industry standard tools like Sysmon, Thor, and others.
  • Discover unknown behaviors and historical breaches not identified within the infrastructure more accurately.
  • Enable threat hunting based on digital forensic analysis to enable faster investigations when needed.
  • Become the main threat-hunting and remediation/response tool to analyze potential risks and breaches. Currently, the SIEM/SOAR solutions are mostly used for this purpose.
I use an XDR for threat hunting. What value is offered by CyberCyte EAR for heavily invested cyber security infrastructures?

CyberCyte EAR unifies threat, vulnerability, and hardening data, enabling accurate and fast identification of risks. The following are possible new capabilities offered by CyberCyte EAR.

  • Continuous Security GAP Assessment: Cybercyte EAR monitors the effectiveness of the current cyber security infrastructure. EDR and DLP Effectiveness are tracked, covering all endpoints and Servers for Ransomware Risk and Information Leakage.
  • Automated Security Control Assessment(ASCA) with Remediation: The platform enables remediation for identified misconfigurations, enabling a shorter response time.
I am using software for CIS-based security control analysis. Do I need CyberCyte EAR?

Yes. CyberCyte EAR offers threat hunting based on digital forensic analysis, continuous security GAP assessment, and security control analysis in a single platform.

The platform unifies threat, vulnerability, and hardening data for more accurate and faster identification of risks.

What is it competing with?

There are overlaps with different products on specific modules. On the ASCA segment, Gartner identifies Absolute Software, CardinalOps, Veriti, and XM Cyber.

Qualys XDR is a technology-enabling asset-centric assessment based on the Qualys Vulnerability Analysis. There are overlaps with Qualys XDR on ASCA and threat hunting. While Qualys relies on other commercial third-party applications to collect the needed data, CyberCyte EAR deploys and maintains all needed components to enable faster deployment.

What is it replacing, and why is it different?

The platform offers a new layer to identify and respond to what is more important. It unifies threat, vulnerability, and hardening data, enabling accurate and fast identification of risks.

The solution targets to become the main threat hunting, analysis, and response tool to analyze potential risks and breaches. Currently, the SIEM/SOAR solutions are mostly used for this purpose. Due to the large scale of audit data and the failure to relate the audit data and forensic artifacts, the threat hunting and investigation process through the SIEM/SOAR takes a long time and fails to provide the expected results. A detailed forensic analysis is then initiated in the next step. CyberCyte EAR consolidates the threat hunting, investigation, and forensic analysis processes in a single framework.

Some XDR solutions also offer a value proposition for this purpose but mostly fail as they don’t use an industry-standard framework. They mostly rely on their EDR/NDR technology. Security Logs, Sysmon data, and forensic artifacts collected in a common standard to enable analysis like SIGMA and YARA are critical for faster identification and prioritization.

What are the main features of CyberCyte EAR?
  • Enable immediate identification of security gaps.
  • Provide a single classification and risk-scoring framework to reduce the noise from excessive security alerts based on digital forensic analysis.
  • Automate threat hunting and scenario execution based on YARA and SIGMA rules to detect passive threats inside the IT infrastructure.
  • Create a consolidated visibility for assets, threats, and vulnerabilities for accurate prioritization.
  • Offer a centralized remediation and response infrastructure.
  • Discover and remediate configuration gaps based on CIS, DoD, BSI, and MSFT security baselines.
  • Enable the discovery of unknown forensic artifacts to identify malicious and uncompliant activity.
  • Create a new visibility layer by integrating forensic artifacts and audit data to enable security teams to identify complex threat patterns easily.
  • Consolidate threat hunting, investigation, and forensic analysis processes in a single solution that can be offered as an MDR service optionally.
  • Track uncompliant activity against standards like NIST, ISO 27001, and CIS through the GRC Dashboard.
  • Validate the effectiveness of the existing security infrastructure and the security controls.
  • Execute EDR and DLP Effectiveness Assessments Covering All Endpoints and Servers for Ransomware Risk and Information Leakages.
Holistic Threat Hunting for Stealth Cyber Attacks
CloudCyte provides free phishing attack simulator up-to 250 users and free trial of all features for thirty days.
Would you like to learn more about how to protect your business?

We're member of

We're member of

© 2019-2020 CyberCyte. All Rights Reserved.