Crystal Eye
Hybrid Mesh Firewall
One Platform. Every Edge.
Hardware • Virtual • Cloud
Crystal Eye, a purpose-built Hybrid Mesh Firewall, delivers unified Threat Detection, Investigation and Response (TDIR),
centralised orchestration, and consistent security policy across every deployment mode from branch appliances to cloud-native workloads.
Crystal Eye
Delivers enterprise network security by combining next-generation firewall capabilities with integrated intrusion prevention, application control, advanced threat detection, and secure VPN connectivity. Built for modern enterprise environments, the platform continuously inspects and enforces control over network traffic, enabling organisations to prevent malware, exploit attempts, and unauthorised access before they impact operations.
The Numbers That Matter
Crystal Eye's performance credentials are independently verified and operationally proven and not benchmark theatre.
IPS THROUGHPUT
Achieved on a single 2U device in lab conditions; independently verified by IEEE. Multi-tenanted, single platform sensor deployment to improve detection engineering efficacy across East-West traffic flows.
IPS/IDPS RULES
Professionally curated rulesets managed and updated daily by the Crystal Eye Security Operations Centre (CESOC) threat-hunting team. Push-button escalation to Red Piranha’s SOC. Remove complexity, instantly escalate an event to the SOC team and enhance security operations.
CYBER THREAT ALLIANCE CONTRIBUTOR
Red Piranha is a member and top contributor to the Cyber Threat Alliance; validated, real-world threat intelligence at the source. Proactive threat hunting and investigation to detect advanced APTs, Living off the Land and other indicators to reduce dwell time.
Red Piranha developed the integrated security platform concept before XDR was a recognised market category. Advanced heuristics and ML anomaly detection with World-Class Threat Intelligence for contextualised, high confidence alerts.
ISO CERTIFIED
ISO/IEC 27001:2022, ISO 9001:2015, and CREST ANZ (for our Penetration Testing services) certified organisation and an authorised certifier for customers. Industry-leading forensic log. retention for 18+ months to help meet compliance.
SOC OPERATIONS
Crystal Eye Security Operations Centre provides continuous threat hunting, rule management, and escalation support; fully integrated with the platform.
Same Platform. Three Form Factors.
Every Crystal Eye deployment: hardware, virtual, or cloud runs the identical platform with the same feature set, unified under a single Orchestrate management plane. This is the architectural foundation of Gartner's Hybrid Mesh Firewall model.
Hardware Appliance
Purpose-built, made-to-order hardware from Series 10 through Series 100. Rack-mount, HA-capable units with record-breaking throughput.
- Series 10–100 appliance range (SMB to carrier-grade).
- 60 Gbps IPS throughput on a single 2U device
- Latest Intel processors and not commoditised hardware.
- Active/Passive High Availability for zero-downtime failover.
Virtual Appliance
Full-featured Crystal Eye as a software deployment in private data centres and virtualised environments; complete feature parity with hardware.
- Full feature parity with hardware form factors.
- Deploy in VMware, Hyper-V, KVM environments.
- Flexible sizing for data centre and branch virtualisation.
- Same Orchestrate management as all other deployments.
API-driven provisioning and lifecycle management.
Cloud/FWaaS
Crystal Eye Cloud and SASE Cloud provide cloud-native protection with multiple global points of presence; native AWS VPC integration and Azure AD identity-aware policy.
- Crystal Eye Cloud Generation Firewall (FWaaS).
- Native AWS VPC and Azure AD integration.
- Multiple global PoPs for low-latency enforcement.
- SASE Cloud for microservices and remote workforce.
- Zero-trust policy for cloud-native workloads.
Crystal Eye Meets Gartner's HMF Market Definition
Across Gartner's Hybrid Mesh Firewall criteria spanning deployment modes, centralised management, CI/CD integration, native cloud controls, and advanced threat prevention Crystal Eye achieves full. Flexible In-line Deployment to avoid disruptive infrastructure changes and eliminate the need for engineering overheads. 24/7 access to our “village” of security professionals leveraging Human-machine teaming for improved alert prioritisation and incident response.
Key Performance Indicators
Detect all Known Malware and CnC Families
Advanced Threat Detection with Integrated Threat Intelligence
3 Deployment Modes
24/7 SOC Coverage
Advanced Protection Across Endpoints, Cloud, and Network
Automatic rolling software and security updates
Integrated Vulnerability Management
East-West Traffic Control
Real-time detection of advanced threats including living-off-the-land attacks
Integrated PCAP Analysis to reduce attacker dwell time
Every Criterion. Mapped.
Learn how Crystal Eye's specific capabilities maps with the Hybrid Mesh Firewall criteria. Select any criterion to see Crystal Eye's specific capability.
Hardware Firewall Deployment
Physical appliance enterprise rack-mount NGFW with high-throughput performance.
CRYSTAL EYE EVIDENCESeries 10–100 appliances including HA-capable 2U rack-mount. Series 100 achieves 60 Gbps IPS throughput (IEEE-verified). Purpose-built hardware using latest Intel processors.
Virtual Appliance Deployment
Software-based virtual firewall deployable in VMware, Hyper-V, KVM environments.
CRYSTAL EYE EVIDENCECrystal Eye is available as a virtual appliance with complete feature parity across all form factors. Managed identically via Orchestrate with the same policy framework as hardware.
Cloud/FWaaS Deployment
Native cloud deployment option protecting public cloud workloads via FWaaS.
CRYSTAL EYE EVIDENCECrystal Eye Cloud Generation Firewall and SASE Cloud provide cloud-native protection with multiple global PoPs. Natively protects AWS VPCs. Crystal Eye Secure Edge 101 targets dense cloud environments.
Unified Cloud Management Plane
Single cloud-delivered management console with policy orchestration across all deployments.
CRYSTAL EYE EVIDENCECrystal Eye Orchestrate cloud-based centralised management; provides a unified console for hardware, virtual, and cloud. Acts as data lake for correlation and response. Delivers multi-tenant orchestration for MSP/MSSP.
Consistent Cross-Environment Policy
Identical firewall policy and enforcement regardless of deployment mode.
CRYSTAL EYE EVIDENCENo matter which deployment or appliance you choose, all customers get access to the same full-featured Crystal Eye platform. UCMI Object Policy Control manages services, hosts, and domains across multiple countermeasures simultaneously.
Advanced Threat Prevention (IPS/IDS)
Next-generation intrusion prevention with high-efficacy, regularly updated ruleset.
CRYSTAL EYE EVIDENCEIDPS engine with 70,000+ curated rules updated daily by CESOC. Over 70,000 dedicated IDPS rules in active customer deployments. Red Piranha is a member and top contributor to the Cyber Threat Alliance.
IoT/CPS Device Discovery
Visibility and protection for IoT/OT/CPS devices - profiling, anomaly detection, enforcement.
CRYSTAL EYE EVIDENCEOrchestrate dashboard surfaces Total Mapped and Unmapped Devices across network segments. Network Map and IP Attack Map capabilities provide per-device visibility for IoT-specific policy enforcement.
DNS Security
DNS-layer protection - blocking malicious domains, DNS tunnelling detection.
CRYSTAL EYE EVIDENCEAutomated Actionable Intelligence (AAI) threat feeds include DNS-category threat blocking. Secure Web Gateway enforces protocol-level filtering covering DNS abuse. Real-time AAI feeds verified through Cyber Threat Alliance sources.
SSL/TLS Inspection
Deep inspection of encrypted traffic to detect threats in HTTPS and encrypted protocols.
CRYSTAL EYE EVIDENCECrystal Eye Secure Web Gateway and NGFW perform deep packet inspection including TLS/SSL decryption. Passive Encryption Alerts dashboard provides visibility into encrypted traffic anomalies.
Secure SD-WAN
Integrated SD-WAN for WAN optimisation and branch connectivity.
CRYSTAL EYE EVIDENCECrystal Eye includes built-in Secure SD-WAN for WAN path control, providing visibility and control over network traffic as a native platform feature - no separate appliance required.
Zero Trust/ZTNA
Identity-aware, least-privilege access for users and workloads; micro-segmentation.
CRYSTAL EYE EVIDENCECrystal Eye supports ZTNA natively for detecting lateral movement. Crystal Eye Attack Surface Reduction (CEASR) app enforces zero-trust at endpoints. Enables organisations to build private networks over public internet with zero-trust policy.
IPsec/SSL VPN/Remote Access
Secure remote and site-to-site connectivity via IPsec, SSL VPN, modern protocols.
CRYSTAL EYE EVIDENCECrystal Eye supports WireGuard, SSL VPN, and OpenVPN natively. Orchestrate dashboard tracks all devices connected to SSL VPN in real time. Site-to-site and remote-access VPN are core platform capabilities.
CI/CD Pipeline Integration
Mature integration with DevOps/DevSecOps pipelines; API-driven policy automation.
CRYSTAL EYE EVIDENCECrystal Eye supports API-driven policy deployment, SASE-based microservices security controls, and ITSM/SIEM/SOAR integrations. Enhanced Terraform/IaC documentation and deeper DevSecOps materials are actively in development; roadmap available on request.
Native Cloud API Integration
Deep native integration with AWS, Azure, GCP; auto-scaling, tags, flow logs, security groups.
CRYSTAL EYE EVIDENCENative AWS VPC protection and Azure AD identity-aware policy (OneDrive, SharePoint, Exchange). GCP native integration and cloud-auto-scaling trigger support represent active roadmap items with committed delivery timeline.
Threat Intelligence Automation
Real-time threat intelligence integrated into enforcement; automated adaptive policy.
CRYSTAL EYE EVIDENCEAutomated Actionable Intelligence (AAI) delivers verified feeds directly into Crystal Eye enforcement. Red Piranha is a top contributor to the Cyber Threat Alliance. Weekly Threat Intelligence Reports demonstrate continuous feed maintenance.
Centralised Logging & SIEM
Built-in SIEM with event correlation, log aggregation across all deployment nodes.
CRYSTAL EYE EVIDENCEOrchestrate acts as centralised data lake. Built-in SIEM with NIDS and HIDS integration, event correlation, and consolidated threat dashboards. Azure AD, Email Gateway, and web traffic logs all feed into the unified analytics platform.
SOAR & Automated Response
Security orchestration, automation and response; automated threat containment.
CRYSTAL EYE EVIDENCEIntegrated SOAR capabilities with automated responses to low-risk threats and escalation for high-risk events. DFIR application enables rapid forensic investigation from within the platform, reducing dwell time to minutes.
Multi-Tenancy/MSP Support
Multi-tenant architecture for MSSPs and MSPs to manage multiple customer environments.
CRYSTAL EYE EVIDENCECrystal Eye Orchestrate is purpose-built for multi-tenant MSP/MSSP management. MSP-specific integrations and a scalable multi-tenant console are core product features, enabling MSP-to-MSSP transition.
DLP, Email & Web Security
Data Loss Prevention, Secure Email Gateway, and Secure Web Gateway as integrated capabilities.
CRYSTAL EYE EVIDENCECrystal Eye includes DLP, Secure Email Gateway (scanning all inbound/outbound email), and Secure Web Gateway (antimalware, anti-phishing, AV, app filter, web filter, protocol filter) as native XDR platform components.
Cybersecurity Mesh Architecture
Architecture aligns with Gartner CSMA composable, distributed tools with centralised control.
CRYSTAL EYE EVIDENCECrystal Eye 5.5 documentation explicitly describes operation through a Cybersecurity Mesh Architecture. Centralises data and control plane via Orchestrate while distributing enforcement; exactly matching Gartner CSMA definition.
Want to learn more?
Cybersecurity Mesh by Design
Crystal Eye's architecture pre-dates Gartner's CSMA framework; centralised data and control plane via Orchestrate, distributed enforcement across every edge. Not retrofitted to meet a definition. Natively aligned.
On-Premise
Hardware appliances at HQ, branches, and data centres. Series 10 to 100
Cloud/FWaaS
AWS, Azure AD, Crystal Eye SASE Cloud. Multi-PoP global coverage
Remote Workforce
ZTNA, SD-WAN, CEASR endpoint app; zero-trust remote access
Integrated Platform Capabilities
NGFW + IPS/IDS
XDR (NDR + EDR)
SIEM + SOAR
DFIR + Forensics
Secure Web Gateway
Secure Email Gateway
DLP
SD-WAN
ZTNA
DNS Security
IoT Discovery
IRM / Compliance
See Crystal Eye's HMF Credentials
Request a technical briefing or speak with our team about your specific deployment requirements.