Crystal Eye
Hybrid Mesh Firewall

One Platform. Every Edge.

Hardware • Virtual • Cloud

Crystal Eye, a purpose-built Hybrid Mesh Firewall, delivers unified Threat Detection, Investigation and Response (TDIR),
centralised orchestration, and consistent security policy across every deployment mode from branch appliances to cloud-native workloads.

Crystal Eye

Delivers enterprise network security by combining next-generation firewall capabilities with integrated intrusion prevention, application control, advanced threat detection, and secure VPN connectivity. Built for modern enterprise environments, the platform continuously inspects and enforces control over network traffic, enabling organisations to prevent malware, exploit attempts, and unauthorised access before they impact operations.

Crystal Eye Orchestrate; a cloud-delivered centralised management platform; provides a unified console across all hardware, virtual, and cloud deployments, acting as a data lake that correlates events and drives multi-tenant orchestration for MSP and MSSP partners. Every deployment shares the same feature set and the same policy framework: UCMI Object Policy Control manages services, hosts, and domains simultaneously across all countermeasures, eliminating policy drift between on-premise, cloud, and remote enforcement points.

The IDPS engine carries over 70,000 professionally curated rules, updated daily by the Crystal Eye Security Operations Centre (CESOC). Red Piranha is a member and top contributor to the Cyber Threat Alliance, and Automated Actionable Intelligence (AAI) feeds are applied directly into enforcement covering DNS-layer threat blocking, SSL/TLS deep packet inspection, and real-time IoT and CPS device discovery with per-device policy enforcement. Integrated SOAR automates response to low-risk threats and escalates high-risk events for human-machine teaming, while the DFIR application enables rapid forensic investigation from within the platform. DLP, Secure Email Gateway, and Secure Web Gateway covering antimalware, anti-phishing, AV, application filtering, and protocol filtering are all native platform components.

The Numbers That Matter

Crystal Eye's performance credentials are independently verified and operationally proven and not benchmark theatre.

60 Gbps

IPS THROUGHPUT

Achieved on a single 2U device in lab conditions; independently verified by IEEE.  Multi-tenanted, single platform sensor deployment to improve detection engineering efficacy across East-West traffic flows.

70K+

IPS/IDPS RULES

Professionally curated rulesets managed and updated daily by the Crystal Eye Security Operations Centre (CESOC) threat-hunting team. Push-button escalation to Red Piranha’s SOC. Remove complexity, instantly escalate an event to the SOC team and enhance security operations.

#1

CYBER THREAT ALLIANCE CONTRIBUTOR

Red Piranha is a member and top contributor to the Cyber Threat Alliance; validated, real-world threat intelligence at the source. Proactive threat hunting and investigation to detect advanced APTs, Living-off-the-Land and other indicators to reduce dwell time.

PIONEERED INTEGRATED TDIR

Red Piranha developed the integrated security platform concept before XDR was a recognised market category. Advanced heuristics and ML anomaly detection with World-Class Threat Intelligence for contextualised, high confidence alerts.
3x

ISO CERTIFIED

ISO/IEC 27001:2022, ISO 9001:2015, and CREST ANZ (for our Penetration Testing services) certified organisation and an authorised certifier for customers. Industry-leading forensic log. retention for 18+ months to help meet compliance.

24/7

SOC OPERATIONS

Crystal Eye Security Operations Centre provides continuous threat hunting, rule management, and escalation support; fully integrated with the platform.

Same Platform. Three Form Factors.

Every Crystal Eye deployment: hardware, virtual, or cloud runs the identical platform with the same feature set, unified under a single Orchestrate management plane. This is the architectural foundation of Gartner's Hybrid Mesh Firewall model.

HARDWARE APPLIANCE

Purpose-built, made-to-order hardware from Series 10 through Series 100. Rack-mount, HA-capable units with high throughput.

  • Series 10–100 appliance range (SMB to carrier-grade).
  • 60 Gbps IPS throughput on a single 2U device
  • Latest Intel processors and not commoditised hardware.
  • Active/Passive High Availability for zero-downtime failover.

VIRTUAL APPLIANCE

Full-featured Crystal Eye as a software deployment in private data centres and virtualised environments; complete feature parity with hardware. The same platform, same IDPS ruleset, and same Orchestrate console no capability compromise for VMware, Hyper-V, or KVM deployments.

  • Full feature parity with hardware form factors.
  • Deploy in VMware, Hyper-V, KVM environments.
  • Flexible sizing for data centre and branch virtualisation.
  • Same Orchestrate management as all other deployments.
  • API-driven provisioning and lifecycle management

CLOUD/FWAAS

Crystal Eye Cloud and SASE Cloud provide cloud-native protection with multiple global points of presence; native AWS VPC integration and Azure AD identity-aware policy covering OneDrive, SharePoint, and Exchange. Crystal Eye Secure Edge 101 targets dense cloud infrastructure environments.

  • Crystal Eye Cloud Generation Firewall (FWaaS).
  • Native AWS VPC and Azure AD integration.
  • Multiple global PoPs for low-latency enforcement.
  • SASE Cloud for microservices and remote workforce.
  • Zero-trust policy for cloud-native workloads.
Explore Crystal Eye Appliances

Key Performance Indicators

  • Detect all Known Malware and CnC Families
  • Advanced Threat Detection with Integrated Threat Intelligence
  • Multiple Deployment Modes for easy provisioning; hardware, virtual, and cloud; unified under a single Orchestrate management plane
  • 24/7 SOC Coverage with push-button escalation to CESOC threat-hunting team
  • Human machine teaming and efficiencies around incident response as well, like correlation across cloud network and endpoint.
  • Advanced Protection Across Endpoints, Cloud, and Network
  • Automatic rolling software and security updates
  • Integrated Vulnerability Management
  • Real-time detection of advanced threats including living-off-the-land attacks
  • East-West Traffic Control via multi-tenanted sensor deployment to prevent lateral movement.
  • Integrated PCAP Analysis to reduce attacker dwell time
  • DNS-layer threat protection; AAI feeds block malicious domains and detect DNS tunnelling
  • SSL/TLS deep packet inspection; full decryption and re-inspection with Passive Encryption Alerts
  • IoT and CPS device discovery; real-time mapping of all network-connected devices with per-device policy enforcement
  • Cybersecurity Mesh Architecture; composable enforcement modules with centralised data and control plane via Orchestrate

Want to learn more?

Cybersecurity Mesh by Design

Crystal Eye's architecture pre-dates Gartner's CSMA framework; centralised data and control plane via Orchestrate, distributed enforcement across every edge. Not retrofitted to meet a definition. Natively aligned.

On-Premise

Hardware appliances at HQ, branches, and data centres. Series 10 to 100

Cloud/FWaaS

AWS, Azure AD, Crystal Eye SASE Cloud. Multi-PoP global coverage

Remote Workforce

ZTNA, SD-WAN, CEASR endpoint app; zero-trust remote access

Integrated Platform Capabilities

NGFW + IPS/IDS
XDR (NDR + EDR)
SIEM + SOAR
DFIR + Forensics
Secure Web Gateway
Secure Email Gateway
DLP
SD-WAN
ZTNA
DNS Security
IoT Discovery
IRM / Compliance

See Crystal Eye's HMF Credentials

Request a technical briefing or speak with our team about your specific deployment requirements.