RP Logo

The Latest Red Piranha News

As the year gains momentum, organisations are facing an increasingly sophisticated threat landscape, with Advanced Persistent Threats (APTs) continuing to target critical infrastructure, government bodies and other sectors. APT campaigns are characterised by persistence, precision, and an ability to stay undetected by traditional controls, placing renewed emphasis on visibility, intelligence, and proactive defence.

This month, our Knowledge Sprint focuses on Defending Critical Infrastructure Against APTs, using campaigns such as Salt Typhoon to examine how modern adversaries establish access, move laterally, and maintain persistence within complex environments. Scroll down to read more about the webinar, and don’t forget to sign up.

We are also preparing to release our Annual Threat Intelligence Report 2026, which highlights a significant shift in APT activity. This year’s findings provide a deep analysis of emerging TTPs, including EDR bypass, lateral movement, and intrusion persistence. The report offers a comprehensive view of modern APT campaigns, unpacking how attackers operate across the intrusion lifecycle and what defenders should prioritise in response. Stay tuned for our next issue.

Read on for the latest insights, updates, and initiatives from the Red Piranha team as we continue to support organisations in strengthening their cyber resilience against advanced threats.

Defending Critical Infrastructure Against APTs like Salt Typhoon

News3

Recent state-sponsored campaigns, including the activities associated with Salt Typhoon, have highlighted how nation-state actors compromise routers, edge devices, and backbone systems to gain long-term access and pivot deeper to internal environments.

These APTs bypass traditional controls, modify network infrastructure to maintain persistence, and abuse trusted connections, often operating without triggering EDR or host-based alerts.

Join our upcoming Knowledge Sprint and explore with us how organisations can counter state-sponsored cyber-espionage using proactive threat hunting and detection techniques designed to uncover APT activity where traditional controls fall short.

In this session, we’ll cover:

  • Why EDR is not enough for campaigns similar to Salt Typhoon
  • How APT groups maintain persistence and evade detection
  • How Crystal Eye enables proactive threat hunting across the network and encrypted traffic
  • Why threat hunting is critical for critical infrastructure
  • How Red Piranha’s SOC supports escalated threat hunting and response

Register today to secure your spot

Crystal Eye Platform Updates

Crystal Eye February Update

This month’s Crystal Eye 5.5 release brings updates to RAID, WireGuard VPN Client, Crystal Eye Attack Surface Reduction (CESAR) and more.

Crystal 5.5 also brings updates to Defender for Endpoint, with significant improvements to give analysts deeper visibility, faster triage, and a clearer understanding of what’s really happening in your environment.

Over the past few months, we’ve been working closely with our customers and the Microsoft Defender ecosystem to redesign how we collect, display, and analyse security signals. In 5.5, we have introduced a set of powerful new features that transform the way you investigate threats. Some notable improvements include Incident Ingestion, a detailed view of incidents and alerts and API logs feedback. For the new Defender for Endpoint to work, you will have to make some API adjustments to your Microsoft Entra application connected to your Crystal Eye. You can learn more about these changes and other information on our forum here.

If you haven’t upgraded to 5.5 yet, here’s what you’re missing:

  • RAID Support
  • Defender for Endpoint Updates
  • Link Aggregation (LACP) support
  • Entra ID Management and Policy Configuration
  • Entra ID SSO Authentication for WireGuard VPN
  • SD-WAN monitoring improvements
  • Updated Risk Auditing and CEASR policy management
  • DAS (Declarative Authorisation Service) for granular SaaS policy enforcement
  • Bridge Interface deployment
  • A range of UI and reliability enhancements across the platform

Upgrading is free and available to all Crystal Eye systems running version 5.0. A reminder to all users that Crystal Eye 5.0 is nearing the end of life with the 6.0 release. This is scheduled for release by the end of quarter one of 2026. If you have not yet updated to version 5.5, please do so as soon as possible.

For support or more information, reach out to support@redpiranha.net or visit our Forum at forum.redpiranha.net.

Red Piranha Events

Join Red Piranha in Melbourne, Sydney, and Perth for an exclusive preview of Crystal Eye 6.0. Discover new hardware, enhanced TDIR capabilities, expanded threat intelligence and asset management features, improved security controls, and upcoming networking solutions for 2026. Learn how Crystal Eye helps strengthen cyber resilience and drive partner growth.

Red Piranha Partner Event - Melbourne

News3

Register here.

Red Piranha Partner Event – Sydney

News3

Secure your spot today.

Red Piranha Partner Event - Perth

News3

Sign up here.

Service Spotlight: Threat Hunting in Incident Response: Proactive and Reactive Approaches

News3

Threat hunting is a specialised cybersecurity function focused on identifying adversary activity that bypasses preventive controls and automated detection mechanisms. Within the Incident Response lifecycle, threat hunting materially strengthens an organisation’s ability to detect, analyse, and mitigate security incidents.

Embedding threat hunting into Incident Response enhances detection depth and investigative accuracy. It enables security teams to uncover hidden threats, identify subtle indicators of compromise, and reduce attacker dwell time. This directly improves containment outcomes and supports stronger organisational preparedness for future incidents.

From an operational perspective, threat hunting is typically executed through two complementary models: proactive and reactive.

Proactive Threat Hunting

Proactive threat hunting is an intelligence-led, hypothesis-driven practice designed to identify threats before they trigger alerts or cause disruption. Security teams continuously analyse endpoint, identity, and network telemetry, even in the absence of confirmed incidents.

Rather than relying solely on predefined indicators of compromise, proactive hunting prioritises behavioural anomalies, statistical deviations, and patterns consistent with attacker tactics, techniques, and procedures. This methodology leverages behavioural analytics, baselining, anomaly detection, and contextual threat intelligence to expose previously undetected threats, including long-dwell Advanced Persistent Threat activity and concealed compromise artefacts.

The objective is early discovery, risk reduction, and dwell time minimisation.

Reactive Threat Hunting

Reactive threat hunting is initiated following alerts, detections, or observed anomalies. The focus shifts to validating the signal, determining the scope of compromise, reconstructing attacker activity, and identifying the root cause.

This model requires rapid investigative workflows, cross-domain correlation, and forensic analysis. Reactive hunting plays a critical role in accelerating containment, guiding eradication efforts, and limiting operational impact once malicious activity is suspected or confirmed.

The objective is response precision, impact reduction, and rapid recovery.

Both proactive and reactive threat hunting methodologies are essential components of an effective Incident Response strategy. Proactive hunting reduces the likelihood of undetected compromise, while reactive hunting ensures speed and accuracy during active incidents. Together, they deliver comprehensive coverage across emerging and confirmed threat scenarios.

Red Piranha’s Threat Detection, Investigation and Response capability delivers a unified detection and response framework engineered to expand visibility, enhance detection fidelity, and accelerate response workflows. Through advanced behavioural analytics, organisations gain deeper insight into network and system activity, enabling earlier identification of Advanced Persistent Threats and emerging attack techniques.

The platform rapidly detects known malware families and Command and Control communications commonly associated with post-exploitation activity. Fully operationalised threat intelligence transforms telemetry into contextualised, actionable insights, supporting faster and more informed response decisions.

Human-machine collaboration improves alert prioritisation, reduces operational noise, and enhances analyst efficiency. Proactive threat hunting capabilities enable earlier discovery of entrenched adversary presence, directly reducing dwell time and business risk.

Distributed sensor deployment strengthens detection across lateral and East-West traffic, while integrated packet capture analysis provides deeper forensic visibility. On-demand SOC services, supported by digital forensics expertise, further accelerate incident investigation, containment, and remediation.

Advanced heuristics and machine learning-driven anomaly detection enhance detection confidence, enabling organisations to maintain a precise, informed, and resilient security posture.

Get the experts in today

Subscribe
Now

Request a
Demo

Leave a
Review

News3

News3

News3

Questions?

Get in touch. If you have any questions, comments or feedback regarding our ongoing programs, products or services, please submit them to support@redpiranha.net or head to our forum at https://forum.redpiranha.net/.

**Terms and conditions apply!
Contact your business development manager to receive a copy of the terms and conditions.