Delivered through CyCraft's Automatic, Intelligent, and Resilient platform, organizations detect and respond Faster, more Accurately, more Simply, and more Thoroughly than ever before

CyCraft AIR MDR: Managed Detection and Response for the 2020s

2

THE STATE OF SECURITY IN THE 2020s AND BEYOND

Organizations are struggling to secure complex, changing hybrid cloud/on-premise environments, legacy and modern systems, cross-region operations, working from home employees, with high availability, compliance and ease-of-use requirements.

Combined with trying to operate a multi-tiered SOC (Security Operations Center) and hire and retain hard-to-find security talent while facing a barrage of alerts and undetected attacks from ever-aggressive, persistent and sophisticated cyber threats and actors, makes true cyber security seem like an impossible dream to most organizations.

Taiwan: The Ultimate Cyber Security CrucibleCyCraft, coming from Taiwan, faces a unique security milieu due to its special geopolitical situation, in that it frequently encounters the most sophisticated, persistent and aggressive threats and actors before the rest of the world. These, often the largest state-sponsored or criminal syndicate actors focus their efforts on Taiwan to try out the newest, most subtle and malicious techniques to further their agendas. Other prominent global security solutions were absolutely no match for this level of attack, so a completely new technology was invented by CyCraft to address this most pernicious of cyber security problems.

In this cyber security crucible, forged with the pestle of Taiwan's globally recognized AI and cyber security talent, a new solution was born: CyCraft AIR. Now used extensively throughout the Taiwanese government, banking, and technology industries to stop the world's toughest cyber threats when no other solution could, CyCraft AIR MDR provides a unique set of features and value propositions to keep organizations more secure than ever before.

3

4

How CyCraft AIR beats the competition, provides unique value, and keeps orgs truly secure for the 2020s in 20 points:

1. Forensic-First

Operating from a blocklist or isolated artifact, or even isolated endpoint, or network ingress perspective, left AV, EPP/EDR, IDS/IPS vendors in the dark when searching for most modern attacks. By looking at anything in isolation, security vendors ran the risk of missing subtle behaviors, fileless methods, and abuse of trusted tools which are the hallmarks of modern attacks in the 2020s. SIEM and catch-all products show too much data and run the case of looking for the needle in the haystack when the needle looks like the rest of the hay, as modern attacks often mimic legitimate user behavior. The only sensible way forward for security technology was to wipe the slate clean and begin with a forensic mindset to focus on what matters, where it matters, and when it matters as opposed to focusing on isolated artifacts or everything at once. CyCraft AIR is a forensics-first platform; technology that was not built with forensics-first will simply not be capable of facing modern threats.

2. Analyze Across 7 Levels of ContextAs part of a forensics first approach, CyCraft AIR performs automated forensic analysis on multiple levels of context and analyzes the relationships between those levels when examining any and all potentially malicious behavior. ・ Level 1 is Isolated Artifact Context: a packet, an execution, a memory segment or log file entry, are among the many examples of isolated artifacts. ・ Level 2 is Network Context: Examine the connections between systems in terms of the various protocols and behavioral purposes of the connections. ・ Level 3 is Endpoint Context: CyCraft AIR forensically scans the endpoint event logs, memory, startup files, processes and more. ・ Level 4 is User Context: Examine user behaviors, successful logons and failed attempts, etc. ・ Level 5 is Org-Wide Context: CyCraft AIR links together evidence found across the lower levels of context and examines them in the context of the entire organization. ・ Level 6 is Global Threat Intelligence Context: After thoroughly vetting global threat intel (as in point 3 below) intel, CyCraft AIR correlates it with behaviors and artifacts found at the lower levels. ・ Level 7 is the Virtual Forensic Analyst Context: CyCraft AIR leverages AI-behavioral automation of investigative methods to combine all of the below levels into a final analysis to gain a full understanding of the cyber security situation.

3. Most Accurate and Thorough Threat IntelBy taking threat intelligence from over 20 major proprietary sources, combining it with proprietary intel from the newest, most malicious threats seen in the crucible of Taiwan, and by working with the intelligence community through ISACs, FIRST, large enterprise and government relationships, and finally putting that intel through a rigorous AI-driven vetting process on CyCraft AIR's CyberTotal Threat Intelligence Platform, CyCraft AIR is able to detect and stop the newest and most sophisticated attacks with unprecedented accuracy and thoroughness.

5

4. Fully Automated Forensic Investigations

With the forensic-first technology and the Levels of Context, CyCraft AIR automates what a forensic analyst would do via its Virtual Forensic Analyst, resulting in a faster, more accurate, and more thorough forensic process. CyCraft AIR can analyze faster as CyCraft has automated the forensic analyst's tasks, so where an elite forensic analyst might take two hours to examine a machine multiplied by the number of possibly infected machines, leaving you with possibly hundreds (or more) of billable hours, CyCraft AIR can perform through forensics in minutes. Also, human forensic analysts get tired, make mistakes, and simply can't catch everything. CyCraft AIR, being automated and AI-driven, produces complete fast forensic results without facing the shortcomings of humans.

5. Stops the Most Subtle, Malicious Attacks in Record Time

The attack landscape is changing rapidly, and by virtue of the internet, anyone can be a target of the newest, most subtle techniques. Modern attacks will break through prevention systems by abusing trusted sources, such as prominent cloud providers or forging fake digital certificates of trusted vendors, and then deploy fileless attacks, such as encrypted PowerShell command line attacks, and operate in other subtle, difficult to detect ways. By harnessing the levels of context, the most accurate threat intel, and the virtual forensic analyst AI and attacker-modeling behavioral technology that CyCraft has developed, CyCraft AIR is able to stop the most malicious and subtle attacks before others have even detected them: this not only saves orgs time and money but also protects their brands and employees.

6. Results-Focused AI and Automation = MITRE ATT&CK #1 by Several Metrics

Every vendor claims to use some form of AI or machine learning these days, distracting buyers from actual performance. The tool is not important with MDR, only the results. CyCraft gets better results faster than any vendor on the globe due to its groundbreaking AI and automation. What that automation and AI is, is not important. What is important is the fact that CyCraft AIR was the only platform to alert across all Major Steps in MITRE ATT&CK evals, and CyCraft AIR had the most alerts of any vendor, as well as had the most General, Tactic, and Technique detections of any vendor. And all of this was all out of the box with default settings and zero configuration changes on telemetry, detections or UI. MITRE ATT&CK is the industry gold standard due to their fairness and level of sophistication in their Advanced Persistent Threat emulations. CyCraft beat every major or minor vendor across the globe.

7. Alerting Done Right

The problems with alerts are that there are too many, they are often not validated, they don't provide enough context, and they don't help you to actually solve a security issue. They often make things worse in that they add extraneous, stressful work to IT/SOC operations teams with little value to show for their efforts. CyCraft AIR fixes these problems by running pre-validation on all alerts, reducing the number via the multi-level forensic AI analysis, combining alerts and by showing you exactly what needs to be done for each one. After an IT/SOC team receives an alert, they will know what to do. When CyCraft sends an alert, it puts a virtual AI-driven forensic analyst on the case to perform a full in-depth forensic scan across the entire organization, further validating suspicious behavior and linking together all malicious behavior, providing an efficient, complete, and concretely actionable analysis of an organization's cyber situation.

6

8. Auto Triage Alerts and Incidents

With CyCraft AIR automated systems performing SOC analyst and forensic functions, alert triage is handled for SOC teams in the following ways: 1) alerts are pre-validated so that false positives are filtered out; 2) Alerts are given a severity ranking so that orgs and CyCraft's AI virtual analyst know what to handle in what order; 3) CyCraft AIR automates the incident forensic analysis, so that all alerts are handled, negating the need for human triage.

9. Org-Wide Analysis Faster Than Ever Before

Once an alert triggers the next stage of virtual AI-driven forensic analyst, that analyst looks across the entire organization in minutes to link every event and artifact together to form the complete picture of any and every security incident. After extensive study of forensic analyst practices and behaviors combined with groundbreaking AI, CyCraft is able to analyze faster and more thoroughly than any other security vendor in the world.

10. 24x7x365 Analysis Providing Results-Driven Security

With an automated virtual forensic analyst, organizations are protected around the clock, every day of the year. By not relying solely on human analysts to handle incidents, CyCraft AIR is able to provide a level of service that is faster, more accurate, simpler and more thorough, above all of the competition, along with better results in terms of visibility and actionability, leaving organizations at ease with their security situations.

11. True, Org-Wide Incident Storyline

By rapidly and thoroughly examining the entire forensic context across the entire organization and piecing together the malicious behavior and artifacts by examining the links between them and the levels of context that they are in, CyCraft AIR is able to generate a comprehensive storyline for an attack that is not isolated to just an endpoint, but instead is the entire set of actions taken by the attacker, moving laterally, crossing devices, with a full list of executed commands and related malicious file and network artifacts put into an easy-to-digest storyline. This is similar to what a human analyst would do, only much faster and more thorough due to the consistent depth of scan and attack evidence linking across the entire organization.

12. True, Org-wide Root Cause Analysis

By linking together every event and artifact in any security incident, CyCraft is able to link all the way back to the attacker's initial vector of entry into an organization, as opposed to a subset of the attack, or only on a given device. This is invaluable to organizations as it provides the knowledge necessary to adjust security postures practices, and technologies to recover and prevent incidents from happening in the future.

13. Full Visibility into the Cyber Situation

By linking together every event and artifact in any security incident, CyCraft is able to link all the way back to the attacker's initial vector of entry into an organization, as opposed to a subset of the attack, or only on a given device. This is invaluable to organizations as it provides the knowledge necessary to adjust security postures practices, and technologies to recover and prevent incidents from happening in the future.

7

14. Automated Reporting = No More Querying

With CyCraft AIR MDRs automated reporting mechanisms, IT/SOC teams no longer need to spend hours in front of a console wondering if they have fully pieced together an attack. The results of these analyses are presented to teams automatically, in record time. So instead of querying telemetry data, teams can get to work adjusting security posture and putting the finishing touches on incident work.

15. World-Leading Threat Analysis Team

CyCraft's Research and Threat Analysis Team uncovered an aggressive and subtle new threat actor, Chimera, in WIRED-covered research of never-before-seen attacks. Every day this research team performs malware reversals and in-depth analysis on the newest, most malicious threats on the planet. Even the team's interns win prestigious awards at DEFCON competitions. The team incorporates their findings in the CyCraft AIR's AI, threat intel, and automation daily to keep up-to-date against the latest attacks.

16. GDPR's (And Other Privacy Laws') Best Friend

CyCraft AIR does not read, analyze, log, or access your PII (Personally Identifiable Information). CyCraft AIR is able to secure orgs to prevent information leakage and helps orgs assemble the paperwork necessary to meet compliance requirements. CyCraft AIR does not store any PII on its servers and is the most privacy-safe MDR solution on the market. CyCraft is able to do this by virtue of doing analysis on the machines to generate proprietary forensic metadata which is then sent from the machine to the virtual analyst, so CyCraft never sees nor stores what it doesn't need to. Additionally, CyCraft AIR MDR works so fast and thoroughly that it can meet any disclosure requirement and facilitates internal and external communication concerning the security situation.

17. Allows SOC Teams to Focus on What Humans Do Best, Without the Headaches

Running a SOC or having the security responsibility is one of the most stressful jobs in any organization: the threat of breach is ever-present, job security is low, alerts are flooding in, and attackers are only more aggressive and sophisticated. By letting CyCraft AIR MDR take care of the alerting, triage, investigation, investigation and response to security events in a SOC, SOCs can focus on baselining, internal communications, security testing, and all of the other jobs that today's busy SOC analyst is expected to do, all while knowing that CyCraft AIR MDR has their backs.

18. Lowest Overhead of Any MDR Solution

A drastic re-think of how endpoint agents and MDR works, combined with AI and automation, mean that CyCraft is able to perform far more efficiently than the competition: CyCraft AIR MDR agents take less than 1% of CPU usage, and under 1 MB of network bandwidth per endpoint per day. By automating the validation, triage, and investigation of incidents, orgs save time and money and gain full insight into their security situation without suffering large costs, time sinks, and performance hits.

8

19. Validated by the Industry in the Most Important Way

Being #1 by many metrics in MITRE ATT&CK evals, winning Interop's Best of Show in Japan, being covered by Forrester analysts research, being included in many categories in Momentum Cyber, winning over 25 Cybersecurity Excellence awards, and awards at WITSA and more, are all good, but they are not the most important validation. The most important industry validation is being relied on to defend Taiwan by the government, banking and high tech sectors against a level of cyber threat never before seen on earth.

20. Prevent BreachesAnd finally, the most important of all, is that with CyCraft MDR, organizations can prevent breaches. By detecting attacks before any other vendor, by alerting in the most accurate and logical way, and by following every hint of attack with the most thorough industry-vetted, fastest, multi-level forensic investigation on the planet, organizations never need to worry about breaches again.

The Shortest Road to Security

By leveraging Taiwan's globally unique cyber threat situation, creating the world's first true forensic-based virtual analyst, automating human analyst behaviors, innovating new AI, and employing a world-class team of researchers, CyCraft MDR delivers something that other solutions don't: peace of mind. Knowing that your security situation is under control is priceless. Engage CyCraft for a free trial for the Fastest, most Accurate, Simplest, and most Thorough MDR solution to date.

9

CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs, and more by being Fast / Accurate / Simple / Through.

CyCraft powers SOCs using proprietary AI and automation technology (CyCraft AIR) to deliver managed detection and response (MDR) via integrated global cyber threat intelligence (CTI), threat intelligence gateways (TIG), endpoint protection (EPP), network detection and response (NDR), endpoint detection and response (EDR), security operations center (SOC) software, auto-generated incident response (IR) reports, system-wide network Health Check, and Secure From Home services.

In 2020, CyCraft outperformed all other MITRE ATT&CK® Evaluation vendors in Technique, Tactic, and General detections with zero configuration changes. CyCraft AIR and CyberTotal both received the Best of Show Grand Prize Award for Security Solutions at Interop Tokyo 2020; and CyCraft received over 25 2020 Cybersecurity Excellence awards for categories like Managed Detection and Response, Incident Response, Threat Intelligence, and Artificial Intelligence. CyCraft is a proud member of FIRST, a premier organization for incident response security teams.

From endpoint to network, from investigation to blocking, from in-house to cloud, CyCraft AIR covers all aspects required to provide small, medium, and large organizations with the proactive, intelligent, and adaptable security solutions needed to defend from all manner of modern security threats.

To meet your cyber defense needs in the 2020s, engage with us at engage@cycraft.com.