Cryptomage Cyber Eye offers a unique approach to network traffic analysis, with a combination of protocol behavior, packet analysis, and host communications behavior analysis. While the majority of security solutions focus only on user and host behavior, Cryptomage Cyber Eye also incorporates unusual low-level network behavior.

Cryptomage Cyber Eye is much more than a traffic flow analytics tool. It provides real-time, network-

based anomaly detection and prediction, powered by low-level network protocol, machine learning and AI algorithms.

In this way, the solution analyzes network protocol and host activity with our groundbreaking network steganography expertise. This includes detection and prevention of unknown or hidden network traffic, communication, and information/data, such as when a TCP/ IP has been intentionally modified to allow illegal botnet operations to occur.

While Cryptomage Cyber Eye is always evolving, it is also designed to integrate and interact with other security solutions to increase threat detection. This means you can combine our unique network analysis capabilities with other security tools to achieve even greater levels of threat detection.

Cryptomage Cyber Eye can detect and predict network based threats, such as:

  • hidden network traffic (network steganography)
  • botnet C2 communication
  • suspicious network traffic
  • intentional network protocol modification in internal devices
  • unauthorized device connection
  • malware activity
  • 0-day attacks
  • DDoS

The solution can be deployed with sensor parameter configuration, algorithm block addition, and incident prioritization, in two ways:

Active Mode, with configurable automation, such as:

  • detection response workflow configuration

Passive Mode, which performs analysis on a real-time copy of your network traffic:

  • does not interfere in network connections
  • undetected by other network devices

Both modes work out-of-the box and do not require additional configuration to become fully operational. Detected anomalies and possible security incidents are then transmitted to SIEM solutions for further analysis.