Crystal Eye XDR 
eXtended Detection and Response

Address cybersecurity challenges with our Consolidated Security Platform

Protect, Detect, Investigate and Respond to cyberattacks
in real-time with best-in-breed technology.

Why Crystal Eye XDR?

Protect your entire IT infrastructure 

Detect, Investigate and Respond to Threats with Best-in-Breed Technology

Integrated approach with better Total Cost of Ownership (TCO) 

Improve Security Team Productivity 

Crystal Eye XDR Architecture

Threat Detection, Investigation and Response Process
Crystal Eye XDR offers you on-premise, cloud and remote workforce protection.

Deployment Options

Crystal Eye XDR is available in the following flexible deployment options:

XDR – eXtended Detection and Response

  • XDR involves the collection and correlation of event data from endpoint, network and cloud sensors to identify real threats anywhere in your environment and automatically trigger a coordinated response to secure your business.

  • The first fully-integrated detection and response platform is ready to go out-of-the-box, so it delivers a consistent level of security without the complexity of integrating products from multiple vendors.

  • Our network-based and cloud-based sensors (Crystal Eye XDR) deliver Network Detection & Response (NDR), in combination with our host-based sensors (Crystal Eye EDR) deliver Endpoint Detection and Response (EDR) which all work together to deliver eXtended Detection and Response (XDR). Best NDR and Threat Detection and Incident Response in the market with 5 times more visibility across your Network, Endpoints and cloud infrastructure.

  • Crystal Eye Orchestrate is our centralised management console which takes care of the service delivery and acts as a data lake to collect all the data for correlation and response coordination. This is a significantly simpler process due to the standard data format and shared data storage used across the Crystal Eye products, which avoids the labourious task of normalising and correlating data from different technologies.

More than SIEM

  • XDR avoids the complex integration required with Security Information & Event Management (SIEM) and breaks down the silos between different systems by having a single data store for all events.

  • Where SIEM focuses on pulling the data together into events, XDR has the added benefit of pro-active and automated rapid response to stop threats in their tracks before real damage occurs. XDR goes a step further to provide advanced threat detection with research analysis labs to support defensive efforts.

Integrated SOAR

  • Our XDR solution has integrated Security Orchestration, Automation & Response (SOAR) processes which allow you to automate responses to low-risk threats and coordinate responses to high-risk threats with the relevant resources.

  • These capabilities are typically not accessible for most organisations, but our integrated SOAR approach provides a comprehensive, cost-effective response solution available to businesses of any size. Our automated incident response process gets executed immediately when a breach occurs and is significantly cheaper than alternative options.

Crystal Eye XDR Features

Flexible Plug and Play 

•   Immediate uplift in detection capability.
•   Visibility of all known malware and threat actors without the engineering overhead.

Live Monitoring

•   Tracks, records and displays all the events in real-time.
•   Integrated Threat Intelligence for increased alert contextualisation

Protect, Detect & Respond 

•   Integration with control plane technologies like SWG and NGFW to segment and protect.
•   Collates data from across the full technology stack to provide a more comprehensive view of an organisation's security posture.
•   Embedded IR escalation and access to human-machine teaming for immediate incident resolution.

MDR with integrated incident response and digital forensic services

•   Lowers TCO and allows for easy deployment of critical controls such as security monitoring and incident response seamlessly, with out-of-the-box MDR capabilities.
•   Reduces dwell time with advanced Human-Machine Teaming allowing you to conduct a
forensic investigation and respond to threats in minutes with direct SOC event escalation.

Threat Detection, Investigation and Response (TDIR)

•   On-demand proactive threat hunting to detect advanced APTs and embedded attacks to reduce dwell time. 
•   Integrated
Cyber Threat Intelligence (CTI) provides contextualised, automated actionable intelligence for up-to-date threat protection.
•   Advanced Threat Hunting offers visibility and in-depth information and signals around your network to efficiently detect and locate threats or potential threats in your network with our comprehensive
Threat Hunt Dashboard.

Identity and Access Management (IAM) 

Offers protection against unauthorised access to sensitive data with features like RBAC, MFA, and user provisioning and de-provisioning processes.

Secure Access Service Edge (SASE) 

Enables organisations to secure access to resources and services from any location, on any device, and over any network.

Threat Intelligence Platform (TIP) and Automated Actionable Intelligence Capabilities 

•   Full integrated Intelligence reduces the burden of operationalising Threat intelligence 
•   AAI enables organisations to automate the process of analysing and responding to security threats.

Automatic and User-enabled Software Upgrades and Updates 

Ensures that you are stacked up with all the latest technologies and updates to detect and respond to new threats.

High Availability 

Ensures the system is always operational and able to defend against security threats.

Advanced NGFW and best-in-breed NDR  

Offers a more comprehensive level of protection by using a centralised platform to collect and analyse data from multiple sources - identifying a wide range of threats, including malware, ransomware, and other malicious activities.

Secure Web Gateway

Monitors and controls all web traffic passing through the gateway, using a combination of technologies such as URL filtering, malware detection, and content inspection to protect the network from external threats.

Network Discovery and Management 

Discover and map out devices and network infrastructure on your network - including identifying devices, IP addresses, operating systems, and installed software.

Streamlined Object Policy Control 

Allows administrators to set granular policies for data access and usage and monitor and enforce compliance with those policies in real-time.


•   Improves the security of a WAN by providing better visibility and control over network traffic. 
•   Protocol support for Wireguard, SSL VPN and OpenVPN.

Azure AD Cloud Monitoring

Captures extended Microsoft Office 365, SharePoint, DLP threat detection with all Microsoft subscription levels. Retain and access important forensics needed during an incident response.

Passive Encryption Control

Rolls out IEC 62443 secure zones and conduits to protect networks with application-specific baselines on IoT/OT devices, allowing you to secure your network without the need for agents.

Reporting and Continues Threat Exposure Management

•   Allows users to view and analyse data about detected threats, such as the type of attack, the origin of the attack, and the affected systems. 
•   Apply virtual patching and maintain a
Moving Target Defence.

Red Piranha is a world leader in cyber threat intelligence and our inclusion in the Cyber Threat Alliance (CTA) is a testament to that.

An Integrated Approach

  • Crystal Eye XDR delivers a comprehensive solution across a range of security areas, with the whole platform working together to protect, detect and respond to threats in your environment.

  • This all works together to provide a single defence-in-depth platform to mitigate risks to your organisation.

  • Our modular approach can be catered to meet the needs of each company, so you can pick and choose what matters most to you without implementing the whole solution.

  • It's about business outcomes and managing risks specific to your needs, not just about technology for the sake of it.

For MSPs

  • Delivers effective cybersecurity outcomes for your clients without the overhead of developing, staffing, auditing and maintaining your security teams. Red Piranha offers fully compliant security outcomes on your behalf to your client without the risk.

  • Out-of-the-box ability to detect threats, offering a consistent level of security without the complexity of integrating products from multiple vendors.

  • Automatically collects and correlates information across the entire IT architecture to identify real threats anywhere in your client’s IT environment and automatically triggers the coordinated response.

  • Lowers the cost of integration and allows for the deployment of critical security controls such as monitoring and incident response seamlessly.

  • MSP-specific integrations and multi-tenant console, a scalable solution.

  • 24/7/365 rapid Response for peace of mind.


  • Crystal Eye XDR addresses security holistically, offering more visibility and context into potential cyber threats before they become an event.

  • Groups related threats across the MITRE ATT&CK framework and address them according to your risk appetite.

  • Offers automated detection and response capabilities, allowing your security teams to streamline the processing of the large volume of security data.

  • Direct on-demand human-machine teaming allows you to escalate and call on our team of experts for push-button security outcomes.

  • Cost-effective data storage and analytics to process large volumes of data.

  • On-demand threat hunting to proactively detect security breaches.

  • Integrated PCAP analysis to reduce attacker dwell time.

  • On-demand Digital Forensics for effective rapid response.