The Crystal Eye Platform


The Crystal Eye Extended Detection and Response (XDR) product range has advanced capabilities to provide end-to-end security solutions to protect device security, data security and individual’s privacy. It protects networks from various cyber security threats, by layering up security controls and integrating multiple security services. Crystal Eye is designed to defend from sophisticated cyber attacks that are targeted to disrupt different segments of the network.


The Crystal Eye XDR layers up various security related controls to provide a holistic approach in implementing a comprehensive defense in-depth strategy. It helps in enforcing highly effective mitigation strategies that play a vital role in protecting systems deployed across the network. The Crystal Eye effectively implements the defense in-depth strategy by making sure that all the network traffic is inspected and logged, and multiple controls are applied against a range of threats, and this is integrated with other technical and management tools. This essentially means that the Crystal Eye XDR becomes the center point of your network and ensures that security is embedded into the very fabric or DNA of your network.


Crystal Eye supports a range of configuration options to enhance the performance of the security features it provides. The Multithreading configuration option allows users to increase the number of threads allocated to IDS/IPS tasks. Crystal Eye’s Multithreading feature can be configured to use anywhere from a single thread up to dozens of threads for IDS and IPS processing. The Multithreading feature enables Crystal Eye to scale both vertically and horizontally and ensure that the resources of the system are used optimally.

In addition to the configurable number of threads allocated to IDS/IPS tasks, Crystal Eye also supports the CPU affinity feature. CPU affinity allows the user to specify CPU cores allocated to IDS/IPS processing, and the distribution of the workload amongst them. Distributing the processing between resources ensures that the IDS/IPS engine does not overload resources on the Crystal Eye system. Additionally, this feature ensures that excessive CPU cores do not go underutilized.

To reduce the technical burden on users, Crystal Eye comes with numerous run modes that can be used to configure the performance features, including Multithreading and CPU affinity. These pre-installed modes will not only provide a good set of defaults that are enough for most users but will also serve as a baseline configuration template for power users to tune to their needs. More advanced users can make use of entirely customizable configurations to optimize performance for their specific needs.


The Crystal Eye Operating System can be utilized by either the implementation of a Crystal Eye device on a network in various configurations, or through service providers such as Azure or AWS in cloud or hybrid cloud. The hardware appliance models offer excellent value with its hardware specifications providing unbeatable speed over various platforms.

The Crystal Eye hardware appliance can be deployed in the network configurations discussed below:

The Crystal Eye XDR is capable of securing large networks segmented into various smaller networks like enterprise network, branch office network and remote users. The physical deployment of the Crystal Eye appliance is done in the enterprise network as shown in the network diagram below.

Untitled%20Diagram%2810%29.drawio

In the network diagram above the enterprise network is segregated into office network, de-militarized zone (DMZ) network and a data center. The branch office and the remote users are connected to the enterprise network through Crystal Eye’s SD-WAN providing a secured communication path.

Active/Passive High Availability is a network deployment scenario where two Crystal Eye Appliances can be used to provide uninterrupted access to the users in the event of link or node failure. Such a network configuration helps in creating a robust failover system wherein, if the primary CE fails to operate, the secondary CE automatically secures the network. Such a characteristic of the CE ensures agreed level of operational performance for a desirable period of time also known as High Availability .

Let’s try and understand how Active/Passive High Availability feature of the Crystal Eye can be deployed through the example discussed below.!

gram.drawio

In the above network diagram two Crystal Eye appliances are deployed namely, Primary CE and Secondary CE. Initially the primary CE is active and when it fails the secondary CE takes its place to secure the network. Both these CE appliances are connected to the internet through WAN 1 ports.

Both the primary and secondary CE appliances are connected to a switch through its LAN 1 ports and both the CE’s are also connected to each through its LAN 2 ports. The communication path is further extended to the LAN network from the switch.

Active/Passive High Availability feature of the Crystal Eye is usually used to ensure business continuity where business processes are critical. HA can be implemented to secure large networks where the communication path is spread across various locations.

Let’s understand the High Availability deployment of Crystal Eye with the help of a high level network diagram where the networks are spread across different locations namely, Enterprise Network, Branch Network and Remote Users. In the example below, the enterprise network is further segmented to various other networks such as office network, DMZ network and data center.

dd.drawio

Both the Crystal Eye appliances, Primary CE and Secondary CE are physically deployed in the enterprise network as its network gateway. It also helps in establishing secure connections between branch office, remote users and enterprise network with the help of Crystal Eye’s SD-WAN .


The Crystal Eye can be deployed to make use of its multi-WAN feature that allows the appliance to be connected to multiple Internet connections. Multi-WAN offers many benefits to environments requiring a reliable connection to the Internet, including load balancing, packet segregation and automatic failover.

Let’s understand CE deployment of Multi-WAN with the help of the following network diagram. Here, the network is segregated to enterprise network, remote users and branch network. The Crystal Eye appliance is deployed in the enterprise network and it receives internet connections from two ISP’s namely ISP 1 and ISP 2.

The enterprise network is further segregated to Wi-Fi network, Office Network, DMZ Network and Data Center. The branch network and the remote users connect to the enterprise network securely through SD-WAN .

Untitled%20Diagram%2810%29%281%29.drawio


Red Piranha offers a range of Crystal Eye appliances that are built to provide multi-threat protection made possible through the threat intelligence updates received round the clock. The Crystal Eye XDR appliance caters to a wide variety of organizations across various domains and has a proven track record of providing protection that is deemed unbeatable.

The following are the Crystal Eye XDR models offered by Red Piranha:

  • Series 10
  • Series 20
  • Series 25
  • Series 30
  • Series 40
  • Series 50
  • Series 60
  • Series 70
  • Series 80
  • Series 100
  • Series 200

Visit Red Piranha store to know more about the Crystal Eye product range.