In-house developed product by CYFIRMA
2017 (Company founded)
CSP/30
DeCYFIR 4.0- External Threat Landscape Management Platform
Predictive Threat Intelligence, External Threat Landscape Management, Attack surface discovery & monitoring, Digital Risk & Brand Protection
DeCYFIR is an External Threat Landscape Management (ETLM) platform that provides predictive and actionable cyber-intelligence. It combines advanced cyber-intelligence with attack surface monitoring and digital risk protection into one unified platform to help organizations proactively identify, predict, and mitigate cyber threats before they can cause harm.
Founded by Kumar Ritesh, who spent almost a decade with a major national intelligence service managing cyber-intelligence to counter terrorism and other international threats. CYFIRMA was created to democratize military-grade intelligence for commercial enterprises, providing quality cyber-intelligence to guide appropriate security controls.
Differentiators
1. Predictive Intelligence: Predicts cyber-attacks targeting organizations before cybercriminals can cause harm, providing early warnings at the reconnaissance and weaponization stages before actual exploitation occurs
2. Personalized & Contextualized: Data points and insights are tailored to match the specific technology stack, industry vertical, and geolocation of the client. Removes noise and reduces false positives to ensure high-impact alerts
3. Military-Grade Intelligence for Commercial Use: First-of-its-kind platform bringing government-level threat intelligence capabilities to commercial enterprises with outside-in view from the hacker's lens
4. Unified Platform - 8 Threat Views: Industry's first platform that integrates attack surface discovery, vulnerability intelligence, brand intelligence, digital risk, and cyber-intelligence in a single pane of glass
5. Multi-Layered Intelligence: Provides strategic, management, and tactical intelligence suitable for both business leaders and security operations teams with contextualized threat data including adversary details, TTPs, and attack methodologies
Solution
DeCYFIR provides a comprehensive External Threat Landscape Management solution with eight pillars of threat intelligence on a single unified platform:
1. Attack Surface Discovery - Real-time continuous monitoring to identify shadow IT, exposed assets, open ports, weak certificates, and misconfigurations
2. Vulnerability Intelligence - Vulnerabilities mapped to assets with associated exploits ranked by criticality
3. Brand Intelligence - Digital footprint monitoring for impersonation, infringement, and data leaks
4. Digital Risk Discovery and Protection - Monitors hidden attack surfaces, vulnerable systems, leaked data, and executive impersonation
5. Situational Awareness - Contextual threat intelligence updates
6. Cyber-Intelligence - Detailed insights into external threat landscape including adversary details, TTPs, attack paths
7. Third-Party Risk Intelligence - Third-party connection exposure and risk monitoring
8. Predictive Intelligence - Early warnings of impending cyberattacks at reconnaissance and weaponization stages
Features
Attack Surface Discovery:
- Domain/Subdomain monitoring
- IP address range identification
- Open ports detection
- SSL/TLS certificate monitoring (misconfigured/expired certificates)
- Hardware/software misconfigurations detection
- Cloud weakness and exposure monitoring
- IP/Domain reputation tracking
- Shadow IT identification
- Third-party connection exposure analysis
Vulnerability Intelligence:
- Asset-to-vulnerability mapping
- Exploit association and ranking
- Criticality-based prioritization
- Real-time vulnerability updates
Cyber-Intelligence Features:
- Adversary identification and profiling
- Tactics, Techniques, and Procedures (TTPs) analysis
- Attack path mapping
- Malicious hosting site identification
- Cybercrime campaign correlation
- Dark web and deep web monitoring
- Leaked credential detection
Brand Intelligence:
- Digital footprint analysis
- Brand impersonation detection
- Domain infringement monitoring
- Data leak identification
- Executive impersonation alerts
Operational Features:
- AI-powered alert prioritization system with time-stamps and severity-based arrangement
- Risk Dossier - Complete threat playbook
- Graphical threat representation by geography, industry, and technology
- Real-time notifications via Alert App
- Customizable notification settings
- Request for Information (RFI) service for specific threat analysis
Review by experts
Expert Reviews:
- KuppingerCole Executive View: Recognized as External Threat Landscape Management solution with predictive and intelligence-based capabilities
- Positioned as an ETLM platform that integrates with SOAR and SIEM solutions
- Acknowledged for bringing military-grade intelligence to commercial enterprises
Client end Requirment
Minimum Requirements:
- Internet connectivity for SaaS access
- Web browser for platform access
- Email for alert notifications
- Optional: Mobile device for Alert App
No Infrastructure Required:
- No on-premises hardware/software installation
- No data center requirements
- Cloud-native SaaS deployment
Integration Requirements (Optional):
- API access for SIEM/SOAR integration
- Azure Sentinel or Splunk for SIEM integration
- ServiceNow for ticketing integration
- Cortex XSOAR for SOAR automation
Onboarding Process:
- Domain/IP address range configuration
- Keyword setup (up to 150-300 keywords based on plan)
- Alert customization and notification preferences
- User provisioning (1-5+ licenses)
- 7-day trial period available with personalized onboarding
Support
Support Channels:
- 24x7 global support across all time zones
- Email support
- Contact sales team
- Online portal access
- Regional support offices across 10 global locations
Support Services:
- Personalized onboarding
- Technical account management
- Custom threat intelligence (Request for Information - RFI): 2-4 per month
- Early Warning tailored predictive intelligence reports
- Incident analysis on-demand
- Takedown services (per request)
Professional Services:
- Additional user license provisioning
- Custom keyword expansion (100 keywords increments)
- Digital Risk Discovery add-on
- Dedicated analyst support
Architechture
Deployment Model:
- Software as a Service (SaaS) platform
- Cloud-based with PaaS components
- No on-premises deployment required
Technical Architecture:
- AI and ML-powered analytics engine
- Cloud-based data processing
- Real-time data ingestion and correlation
- API-driven integration architecture
Integration Capabilities:
- SIEM Integration (Azure Sentinel, Splunk)
- SOAR Platform Integration (Cortex XSOAR, Microsoft Azure Logic Apps)
- ServiceNow integration
- Vulnerability Management tools
- Threat Intelligence platforms
- AWS Marketplace deployment option
Data Flow:
- Outside-in approach (external threat perspective)
- Continuous 24/7 monitoring
- Real-time threat correlation
- Automated data enrichment and IOC (Indicator of Compromise) storage
Infrastructure/Operation
Operational Model:
- SaaS subscription-based platform
- Fully managed cloud service (no client infrastructure required)
- 24/7 automated monitoring and detection
- Human-in-the-loop for threat analysis and RFI requests
- Alert App for mobile/desktop notifications
Support Levels:
- Personalized onboarding included
- 7-day free trial available
- 24x7 global support across all regions
- Request for Information (RFI) service: 2-4 RFI per month depending on plan
- Dedicated account management for enterprise clients
- Custom threat intelligence reports (Early Warnings)
Technical Specifications
Functional Specifications:
- Multi-tenant SaaS architecture
- User licenses: 1-5+ concurrent users
- Keyword monitoring: Up to 300 keywords per subscription
- Multi-layered intelligence: Strategic, Management, and Operational views
- Eight threat view modules integrated in single dashboard
- Executive, Management, and Operation-level dashboards
Operational Specifications:
- 24/7 continuous monitoring
- Real-time alert generation
- Cloud-native with no infrastructure deployment required
- API-based integration with security tools
- Customizable alert thresholds and notifications
- Incident response capability with contextual threat hunting
Compliance & Security:
- ISO 27001 certified
- EU GDPR compliant
- ISO 4001 certified
- AICPA SOC certified
Current Market
Market Presence:
- Operating in 50+ countries
- 30+ Fortune 500 companies
- 100+ companies using CYFIRMA security solutions
- Global presence with offices in: Singapore (HQ), India, Japan, USA, Germany, South Korea, Australia, Taiwan, Vietnam, Dubai
Client Testimonials:
- "Great analytics prowess and excellent external threat insights. CYFIRMA could uncover exposures which we did not know previously" - Security Operations Lead, Global Hi-tech Manufacturer
- "To stay ahead, we must ensure our security posture is solid and defensible. CYFIRMA's intelligence reports provide valuable recommendations" - Head of Infrastructure, Manufacturing MNC
- "The threat reports have been absolutely necessary to keep our corporation safe from hackers and cyber-criminals" - Risk and Governance Lead, Automotive MNC
Validated Success:
- $2.5B+ in tangible and intangible losses avoided for clients
- 300+ Early Warning threat reports released
Industry Recognition:
- Recognized in Cyber Security TechVision Opportunity Engine
- Winner: Best Cybersecurity Startup
- Winner: Best Cyber Threat Intelligence Product
- Winner: Cybersecurity Executive of the Year
- Global InfoSec Awards 2021 - Most Innovative in Cyber Threat Intelligence
- Gartner Reviews listed
Target Clients
Fortune 500 Companies: Currently protecting 30+ Fortune 500 companies
Large Enterprises: Organizations with complex digital footprints requiring comprehensive threat visibility
Industry Sectors:
- Financial Services
- Healthcare/Pharmaceuticals
- Manufacturing
- Automotive
- Retail Conglomerates
- Technology/Hi-tech companies
Geographic Focus: Operating in 50+ countries across Asia-Pacific, North America, Europe, Middle East
Enterprise Size: Organizations requiring 1-300+ user licenses with complex keyword monitoring needs
Pricing / commercial model
- Subscription-based SaaS model
- Monthly or annual contracts (1-month minimum)
- Tiered pricing based on users and features
Use cases
1. Proactive Threat Prevention: Identify and mitigate attack surfaces before exploitation by cybercriminals
2. Incident Response Acceleration: Use DeCYFIR intelligence hunting capability to speed up incident response with complete external threat analysis and contextual details
3. Third-Party Risk Management: Discovery and continuous monitoring of risks from supplier, partner, and client connections
4. Brand Protection: Monitor and takedown phishing sites, domain infringement, and executive impersonation attempts
5. Vulnerability Management: Prioritize patching efforts based on asset criticality and exploit availability
6. Digital Risk Management: Monitor for leaked credentials, data breaches, and dark web mentions
7. Compliance & Risk Reporting: Executive dashboards for leadership to understand shifting threat dynamics and accelerate critical decision-making
8. SOC Enhancement: Integrate with existing SIEM/SOAR platforms to enrich threat detection and automate response workflows
Differentiators
1. Predictive Intelligence: Predicts cyber-attacks targeting organizations before cybercriminals can cause harm, providing early warnings at the reconnaissance and weaponization stages before actual exploitation occurs
2. Personalized & Contextualized: Data points and insights are tailored to match the specific technology stack, industry vertical, and geolocation of the client. Removes noise and reduces false positives to ensure high-impact alerts
3. Military-Grade Intelligence for Commercial Use: First-of-its-kind platform bringing government-level threat intelligence capabilities to commercial enterprises with outside-in view from the hacker's lens
4. Unified Platform - 8 Threat Views: Industry's first platform that integrates attack surface discovery, vulnerability intelligence, brand intelligence, digital risk, and cyber-intelligence in a single pane of glass
5. Multi-Layered Intelligence: Provides strategic, management, and tactical intelligence suitable for both business leaders and security operations teams with contextualized threat data including adversary details, TTPs, and attack methodologies
Solution
DeCYFIR provides a comprehensive External Threat Landscape Management solution with eight pillars of threat intelligence on a single unified platform:
1. Attack Surface Discovery - Real-time continuous monitoring to identify shadow IT, exposed assets, open ports, weak certificates, and misconfigurations
2. Vulnerability Intelligence - Vulnerabilities mapped to assets with associated exploits ranked by criticality
3. Brand Intelligence - Digital footprint monitoring for impersonation, infringement, and data leaks
4. Digital Risk Discovery and Protection - Monitors hidden attack surfaces, vulnerable systems, leaked data, and executive impersonation
5. Situational Awareness - Contextual threat intelligence updates
6. Cyber-Intelligence - Detailed insights into external threat landscape including adversary details, TTPs, attack paths
7. Third-Party Risk Intelligence - Third-party connection exposure and risk monitoring
8. Predictive Intelligence - Early warnings of impending cyberattacks at reconnaissance and weaponization stages
Features
Attack Surface Discovery:
- Domain/Subdomain monitoring
- IP address range identification
- Open ports detection
- SSL/TLS certificate monitoring (misconfigured/expired certificates)
- Hardware/software misconfigurations detection
- Cloud weakness and exposure monitoring
- IP/Domain reputation tracking
- Shadow IT identification
- Third-party connection exposure analysis
Vulnerability Intelligence:
- Asset-to-vulnerability mapping
- Exploit association and ranking
- Criticality-based prioritization
- Real-time vulnerability updates
Cyber-Intelligence Features:
- Adversary identification and profiling
- Tactics, Techniques, and Procedures (TTPs) analysis
- Attack path mapping
- Malicious hosting site identification
- Cybercrime campaign correlation
- Dark web and deep web monitoring
- Leaked credential detection
Brand Intelligence:
- Digital footprint analysis
- Brand impersonation detection
- Domain infringement monitoring
- Data leak identification
- Executive impersonation alerts
Operational Features:
- AI-powered alert prioritization system with time-stamps and severity-based arrangement
- Risk Dossier - Complete threat playbook
- Graphical threat representation by geography, industry, and technology
- Real-time notifications via Alert App
- Customizable notification settings
- Request for Information (RFI) service for specific threat analysis
Review by experts
Expert Reviews:
- KuppingerCole Executive View: Recognized as External Threat Landscape Management solution with predictive and intelligence-based capabilities
- Positioned as an ETLM platform that integrates with SOAR and SIEM solutions
- Acknowledged for bringing military-grade intelligence to commercial enterprises
Client end Requirment
Minimum Requirements:
- Internet connectivity for SaaS access
- Web browser for platform access
- Email for alert notifications
- Optional: Mobile device for Alert App
No Infrastructure Required:
- No on-premises hardware/software installation
- No data center requirements
- Cloud-native SaaS deployment
Integration Requirements (Optional):
- API access for SIEM/SOAR integration
- Azure Sentinel or Splunk for SIEM integration
- ServiceNow for ticketing integration
- Cortex XSOAR for SOAR automation
Onboarding Process:
- Domain/IP address range configuration
- Keyword setup (up to 150-300 keywords based on plan)
- Alert customization and notification preferences
- User provisioning (1-5+ licenses)
- 7-day trial period available with personalized onboarding
Support
Support Channels:
- 24x7 global support across all time zones
- Email support
- Contact sales team
- Online portal access
- Regional support offices across 10 global locations
Support Services:
- Personalized onboarding
- Technical account management
- Custom threat intelligence (Request for Information - RFI): 2-4 per month
- Early Warning tailored predictive intelligence reports
- Incident analysis on-demand
- Takedown services (per request)
Professional Services:
- Additional user license provisioning
- Custom keyword expansion (100 keywords increments)
- Digital Risk Discovery add-on
- Dedicated analyst support
Scope
Data Center
SaaS-based platform (cloud-hosted), with integrations to AWS Marketplace and Microsoft Azure Sentinel
Architechture
Deployment Model:
- Software as a Service (SaaS) platform
- Cloud-based with PaaS components
- No on-premises deployment required
Technical Architecture:
- AI and ML-powered analytics engine
- Cloud-based data processing
- Real-time data ingestion and correlation
- API-driven integration architecture
Integration Capabilities:
- SIEM Integration (Azure Sentinel, Splunk)
- SOAR Platform Integration (Cortex XSOAR, Microsoft Azure Logic Apps)
- ServiceNow integration
- Vulnerability Management tools
- Threat Intelligence platforms
- AWS Marketplace deployment option
Data Flow:
- Outside-in approach (external threat perspective)
- Continuous 24/7 monitoring
- Real-time threat correlation
- Automated data enrichment and IOC (Indicator of Compromise) storage
Infrastructure/Operation
Operational Model:
- SaaS subscription-based platform
- Fully managed cloud service (no client infrastructure required)
- 24/7 automated monitoring and detection
- Human-in-the-loop for threat analysis and RFI requests
- Alert App for mobile/desktop notifications
Support Levels:
- Personalized onboarding included
- 7-day free trial available
- 24x7 global support across all regions
- Request for Information (RFI) service: 2-4 RFI per month depending on plan
- Dedicated account management for enterprise clients
- Custom threat intelligence reports (Early Warnings)
Technical Specifications
Functional Specifications:
- Multi-tenant SaaS architecture
- User licenses: 1-5+ concurrent users
- Keyword monitoring: Up to 300 keywords per subscription
- Multi-layered intelligence: Strategic, Management, and Operational views
- Eight threat view modules integrated in single dashboard
- Executive, Management, and Operation-level dashboards
Operational Specifications:
- 24/7 continuous monitoring
- Real-time alert generation
- Cloud-native with no infrastructure deployment required
- API-based integration with security tools
- Customizable alert thresholds and notifications
- Incident response capability with contextual threat hunting
Compliance & Security:
- ISO 27001 certified
- EU GDPR compliant
- ISO 4001 certified
- AICPA SOC certified
Current Market
Market Presence:
- Operating in 50+ countries
- 30+ Fortune 500 companies
- 100+ companies using CYFIRMA security solutions
- Global presence with offices in: Singapore (HQ), India, Japan, USA, Germany, South Korea, Australia, Taiwan, Vietnam, Dubai
Client Testimonials:
- "Great analytics prowess and excellent external threat insights. CYFIRMA could uncover exposures which we did not know previously" - Security Operations Lead, Global Hi-tech Manufacturer
- "To stay ahead, we must ensure our security posture is solid and defensible. CYFIRMA's intelligence reports provide valuable recommendations" - Head of Infrastructure, Manufacturing MNC
- "The threat reports have been absolutely necessary to keep our corporation safe from hackers and cyber-criminals" - Risk and Governance Lead, Automotive MNC
Validated Success:
- $2.5B+ in tangible and intangible losses avoided for clients
- 300+ Early Warning threat reports released
Industry Recognition:
- Recognized in Cyber Security TechVision Opportunity Engine
- Winner: Best Cybersecurity Startup
- Winner: Best Cyber Threat Intelligence Product
- Winner: Cybersecurity Executive of the Year
- Global InfoSec Awards 2021 - Most Innovative in Cyber Threat Intelligence
- Gartner Reviews listed
Target Clients
Fortune 500 Companies: Currently protecting 30+ Fortune 500 companies
Large Enterprises: Organizations with complex digital footprints requiring comprehensive threat visibility
Industry Sectors:
- Financial Services
- Healthcare/Pharmaceuticals
- Manufacturing
- Automotive
- Retail Conglomerates
- Technology/Hi-tech companies
Geographic Focus: Operating in 50+ countries across Asia-Pacific, North America, Europe, Middle East
Enterprise Size: Organizations requiring 1-300+ user licenses with complex keyword monitoring needs
Pricing / commercial model
- Subscription-based SaaS model
- Monthly or annual contracts (1-month minimum)
- Tiered pricing based on users and features
Use cases
1. Proactive Threat Prevention: Identify and mitigate attack surfaces before exploitation by cybercriminals
2. Incident Response Acceleration: Use DeCYFIR intelligence hunting capability to speed up incident response with complete external threat analysis and contextual details
3. Third-Party Risk Management: Discovery and continuous monitoring of risks from supplier, partner, and client connections
4. Brand Protection: Monitor and takedown phishing sites, domain infringement, and executive impersonation attempts
5. Vulnerability Management: Prioritize patching efforts based on asset criticality and exploit availability
6. Digital Risk Management: Monitor for leaked credentials, data breaches, and dark web mentions
7. Compliance & Risk Reporting: Executive dashboards for leadership to understand shifting threat dynamics and accelerate critical decision-making
8. SOC Enhancement: Integrate with existing SIEM/SOAR platforms to enrich threat detection and automate response workflows
