CyCraft AIR Platform

Additional Info

CompanyCyCraft Technology Corporation
Company size (employees)50 to 99
Type of solutionService


CyCraft’s AIR platform automates SOC operations, forensics, detection and response operations for CyCraft’s Fortune Global 500 and national government clients, performing managed detection and response, incident response, threat hunting and accurate remediation. AIR platform collects endpoint evidence with Xensor, conducts automated correlation and behavior analysis across all evidence with CyCarrier, and validates threats and relates global threat intelligence via CyberTotal.

Combining machine learning with unique forensic telemetry technology, Xensor provides highly efficient automated threat hunting and triaging. Using UEBA, program memory forensics, endpoint computer forensics, and network traffic analysis allows this platform to expediently respond to threats and reduce security costs.

With the CyCarrier platform, CyCraft has created a hybrid solution that combines the company’s patented AI analyst with teams of skilled security experts, providing continuous security analysis.

Using the full endpoint dataset as an integrated unit allows MSSP/SOC teams to execute remote forensics with cockpit-style visualizations and controls. This makes it easy and efficient to ascertain security threats within the enterprise, and to automatically analyze case situations within an innovative AI and evidence-based environment. CyCarrier has contextual inference capabilities that can automatically generate malware association maps (file comparisons), program behavior association diagrams (call graphs), attack context charts (lateral movement) and intrusion case timing diagrams (storylines), to elevate MSSPs/SOCs to the next level.

CyCraft’s Cyber Intel team has extensively tracked various forms of intrusion, provided historical information on APT groups, and brought together various global threat intelligence information sources into one user-friendly, scalable platform. The company channels these sources of high-quality threat intel into helping companies identify, verify and respond to threats immediately through AI automated correlation analysis and knowledge base optimization.

How we are different

● Automatic
CyCraft's AIR platform automates, streamlines, and enriches security operations by harnessing artificial intelligence to triage and augment the analysis of massive and diverse data sets to enable our clients see the whole forensic picture, the complete storyline of every incident, and find the needles in the haystack. The platform automatically enriches security alerts by collecting important internal and external context, intelligence, and forensic data to create an actionable view and relationship graph of each alert. We not only find the outside actors: our threat hunting also identifies insider threats. By automating 70% of SOC operations and providing automated actionable reporting, CyCraft enhances the power of each analyst to quickly make accurate decisions when it counts the most.

● Intelligent
Many security alerts lack critical information required to determine the context of a threat and next steps. CyCraft's AIR platform's fully visualized forensic panel data view enables makes the complex simple for security operations and incident response teams to not only find the true global root cause, but also to see each tactic and technique and their intertwined relationships in an easy to comprehend way with priorities and full courses of action, so they can be truly cyber resilient. Armed with these insights, security teams can quickly understand, prioritize, and respond to security threats.

● Resilient
CyCraft was designed to detect and remediate APTs, and delivers a total solution for comprehensive response to sophisticated, subtle and zero-day attacks, by using deep, adversarial, and reinforcement learning to support automated threat detection, forensic investigation, and response capabilities to customers worldwide. CyCraft’s unique lightweight forensic-based agent offers unparalleled performance and combined with the intelligence and automation of our investigations, response, and reporting finally brings autonomous resilience to SOCs.