Skip to content

Understanding Crystal Eye XDR


The Crystal Eye XDR forms an integral part of Red Piranha’s Consolidated Security Platform designed to provide enterprise-grade security and capabilities.

While being integrated into Red Piranha’s consolidated security platform the Crystal Eye XDR operates via a Cybersecurity Mesh Architecture which is nothing, but a Crystal Eye Platform meshed with integrated security support services and capabilities.

The following diagram shows how the Crystal Eye XDR operates via a Cybersecurity Mesh Architecture and forms a major part of Red Piranha’s Consolidated Security Platform.


As described in the diagram above, the Crystal Eye XDR is designed to cater to three major areas of an organisation’s threat landscape such as:

a. On-premise: This comprises of the organisation’s physical offices where the Crystal Eye XDR is deployed as a gateway security device.

b. Cloud: The Crystal Eye XDR cloud can be deployed to protect VPCs in the AWS cloud platform.

c. Remote Workforce: In today’s organisational network environment the remote workforce top’s the chart of the attacker’s target. The Crystal Eye XDR has its extended arms to protect users working from remote locations which is mainly done through its end-point applications such as SD-WAN application, Crystal Eye Attack Surface Reduction (CEASR) application, and Digital Forensics Incident Response (DFIR) application.

Deployment Options

Crystal Eye XDR In-line with an Existing External Firewall

The Crystal Eye XDR can be deployed in-line with an existing external firewall. Features offered in the CE XDR can be implemented in such a scenario.


Some of the important features that can be configured while the CE XDR runs in-line with the external firewall are as follows:

  1. All Crystal Eye XDR dashboards will function as intended providing vital stats related to the Network LAN Interface Report (LAN interfaces & VLAN interfaces), Network External Interface Report (WAN interfaces, PPPoE interfaces, Wi-fi interfaces & Virtual interfaces), Process CPU Usage, Process Memory Usage, App Status, Events (Last 24 hours),Shutdown/Restart, Users & Groups details, CE XDR Disk Usage information, Recent Software Activity details, Total Devices Connected to the network, Total Mapped Devices, Total Unmapped Devices, Total Devices Connected to the SSL VPN, IP Attack Map, Gateway Scan Summary, IDPS Alerts Statistics, Top IPs, Network Map, Top Protocols, Threat Dashboard, Email Scanning Reports, Banned IP Logs Report (Forcefield), Azure AD dashboard, Passive Encryption Alerts, Data Loss Prevention Reports dashboard

  2. All features related to Hosts & Groups application can be implemented.

  3. All device management features related to the Network Map is configurable for all devices connected to the Crystal Eye XDR.

  4. All Crystal Eye XDR SD-WAN features including IPsec VPN (Site-to-Site VPN), SSL VPN (for remote workers) and WireGuard Mesh Architecture, and WireGuard End-point application (for remote workers).

  5. Wireless Access Point can be configured to create a Wi-Fi interface.

  6. The DHCP Server app can be configured to set DHCP IP pools and assign Static IP addresses to devices connected to the network.

  7. Configure Crystal Eye XDR as the DNS Server for the network.

  8. Add a new interface (such as VLAN interface, Virtual Interface, and PPPoE interface) in the Crystal Eye XDR network.

  9. Create Custom Security Zones and assign them to various interfaces created in the CE XDR network.

  10. Create Static Routes using the Static Routes app

  11. Create Dynamic Routes.

  12. The Email Scanning Gateway can be configured to scan all incoming and out-going emails.

  13. The Secure Web Gateway can be configured to activate Antimalware File Scanner, Anti-phishing, Anti-virus, Application Filter, Protocol Filter, and Web Filter.

  14. Azure AD app can be configured to monitor OneDrive, SharePoint, Mail Exchange activities, Threat Intelligence and Security Compliance Alerts.

Crystal Eye XDR Deployed in Multiple Locations and Monitored from a Single Dashboard

The Consolidated Security Platform offered by Red Piranha provides advanced capabilities to monitor multiple deployments from a single Orchestrate dashboard account.

Know more about how to monitor multiple Crystal Eye XDRs from a single dashboard

High Availability Deployments

Active/Passive High Availability is a network deployment scenario where two Crystal Eye Appliances can be used to provide uninterrupted access to the users in the event of link or node failure. Such a network configuration helps in creating a robust failover system wherein, if the primary CE fails to operate, the secondary CE automatically secures the network. Such a characteristic of the CE ensures agreed level of operational performance for a desirable period of time also known as High Availability.

Let’s try and understand how Active/Passive High Availability feature of the Crystal Eye can be deployed through the example discussed below.


In the above network diagram two Crystal Eye appliances are deployed namely, Primary CE and Secondary CE. Initially the primary CE is active and when it fails the secondary CE takes its place to secure the network. Both these CE appliances are connected to the internet through WAN 1 ports.

Both the primary and secondary CE appliances are connected to a switch through its LAN 1 ports and both the CE’s are also connected to each through its LAN 2 ports. The communication path is further extended to the LAN network from the switch.

Active/Passive High Availability feature of the Crystal Eye is usually used to ensure business continuity where business processes are critical. HA can be implemented to secure large networks where the communication path is spread across various locations.

Let’s understand the High Availability deployment of Crystal Eye with the help of a high-level network diagram where the networks are spread across different locations namely, Enterprise Network, Branch Network and Remote Users. In the example below, the enterprise network is further segmented to various other networks such as office network, DMZ network and data centre.


Both the Crystal Eye appliances, Primary CE and Secondary CE are physically deployed in the enterprise network as its network gateway. It also helps in establishing secure connections between branch office, remote users and enterprise network with the help of Crystal Eye’s SD-WAN.

Know more about how to configure high availability on the Crystal Eye XDR

Multi-WAN Deployments

The Crystal Eye XDR can be deployed to make use of its multi-WAN feature that allows the appliance to be connected to multiple Internet connections. Multi-WAN offers many benefits to environments requiring a reliable connection to the Internet, including load balancing, packet segregation and automatic failover.

Let’s understand CE deployment of Multi-WAN with the help of the following network diagram. Here, the network is segregated to enterprise network, remote users and branch network. The Crystal Eye appliance is deployed in the enterprise network and it receives internet connections from two ISP’s namely ISP 1 and ISP 2.


The enterprise network is further segregated to Wi-Fi network, Office Network, DMZ Network and Data Center. The branch network and the remote users connect to the enterprise network securely through SD-WAN.

Know more about how to configure Multi-WAN on the Crystal Eye XDR