Product Architecture: System Entities
Entity 1: Costumer
Customer stands for the end client who will eventually receive CYFOX Protection services (EDR and XDR).
By creating licenses, each customer gets its own keys (License Key, Activation Key) which generate the customer ID.
The unique customer ID is then used to:
Validate and connect agents to the customer's environment.
Aggregate data to be sent to the customer's tenant in the CYFOX cloud.
Entity 2: MSSP
MSSP (Managed Security Service Provider) is an entity authorized to:
Sell CYFOX products to its end users (End Costumers)
Provide SOC (Security Operations Center) services to its customers.
Providing SOC services means that the customer needs to grant access to the MSSP for its tenant.
Without granting this access, the MSSP would not have visibility into the end-customer's environment.
Entity 3: Distributor
Can purchase CYFOX products and grant permissions for MSSPs to sell CYFOX products.
Entity 4: Solution Owner
A unique admin user, permitted only for CYFOX, allows viewing all activities within the system.
Note: End-customer activity is an exception. Without granted access, even the solution owner cannot connect to the customer's environment.
Entities Structure
CYFOX Cloud uses a multi-tenant structure that defines the roles and access levels of different entities within the system
After understanding the different entities and their roles within CYFOX Multi-Tenant, it is important to clarify the specific order in which actions can be applied.
The diagram illustrates who has access to view and take actions, and how these permissions are structured.
Costumer Attributes
Service Provider Attributes
Distributor Attributes
CYFOX Cloud Architecture
This diagram represents the CYFOX Cloud Architecture, showcasing the interaction between various entities, services, and components within the CYFOX Cloud platform. Here’s a breakdown of how it works:
1. EDR Agents and XDR Servers:
EDR Agents and XDR Servers are deployed at clients' endpoints and on-premise systems. These agents continuously monitor and send security-related events to the cloud.
2. CYFOX Cloud API:
The agents and servers communicate with the CYFOX Cloud API, which is a gateway for all data exchanges between the endpoints and the cloud infrastructure. The API also handles requests and responses from the agents to centralize the threat detection process.
3. Licensing and Authentication Servers:
The Licensing Server manages the creation and validation of licenses, ensuring that only authorized users and systems are allowed to access CYFOX Cloud.
The Authentication Server handles user and system authentication, securing access to the system based on credentials.
4. Events DB:
All security-related events generated by the agents are stored in the Events Database. This database organizes events by Event IDs, ensuring each event is traceable and linked to specific entities (customers, MSSPs).
Data from the database is used for ongoing threat analysis and reporting.
5. Entities (Structure) DB:
This database holds information on the system’s structure, such as Distributors, MSSPs, and Customers. It defines relationships between entities, allowing the system to know which MSSP manages which customers and how data flows between them.
6. MSSP A and MSSP B:
MSSP A (MSSP ID = 1) and MSSP B (MSSP ID = 2) represent two different Managed Security Service Providers (MSSPs). Each MSSP is responsible for managing a set of customer companies.
The diagram shows which companies fall under each MSSP, with Company C, G, and H managed by MSSP A and Company A, B, E, F managed by MSSP B. Each company’s data is tracked by its unique Event ID.
7. Browser Access:
Users access CYFOX Cloud through a browser interface. The browser allows administrators, MSSPs, and authorized users to interact with the platform, view event data, and manage client environments.
8. Data Flow:
The data flow starts from EDR agents and XDR servers at the customer’s endpoint, moving through the CYFOX Cloud API and into the Events Database. The data is sorted and linked to the appropriate MSSP or customer based on the Customer ID.
MSSPs can view, manage, and respond to threats through their respective access to customer data in real time.
This architecture ensures a secure, scalable, and organized structure, where MSSPs can manage multiple customers effectively while maintaining data segregation and security.