Comprehensive Security Features
As a Unified Threat Management (UTM) Platform, Crystal Eye is a complete solution on a single platform. Instead of having to manage numerous devices from different vendors Crystal Eye lets you consolidate and manage everything on one platform with one set of policies and logs to adjust. This is critical in reducing the response time to threats, responding to incidents, and creating consistent security policies that are easy to apply across the network.
These are a few of the features offered by the Crystal Eye UTM Platform:
Crystal Eye features inbuilt gateway-controlled device Application Whitelisting (AWL) technology. This purpose-built technology, developed by Red Piranha, is explicitly designed to undertake endpoint AWL managed from a network gateway appliance at scale stream.
This addition not only streamlines an otherwise complicated process but also simplifies the implementation on large or complex networks with scanning managed from one source remotely.
Crystal Eye’s Patent AWL technology enables the gateway appliance to control applications running on endpoint devices without the need to install and manage endpoint device agents as well as allowing protection on BYOD, IOT and SCADA devices.
With this technology, organisations can deploy and manage the whitelisting “AWL” process from the gateway UTM without the need for agents or needing to have physical access to devices, significantly reducing the burden on IT teams to deploy this critical security control.
Remote IT, and security teams can deploy and manage the endpoint application control process remotely and within minutes across large networks with multiple endpoints.
Core Security Configurations
Here are some details on core security features and how you can configure and control them to build out your security network using the Crystal Eye UTM Platform.
Next Generation Firewall
Crystal Eye’s firewall functionality allows for packets to be processed based on a set of rules, performing a variety of actions depending on the rule provided. Crystal Eye makes use of IP tables as its’ firewall engine, as such rules are incredibly flexible and can be used to implement both simple and advanced firewall actions.
At its simplest Crystal Eye can allow and deny transit based on the port, host, protocol, or state of the connection/packet. Through the implementation of more advanced rulesets, the platform supports port forwarding, load balancing, and packet mangling, and much more.
Integrated Firewall - IPS/IDS
Crystal Eye’s firewall and Intrusion Detection / Intrusion Protection systems work together across different configurations of your network. Crystal Eye is able to position the IPS module outside of the firewall to repel attacks and reject this traffic before it is processed any further. It can also work with an existing firewall infrastructure within the same network.
Crystal Eye examines both incoming and outgoing encrypted packet streams and acts on this analysis before passing these streams through other modules, thereby saving on processing power. In conjunction with the decryption engine the IPS/IDS scan for both attack signatures and attack behaviors in both encrypted and plain text communications.
Application Filters allow for traffic to be allowed or denied based on the application protocol detected by the platform, The system can currently identify and classify over 160 network protocols spanning a broad range of applications protocol detection and filtering. Using Crystal Eye you can detect and apply policies to allow or block the following:
- File sharing applications (i.e. BitTorrent)
- Online Gaming (i.e. World of Warcraft, Quake, etc.)
- Instant Messaging (i.e. IRC, Twitter, etc.)
- Streaming Media (i.e. Spotify, SHOUTcast, PPStream, etc.)
- Remote Desktop (i.e. RDP, Teamviewer, Citrix Online, etc.)
- And numerous other sources to help you set and enforce policies
DNS filtering allows for specific DNS queries passing through the gateway to be blocked based on an administrator curated rule set. In addition to this, the Red Piranha real-time threat intelligence network available via the service delivery network (SDN) will provide updated lists of domain names to be blacklisted. These domain names are curated and sourced from Red Piranha’s DNS.Insure technology and help protect your network against evolving threats in real-time.
Crystal Eye’s gateway antivirus enables the platform to examine and evaluate files as they transit in real time. Crystal Eye makes use of a combination of signature and heuristic analysis to classify files. The malware definitions are updated automatically in order to maintain currency without user intervention. Detected malware is automatically blocked in order to prevent infection from occurring. Placing anti-virus capability within the network gateway provides complimentary protection to traditional endpoint security models.
Gateway antiphishing automatically inspects email as it passes through the gateway, to detect phishing attacks. The platform makes use of signature-based and heuristic mechanisms from automatically updated rules. In addition to this, the platform intelligently scans URLs and links within emails. The scanning engine ensures that cryptographic certificates are valid and match the host as claimed as well as detecting links that are cloaked in order to deceive end users. This functionality is critical to an organizations security stance, as modern phishing techniques cannot be fully mitigated through user education alone, technical countermeasures must be employed prior to email reaching the end user.
Interception and Decryption
Crystal Eye is built for a full inspection of encrypted traffic in a transparent manner, enabled by the installation of appropriate certificates on endpoint devices. The platform is able to intercept and decrypt transmissions that make use of SSL/TLS based encryption mechanisms. Once decrypted, the data can be fed to other modules of the Crystal Eye platform, enabling other features to analyse traffic that would otherwise be opaque to inspection. Decryption features of the Crystal Eye platform allow for full inspection of encrypted traffic in a transparent manner, enabled by the installation of appropriate certificates on endpoint devices.
Content Filter and Proxies
Content filters and proxies provide functionality to filter web content based on a number of criteria, including (but not limited to): file extensions, file types, phrases, websites, and URL presentation. The content filtering engine provides SSL man in the middle capability with dynamic creation of certificates automatically being signed by a provided certificate. The interception and examination are transparent for endpoints that trust the signing certificate in use. This functionality is of critical importance due to the wide availability of free and automatically issued certificates. These freely available certificates have resulted in a large amount of malware using valid SSL/TLS connections when phoning home, infecting endpoints or exfiltrating data.
Data Loss Prevention (DLP)
Crystal Eye UTM Platform includes a data asset, audit, and protection system that lets you tag files you want to track, audit and protect. Once a file is tagged you can prevent the file from being sent out of the network. You can easily setup document/file movement audit logs and protection and blocking of sensitive documents and files across and out of the network.
Robust Data Backup and Protection
Crystal Eye UTM Platform has a robust set of solutions to backup and protect your data on a local and cloud-based schema to protect it against loss. In addition to baremetal backups Crystal Eye provides the following:
- BackupPC: Allows single nodes to use the Crystal Eye appliance for a local backup solution
- Forensic Logging Backup: Allows security logs to be backed up to offsite locations such as cloud services or data storage blockchain systems.
- Database Backup: The database backup application allows for direct backups of the databases. Supports offsite remote storage locations such as cloud services.
- Network Fileshare Backup: Traditional network file share backup feature allows other devices to back up to the Crystal Eye platform for DLP protection.
Operating the Crystal Eye UTM Platform
Management of Crystal Eye is easy and efficient. Here is information relating to some of the ways in which you can administer, set policies and use it on a daily basis.
Administration and System Control
Consolidated security administration is a key value proposition for Crystal Eye. The Crystal Eye platform offers role-based administration to ensure that administrators can be allocated the minimum privileges required for them to perform their duties. As an example, users can segregate roles between a desktop department to handle anti-virus configuration and a network group to manage the firewall setup. Additionally, in order to facilitate multiple, concurrent administrators, a read-only mode is set to be available for the Dashboard. The read-only mode will allow administrators to view, but not change, the system’s configuration.
Policies in Crystal Eye are module-specific and administrators can deploy different policies by segment or by user group (for example, one with servers on it, or one with engineering users). An administrator may set one policy that restricts access to all of the individual security modules, with specifics for anti-virus, IDS and so forth.
The default Crystal Eye settings are a good starting point and serve as examples that make it easy for you to adapt to your specific requirements. All of the Crystal Eye protection rules are organized in a single section and can be easily applied to appropriate interfaces.
Crystal Eye allows you to quickly identify network breaches or if protective mechanisms must be adjusted. As Crystal Eye provides the integrated firewall, IDS, and VPN functionality, Crystal Eye can alert you if incompatible configuration options are set between different modules. For instance, if a VPN endpoint is configured, but a firewall rule prevents it from operating, Crystal Eye can detect and provide an alert that you need to resolve this issue. The integrated capability of Crystal Eye represents a significant reduction in the complexity of troubleshooting exercises, as debug logs from multiple platforms do not need to be examined and cross-referenced in order to identify the issue.
Built To Streamline Threat Response Times
Response time is critical when dealing with security threats so we built Crystal Eye around rapidly responding to threats and empowering the user to streamline threat mitigation and handling.
Crystal Eye’s threat detection, threat alert system, integrated forensic logging, security incident and event management handling systems give you the best chance of quickly fending off cyber-criminals trying to breach your enterprise and get at your data. Our IDS/IPS system features a full packet capture (PCAP) that allows for easy analysis and for forensic investigations.
Built With Compliance in Mind
We created our platform knowing our customers need to meet rigid compliance standards. Built into Crystal Eye, as part of the core system, are compliance features that let small and medium-sized businesses manage their security needs and meet compliance requirements.
Crystal Eye offers features to make meeting compliance requirements a streamlined process.
- Security Incident and Event Management (SIEM)
- Virtual Chief Information Security Officer (VCISO)
- Secure E-mail Gateway
- Malicious Website Protection and Filtering
- Next Generation Backup for Data Loss Prevention (DLP)
These and numerous other features such as PCAP Snapshots, Offsite Forensic Log Storage, Risk Auditing (ISMS Support) have been created to offer clients an integrated way to meet compliance with a single platform: Crystal Eye UTM.
Easy to Use and Manage
Crystal Eye features a single dashboard to control its systems and to protect your infrastructure. The vision for Crystal Eye mandates that we make it powerful AND simple at the same time. To that end, the Crystal Eye dashboard gives you a single pane of glass to view your entire security infrastructure and analyze/defend against threats to your security. The managed security incident event management (SIEM) and simplified policy control system lets you set policies across multiple layers of your network for filtering traffic.
Crystal Eye UTM Appliances plug-and-play into existing networks and even support hybrid networks for cloud usage. Clients may use Crystal Eye inside their network or at the edge based on their needs.
Crystal Eye gives small to medium-sized businesses and MSPs the unified security features and compliance tools found only in systems costing 5x to 8x as much from the ‘big-box’ brands.
No wonder Crystal Eye is replacing expensive products by other high-priced systems in so many of our client’s data centers.
A Unified Advantage
A unified threat management solution has huge advantages in efficiency of management, ability to respond quickly to threats, consistency of applying policies across your entire network from one interface, and the benefit of a system that works in a unified manner to detect, protect and secure your data. When all of the technology is working together in unison the advantages are simple. Security is a complex, multi-faceted operation and Crystal Eye UTM should be an essential part of your solution.
- Are you meeting all the requirements of compliance?
- Are you currently using multiple devices to secure your network?
- How rapidly are you able to respond to threats to your network?
Crystal Eye Custom Built Appliances
Crystal Eye can be easily installed in your data center or onsite at your enterprise using ultra-fast custom built hardware provisioned and built by Red Piranha to your specifications.
Our Crystal Eye UTM Platform is then run at your facility and updated by Red Piranha to keep its threat defense systems current and to provide it with access to our threat intelligence network for active counter-measures against evolving global cyber-criminal threats.
Crystal Eye offers some great benefits by having it on site, aside from security. Web filtering is an important part of any security plan. Users can fall prey to phishing, scams, malicious websites and other online threats.
Deploying Crystal Eye on site allows you to easily protect your users from malicious sites, use Crystal Eye’s Secure Gateway to protect email and web traffic. You can also set up web traffic filtering to blacklist/whitelist sites by groups (porn, social media, webmail, streaming content) that boost productivity by blocking users access to certain sites.
Easy to Deploy
Crystal Eye appliances are easy to deploy and integrate with your existing network. They work they are built to work with major monitoring applications and systems.
To see a list of appliances that have the Crystal Eye UTM Platform installed on them, and are available for purchase, see our Crystal Eye UTM Appliances page. From there you can select a device and go to our store and customize the appliance for your needs.
Crystal Eye Cloud Managed Solution
Crystal Eye Cloud Managed Solution offers UTM for your system in the digital realm, rather than being attached to a specific computer system or device. This gives protection and security services for your organization on the cloud, regardless of location.
Who Can Benefit From A Crystal Eye Cloud Managed Solution
The ideal customer for this solution are enterprises that require a hybrid cloud set-up or have multi-region branch offices. The cloud-based solution, working in partnership with our hardware-based deployed solutions performs many of the functions of an in-house IT Security specialist at a reduced cost.
If you have any questions about Crystal Eye Cloud Managed Solution, we encourage you to call us.