Crystal Eye XDR 
eXtended Detection and Response

Address cybersecurity challenges with our Consolidated Security Platform

Protect your entire IT and
OT infrastructure

Detect, Investigate and Respond to
Threats with Best-in-Breed Technology

Integrated approach with better
Total Cost of Ownership (TCO) 

Improve Security Team
Productivity 

Protect, Detect, Investigate and Respond to
cyberattacks in real-time with best-in-breed technology.

Why Crystal Eye XDR?

Multi-Award Winning and Recognised

Crystal Eye XDR Architecture

Threat Detection, Investigation and Response Process

Deployment Options

Crystal Eye XDR offers flexibility with deployment:

More than just XDR

  • Unlike most security products which are often siloed and require manual intervention without providing end-to-end protection, Crystal Eye Consolidated Security Platform (CSP) converges multiple security functions and integrated services into a unified platform to protect your organisation from the network, cloud to endpoints with tangible ROI.
  • Our network-based and cloud-based sensors (Crystal Eye XDR) deliver Network Detection & Response (NDR) in combination with our host-based sensors (Crystal Eye EDR) to deliver Endpoint Detection and Response (EDR), which all works together to deliver eXtended Detection and Response (XDR).
  • Our consolidated security platform offers full detection and integrated threat intelligence capabilities offering plug-and-play holistic security without the engineering overhead.
  • Crystal Eye Orchestrate is our centralised management console which takes care of the service delivery and acts as a data lake to collect all the data for correlation and response coordination. Our flexible deployment option makes things significantly simpler and as all Crystal Eye products use standard data format and shared data storage - this avoids the labourious task of normalising and correlating data from different technologies.


Managed SIEM

  • XDR avoids the complex integration required with Security Information & Event Management (SIEM) and breaks down the silos between different systems by having a single data store for all events.
  • Where SIEM focuses on pulling the data together into events, XDR has the added benefit of pro-active and automated rapid response to stop threats in their tracks before real damage occurs. XDR goes a step further to provide advanced threat detection with research analysis labs to support defensive efforts.

Integrated SOAR

  • Our XDR solution has integrated Security Orchestration, Automation & Response (SOAR) processes, like response playbooks and integrated human-machine teaming, allowing you to automate responses to low-risk threats and coordinate responses to high-risk threats with the relevant resources.
  • These capabilities are typically not utilised by most organisations due to resourcing issues, but our integrated SOAR approach provides automated incident response. 

    Our automated incident response process gets executed immediately when a breach occurs. Our integrated CTI and security operations team working in the backend instantly start working on identifying the potential incident breach and gathering crucial intelligence leading to efficiency - saving time, money and reducing risk.

Crystal Eye XDR Features

Flexible Plug and Play

•   Immediate uplift in detection capability.
•   Our Consolidated Security Platform reduces the engineering overhead as you don't need manage multiple tools, systems and people to manage things.

Live Monitoring

•   Tracks, records and displays all the events in real-time.
•   Integrated Threat Intelligence for increased alert contextualisation

Protect, Detect & Respond

•   Integration with control plane technologies like SWG and NGFW to segment and protect.
•   Collates data from across the full technology stack to provide a more comprehensive view of an organisation's security posture.
•   Access to human-machine teaming offers embedded IR escalation for immediate incident resolution. 

MDR with integrated incident response and digital forensic services

•   Lowers TCO and allows for easy deployment of critical controls such as security monitoring and incident response seamlessly, with out-of-the-box MDR capabilities.
•   Reduces dwell time with advanced Human-Machine Teaming allowing you to conduct a forensic investigation and respond to threats in minutes with direct SOC event escalation.

Threat Detection, Investigation and Response (TDIR)

•   Advanced threat hunting with on-demand specialists for technology-driven efficiencies to reduce the risk.

Achieve the Architectural Aspirations of Zero Trust

•   Increase detection efficacy by identifying lateral movement with ZTNA
•   Gain granular access management and minimise the attack surface.
•   Use micro-segmentation to gain Monitoring and Response maturity.
•   Get AAI-driven actionable insights for swift anomaly detection, bolstering threat visibility and shielding critical assets, thereby thwarting lateral movements.
•   Zero Trust environment allows for better visibility and control over network traffic for an instant uplift in detection and response capabilities

Secure Access Service Edge (SASE)

Enables organisations to secure access to resources and services from any location, on any device, and over any network.

Threat Intelligence Platform (TIP) and Automated Actionable Intelligence Capabilities

•   Integrated Cyber Threat Intelligence (CTI) provides contextualised, automated actionable intelligence for up-to-date threat protection.
•   Full integrated Intelligence reduces the burden of operationalising Threat intelligence 
•   AAI enables organisations to automate the process of analysing and responding to security threats.

Automatic and User-enabled Software Upgrades and Updates

Ensures that you are stacked up with all the latest technologies and updates to detect and respond to new threats.

High Availability

Ensures the system is always operational and able to defend against security threats.

Advanced NGFW and best-in-breed NDR

Offers a more comprehensive level of protection by using a centralised platform to collect and analyse data from multiple sources - identifying a wide range of threats, including malware, ransomware, and other malicious activities.

Secure Web Gateway

Monitors and controls all web traffic passing through the gateway, using a combination of technologies such as URL filtering, malware detection, and content inspection to protect the network from external threats.

Azure AD Cloud Monitoring

Captures extended Microsoft Office 365, SharePoint, DLP threat detection with all Microsoft subscription levels. Retain and access important forensics needed during an incident response.

Passive Encryption Control

Rolls out IEC 62443 secure zones and conduits to protect networks with application-specific baselines on IoT/OT devices, allowing you to secure your network without the need for agents.

Agentless Network Discovery and Management 

Discover vulnerabilities by mapping out devices and network infrastructure  - including identifying devices, IP addresses, operating systems, and installed software.

Continuous Threat Exposure Management through Vulnerability Management

•   Our CTEM program helps track threat exposure and allows virtual patching to be carried in Crystal Eye based on new threats that may evolve. 
•   This technique allows a Moving Target Defence strategy to be implemented to mitigate new risks that may arise.

SD-WAN

•   Improves the security of a WAN by providing better visibility and control over network traffic. 
•   Protocol support for Wireguard, SSL VPN and OpenVPN.

Red Piranha is a world leader in cyber threat intelligence and our inclusion
in the Cyber Threat Alliance (CTA) is a testament to that.


  • Crystal Eye CSP delivers a comprehensive solution across a range of security areas, with the whole platform working together to protect, detect and respond to threats in your environment.
  • This all works together to provide a single defence-in-depth platform to mitigate risks to your organisation.
  • Our modular approach can be catered to meet the needs of each company, so you can pick and choose what matters most to you without implementing the whole solution.
  • It's about business outcomes and managing risks specific to your needs, not just about technology for the sake of it.


  • Delivers effective cybersecurity outcomes for your clients without the overhead of developing, staffing, auditing and maintaining your security teams. Red Piranha offers fully compliant security outcomes on your behalf to your client without the risk.
  • Out-of-the-box ability to detect threats, offering a consistent level of security without the complexity of integrating products from multiple vendors.
  • Automatically collects and correlates information across the entire IT architecture to identify real threats anywhere in your client’s IT environment and automatically triggers the coordinated response.
  • Lowers the cost of integration and allows for the deployment of critical security controls such as monitoring and incident response seamlessly.
  • MSP-specific integrations and multi-tenant console, a scalable solution.
  • 24/7/365 rapid Response for peace of mind.


  • Crystal Eye CSP addresses security holistically, offering more visibility and context into potential cyber threats before they become an event.
  • Groups related threats across the MITRE ATT&CK framework and address them according to your risk appetite.
  • Offers automated detection and response capabilities, allowing your security teams to streamline the processing of the large volume of security data.
  • Direct on-demand human-machine teaming allows you to escalate and call on our team of experts for push-button security outcomes.
  • Cost-effective data storage and analytics to process large volumes of data.
  • On-demand threat hunting to proactively detect security breaches.
  • Integrated PCAP analysis to reduce attacker dwell time.
  • On-demand Digital Forensics for effective rapid response.