RP Logo

The Latest Red Piranha News
As we move into the second half of the year, organisations continue to navigate an evolving cybersecurity landscape shaped by emerging threats, changing regulatory requirements, and the increasing complexity of modern digital environments. Building resilience remains a key priority, requiring a proactive approach to security, governance, and operational readiness.

At Red Piranha, we remain focused on helping organisations strengthen their cyber defences through innovation, intelligence-led security, and practical solutions that address real-world challenges. This commitment was recently recognised with Red Piranha being named a finalist for Cyber Business of the Year at the Australian Defence Industry Awards 2026, reflecting our ongoing contribution to Australia’s sovereign cybersecurity and defence capabilities.

From advancing security operations and threat visibility to supporting compliance and risk management initiatives, our goal is to empower customers and partners with the capabilities they need to stay ahead in an ever-changing threat landscape.

In this edition, we share the latest updates, insights, and initiatives from across the Red Piranha ecosystem, highlighting developments that continue to drive cyber resilience and security maturity.

Read on to discover what the Red Piranha team has been working on this month.

Knowledge Sprint: From Classroom to Cyber Resilience: Fortifying Education with SWG & Segmentation

Graphic with text Knowledge Sprint: From Classroom to Cyber Resilience: Fortifying Education with SWG & Segmentation and the event details

See how a real-world school scenario reveals best practices in Secure Web Gateway (SWG) and network segmentation. Applicable across any organisation.

Reduce risk, enforce policy, and gain full visibility, all from a single platform.

This knowledge sprint explores how schools are increasingly targeted by cyberattacks due to weak web security and flat network architectures. Using a real-world-inspired school breach scenario, we demonstrate how Secure Web Gateway (SWG) and Network Segmentation reduce both the likelihood and impact of cyber incidents. Attendees will gain practical, actionable guidance to improve security while maintaining accessibility for students and staff.
 
Sign up here to join the webinar

Crystal Eye Platform Updates - June

Graphic with text ‘Crystal Eye Platform Updates’

We’re excited to announce the upcoming release of Crystal Eye OS 6.0 this July, bringing significant platform evolution, deeper intelligence, and simplified security operations. Key highlights include:

  • SNMP Manager for enhanced monitoring and integrations
  • Web Application Firewall (WAF) for stronger application-layer protection
  • Unbound DNS Server for improved DNS performance and control
  • Post-Quantum Encryption for WireGuard
  • New Deployment Modes for greater flexibility across environments
In preparation for 6.0, version 5.5 continues to receive important stability and usability improvements, including fixes to IDPS monitoring and reporting, CPU usage data consistency, interface configuration improvements, Improvements to input handling for LLM interactions, and application visibility enhancements. These updates further strengthen operational resilience and day-to-day user experience across the platform.

Crystal Eye 5.5 will remain fully supported until the release of version 6.5, ensuring a smooth transition path for customers planning their upgrade.

As a reminder, Crystal Eye 5.0 is approaching end-of-life, and we strongly recommend upgrading to 5.5 to remain supported and ready for the 6.0 transition.

For support or more information, reach out to support@redpiranha.net or visit our Forum at forum.redpiranha.net.

The Gentlemen Ransomware: Threat Intelligence Analysis, TTPs & Detection Guide

Graphic with text - The Gentlemen Ransomware: Threat Intelligence Analysis

The Gentlemen ransomware operation is actively compromising medium-to-large enterprises through the exploitation of internet-facing administrative interfaces and compromised credentials.

The group operates a double-extortion model: stealing data over 2-6 weeks, then encrypting infrastructure, then publishing stolen information unless ransom is paid. Initial access typically occurs through unpatched firewalls or compromised domain credentials. Red Piranha assesses the sustained threat level as CRITICAL for organisations with 500+ employees and complex Active Directory environments.
 
Read all about it here

Service Spotlight:
Crystal Eye Secure Web Gateway (SWG)

Graphic with text Crystal Eye Secure Web Gateway
The web browser has quietly become one of the most exploited entry points into modern organisations.

Whether it's a student clicking on a convincing phishing email, a staff member downloading a seemingly legitimate document, or a researcher accessing a compromised website, attackers increasingly rely on web-based techniques to gain initial access.

Today's threats rarely arrive through obvious malware attachments. Instead, they are delivered through trusted cloud platforms, malicious advertisements, fake login portals, encrypted web traffic, and compromised websites that users interact with every day.

For schools, universities, and enterprises, this challenge is amplified by the sheer number of users, devices, applications, and locations that require internet access.

The question is no longer whether users will encounter malicious content online, but whether security controls can identify and stop those threats before damage occurs.

Crystal Eye Secure Web Gateway (SWG) helps regain control of the web traffic by continuously inspecting internet activity, enforcing security policies, and blocking threats before they reach users.

From phishing sites and malware downloads to ransomware delivery infrastructure and command-and-control communications, Crystal Eye SWG provides a critical layer of defence between users and the internet.

By combining intelligent traffic inspection, URL filtering, SSL/TLS visibility, application awareness, and real-time threat intelligence, Crystal Eye SWG helps security teams reduce cyber risk while enabling safe and productive access to the resources users depend on every day.

In an environment where a single click can lead to credential theft, ransomware, or data loss, Secure Web Gateway technology has become an essential component of a modern cybersecurity strategy.

Crystal Eye SWG continuously monitors inbound and outbound web traffic to identify and block threats before they reach users or critical systems.

Phishing and Credential Theft Protection

Modern phishing attacks increasingly leverage legitimate cloud platforms, shortened URLs, fake login portals, and AI-generated content to steal credentials. Crystal Eye SWG detects and blocks:
  • Credential harvesting websites
  • Fake Microsoft 365, Google Workspace, and education portal login pages
  • Business Email Compromise (BEC) attack infrastructure
  • Malicious redirects and URL obfuscation techniques
  • Newly registered and suspicious domains commonly used in phishing campaigns
Malware and Ransomware Defence

Many ransomware infections originate from malicious downloads, compromised websites, browser exploits, and drive-by downloads. Crystal Eye SWG helps prevent:
  • Ransomware delivery payloads
  • Trojan and spyware downloads
  • Drive-by download attacks
  • Malvertising campaigns
  • Browser-based exploit attempts
  • Command-and-control communications used by active malware
By blocking malicious traffic during the initial infection stage, organisations can significantly reduce the likelihood of a successful ransomware event.

Command-and-Control (C2) Detection Advanced attackers often establish outbound communications with external infrastructure after compromising a device. Crystal Eye SWG identifies:
  • Beaconing behaviour
  • Connections to known malicious IP addresses and domains
  • Known malware and CnC families.
  • Suspicious encrypted outbound traffic patterns
  • Botnet-related network activity
This capability helps security teams detect compromised devices before attackers achieve lateral movement or data exfiltration objectives.

SSL/TLS Inspection for Hidden Threats More than 90% of internet traffic is encrypted, allowing attackers to hide malware, phishing content, and command-and-control communications inside HTTPS sessions. Crystal Eye SWG performs SSL/TLS inspection to:
  • Analyse encrypted traffic
  • Detect malicious payloads hidden within HTTPS sessions
  • Identify unauthorised file transfers
  • Uncover malware communications that bypass traditional perimeter defences
This provides security teams with visibility into threats that would otherwise remain concealed.

Protection Against Student and User Risk Behaviours Educational institutions face unique challenges due to large numbers of users accessing diverse web content. Crystal Eye SWG enables administrators to:
  • Block inappropriate content categories
  • Restrict access to gambling, adult content, piracy, and malicious websites
  • Enforce safe browsing policies
  • Prevent access to known cybercrime marketplaces
  • Limit exposure to malware-hosting platforms
This creates a safer online environment for students while supporting safeguarding and acceptable-use requirements.

Data Loss Prevention and Information Security Sensitive information can leave an organisation through cloud storage platforms, webmail services, file-sharing websites, and collaboration tools. Crystal Eye SWG helps protect:
  • Student records
  • Personally Identifiable Information (PII)
  • Research data
  • Financial information
  • Intellectual property
  • Examination materials and academic content
Administrators can enforce policies that monitor, alert, or block unauthorised data transfers over web channels.

Shadow IT Discovery and Cloud Application Visibility Users frequently adopt unsanctioned cloud services without approval from IT or security teams. Crystal Eye SWG provides visibility into:
  • Cloud application usage
  • File-sharing platforms
  • AI and generative AI services
  • Collaboration tools
  • Unauthorised SaaS applications
This enables organisations to identify security risks, compliance concerns, and potential data exposure arising from unmanaged cloud services.

Centralised Policy Management Through a unified management interface, security teams can create granular policies based on:
  • User identity
  • User groups
  • Departments
  • Student and staff roles
  • Device types
  • Locations
  • Risk categories
Policies can be tailored to support different access requirements across students, faculty members, researchers, administrators, and executive leadership.

Key Benefits
  • Reduces exposure to phishing, ransomware, and malware attacks
  • Provides visibility into encrypted web traffic
  • Detects compromised devices communicating with attacker infrastructure
  • Strengthens Zero Trust security initiatives
  • Supports compliance and governance requirements
  • Reduces shadow IT and unauthorised SaaS adoption
  • Enables risk-based web access controls
  • Improves security posture without impacting user productivity
  • Protects students and staff from phishing attacks and malicious websites
  • Enforces safe browsing and acceptable-use policies
  • Prevents ransomware infections originating from web activity
  • Safeguards student records and sensitive educational data
  • Provides visibility across campus, remote, and hybrid learning environments
  • Supports cyber safety and digital wellbeing initiatives
  • Simplifies internet access management across thousands of users
Crystal Eye Secure Web Gateway transforms web access from a significant attack surface into a controlled, monitored, and protected security layer, helping organisations proactively defend against modern cyber threats while enabling secure digital learning and business operations.
 
Get started today

Threat Intelligence Report

 Subscribe Now

Crystal Eye Demo

 Request a Demo

Gartner Peer Insights

 Leave a Review

Questions?
Get in touch. If you have any questions, comments or feedback regarding our ongoing programs, products or services, please submit them to support@redpiranha.net or head to our forum at https://forum.redpiranha.net
.