Cylerian

Legitimate users don't log into work email from Hetzner servers or VPN exit nodes in Panama. ASN-based alerting catches what impossible travel detection misses. See how we built our 200+ ASN monitoring list for M365 sign-ins here: https://lnkd.in/eQxMQCDr #ASN #monitoring #vpn #cybersecurity

The window between a disclosed vulnerability and an active exploit is collapsing, and AI is why. Attackers now use models to fingerprint your surface, match CVEs to your exact stack, and weaponize findings before most teams finish reading the advisory. Defending reactively isn't a strategy anymore. It's a losing position. We built Cylerian's CTEM to put defenders back in front. Continuous scanning, AI-driven prioritization, automated third-party patching, and Cyra working in the background so your team doesn't have to chase every finding manually. Full breakdown here: https://lnkd.in/es3CbWad #Cybersecurity #ExposureManagement #CTEM #AI

Most security tools don't slow down attackers. They slow down analysts. Introducing Cyra, an AI assistant embedded directly into Cylerian’s platform that handles the operational grind: triaging alerts, writing queries, investigating endpoints, generating tickets. So your team can focus on the threats that actually matter. Read more here: https://lnkd.in/e9JYF4Nu  #Cybersecurity #AI #SecurityOperations #SOC #ManagedSecurity

Attackers are no longer just stealing passwords, they’re stealing trusted sessions. Modern AiTM and session hijacking attacks can bypass MFA entirely using valid session tokens, making cloud identity one of today’s biggest security challenges. Cylerian detects suspicious session activity through: • Impossible travel detection • Cloud infrastructure analysis • Device fingerprint anomalies • Automated containment workflows As identity becomes the new perimeter, authentication alone is no longer enough. Read more here: https://lnkd.in/e49bUa2Y #cloud #hijacking #cybersecurity

Our AI agent autonomously built a full threat detection ruleset, covering 10 MITRE ATT&CK techniques, 5 behavioral aggregates, and a multi-stage kill chain correlator, all in a single session. https://lnkd.in/e9r-RdTf #detectionengineering #ai #threathunting

Crowe UAE has partnered with Cylerian to launch a next-generation Security Operations Center (SOC), delivering advanced threat detection and response to mid-market and enterprise clients across the Middle East. By combining Cylerian's AI-native platform with Crowe UAE's Cyber Threat Management expertise, the on-shore SOC Command Centre offers: • Real-time visibility across endpoint, network, cloud, identity, and application data • Faster MTTD and MTTR through automated workflows • Alignment with UAE regulatory standards, including NESA and DESC • Enterprise-grade security without the overhead of building in-house Read the press release: https://lnkd.in/gc-w5zqp #CyberSecurityNews #SOC #ThreatDetection #CroweUAE #Cylerian

Partnerships like this only work when both sides bring something the other doesn't have — and that's exactly what we have with Steve Lockie, Dennis Oommen and the TechBridge Distribution MEA team. They know the region, the channel, and what enterprises across the GCC actually need. We bring the platform. Looking forward to building this out together. Thanks to the entire TechBridge team for the trust. #Proudpartner #cylerian

Hot take: SPL, KQL, and ES|QL are all stuck solving yesterday's problem. They're brilliant at filtering, aggregating, and projecting. But the moment a hunt requires logic the vendor didn't anticipate — decoding a PowerShell -EncodedCommand, computing Shannon entropy on a DNS query, lifting JWT claims out of an OAuth event — the analyst has to escape the query language entirely. We took a different bet with CyQL: a query language should be programmable, not just searchable. xform is the answer. It's a pipeline stage that runs arbitrary JavaScript against your result rows, inline with the search: type=process process.commandline:[-enc] | xform(cylerian.decode_powershell) | xform(cylerian.extract_iocs) ~130 lines of JS. Decodes base64+UTF-16-LE. Unwraps nested GZip. Defeats 'Inv'+'oke-Expression' string concat. Scores against 19 weighted IOC patterns. Sub-50ms on a typical hunt batch. Chain your transforms if you would like. More importantly: the transforms are customer-deployable. Cobalt Strike's malleable C2 profiles change quarterly — no vendor can keep up. Your team can. One afternoon, one task, applies to every search forever after. The transform an analyst prototyped during a hunt this morning is one promotion step away from being standing detection coverage. That's what closing the detection-engineering loop actually looks like. Full breakdown - including 5 more use cases (entropy, LOLBAS classification, beacon jitter, cross-field risk scoring, JWT extraction): https://lnkd.in/ef5cxygJ #DetectionEngineering #SIEM #ThreatHunting #SOC

Thank you Answer for the mention and for being a trusted partner. A shoutout to Aaron Ansari for flying the flag at BSides. Events like this are exactly where the community conversations that move our industry forward happen.