Cyber Crucible

Ransomware protection, simplified

Ransomware Prevention

Automated protection for all three stages of a data extortion attack.

  • Behavior-based identity theft prevention: The Cyber Crucible team observed that the passwords, cookies, and tokens crucial to network and cloud-based identity access were always stolen and misused during extortion attacks.
  • Data Loss Prevention (DLP): DLP solutions focus on never-ending data classification efforts that have proven ineffective, despite consuming nearly unlimited service hours.
  • Cyber resilience: Automated extortion defense requires a great deal of mistrust and paranoia. The attackers are infiltrating trusted applications, users, network devices, and even the operating systems themselves.
  • Performance: The team has developed novel edge computing behavioral analytics to provide the speed and resilience necessary to put extortion attacks at a completely managed risk.
  • Flexibility: our data is your data. Leverage our streaming analytics and RESTful interfaces for integration for your XDR or dashboards. Give your devops team the ability to automate the deployment and monitoring of Cyber Crucible agents.
  • Information: All Cyber Crucible-generated behavioral indicators are available for research and analysis, but notifications and alerts are timely and rare.
  • Enhanced accuracy: We provide customers with the ability to know how an attacker accessed a system, and critical data explaining what activities they performed on the system before executing their extortion software.
  • Technical data: We provide deep technical data on security and compliance that can be used by threat hunters, privacy officers, and incident response personnel (IR).
  • Protect and prevent: Cyber Crucible co-exists cleanly with your existing endpoint solutions. It automatically configures itself to ensure you receive no conflicts from our software.

Self-hosted Appliance

Configure and run your own Cyber Crucible software, including all endpoint security software, all servers, your own web application and database.

What is the Cyber Crucible Appliance made of?

  • 1 dockerized Spring REST server dedicated to endpoint software communication
  • 1 dockerized Spring REST server dedicated to web application software communication
  • 1 dockerized React.js server
  • 3 dockerized MongoDB servers, as a MongoDB replica set
  • DNS records (unique per appliance for all servers)
  • Kubernetes configuration scripts for all necessary setup and scaling functionality
  • 1 NGINX Ingress Controller for Kubernetes
  • AWS Cognito User Pool & Federated ID (unique per appliance)
  • SSL/TLS certificates (unique per appliance for all servers)
  • The Appliance contains the following pieces of (software) equipment:

Who is the Cyber Crucible Appliance made for?

  • Customers with data protection regulations do not allow data to be stored or processed in the United States.
  • Customers with networks disconnected from the Internet.
  • Customers with regulatory or compliance requirements necessitating internal control of all data and processing.
  • Customers wish to remain in possession of their data at all stages of processing and storage.
  • We've made it easy for almost anyone to start using Cyber Crucible, but especially for:

Zero Trust

Attackers are heavily targeting the trust models underpinning modern IT infrastructures. The more authoritative a program or system is to a network, the greater the opportunity for an attacker to subvert systems dependent on that trustworthiness.

Why is Zero Trust Product Design necessary?

  • Network traffic integrity: Privileged client and server applications (like security and administration software) depend on network traffic to be sent untampered, and trusted to be from the true source (not spoofed)
  • Administrative tools (RMM) integrity: Remote management tools such as Kaseya and ConnectWise are trusted to send legitimate commands on behalf of remote administrators.
  • Active Directory integrity: Active Directory, and peer technologies, are trusted to correctly manage and task users and systems.
  • Application integrity: Applications are trusted to behave as expected given the installed programs, and not execute 3rd party (usually malicious) code inserted into the program once it is running.
  • User identity integrity: Users and applications presenting tokens, passwords, and keys from normal systems and applications, are generically believed to be legitimate access.
  • Operating System integrity: Commands and messages from the core (kernel) of an operating system, the most protected section of the operating system, are trusted to be genuine system management behaviors.