The SOC In A Box

Enterprise Grade Security. Small Business Priced. Monitored By CyFlare 24×7 SOC. 

What's In The Box?

Superior Monitoring Platform. Expert Analysts & Incident Response. Summarized Monthly Reporting.

Breach Detection
Hyper-Paranoid Breach Detection Service. AI Based.
24x7 Security Analysts
Dedicated Technical Account Manager. Constant Incident Monitoring & Response.
Executive Security Dashboard
Manually created each month by the Technical Account Manager to summarize key indicators.

Technical Capabilities

The SOC in a Box offering is not your average log collection and monitoring solution offered by competitive providers. The platform offers over 40 detection methods including zero day file sandboxing, machine learning and automation / remediation capabilities.

Below are just some of the features packed into “The Box":


  • Machine Learning (Supervised & Unsupervised) Real Time Kill Chain Breach Detection
  • Asset Discovery
  • Historical Forensic Investigation
  • Network Traffic Analysis
  • Application Performance Monitoring
  • Centralized Management
  • Malware Sandbox
  • Next Generation Intrusion Detection System
  • Anti-Virus
  • SIEM (Syslog, IPFIX, Aella Flow)
  • Deep Packet Inspection (3,000+ applications)
  • Application Identifcation & Metadata extraction Service Visualization
  • User visibility & tracking (Auth Log, AD, Kerberos, Radius)
  • Digitial Certificate Visibility
  • Geo Location Feeds
  • Threat Intelligence Feeds
  • Threat Intelligence Sharing
  • Firewall Enforcement Integration (Palo Alto Networks, Fortinet, AWS)
  • SIEM Integration (Splunk, Elasticsearch)
  • Orchestration Integration (Phantom)
  • Alerting
  • Reporting
  • Data Processor / Data Lake Clustering & High Availability
  • Multi-tenancy support
  • Multi-tenant machine learning
  • Multi-site ML


  • Reconn

Port scan & IP address sweeping

Brute force login failures (SSH, AD, SQL)

Brute force login success (SSH, AD, SQL) Login location anomaly detection

Web directory scan detection

Malicious user agent detection

Phishing detection

Malicious reputation detection


Zero day malware detection

Known malware detection

Lateral malware movement detection Ransomware detection

Spyware detection

Trojan detection

Virus detection


Known exploit detection (80,000+)

Zero day exploit detection

Process anomaly detection


File creation detection

File modification detection

Command & Control

C&C server reputation (50,000+)

Resolvable DGA detection

Command execution anomaly detection

SQL command line execution detection

Exfilitration & Actions

DNS tunneling detection

Denial of service detection (Syn Flood)

Anomalous outbound traffic detection

Bitcoin mining detection

Network Traffic

Geographic anomaly detection

Session duration anomaly detection

Anomalous inbound traffic detection

Abnormal smb traffic detection

Environment Support

  • AWS
  • Azure
  • Google Cloud Platform
  • VMWare
  • KVM
  • HyperV

OS Agents

  • Ubuntu
  • Debian
  • Red Hat
  • Centos
  • Docker
  • Windows

Data Capture Methods

Port mirroring

Physical Network tapping

Virtual Network tapping





Netflow / IPFIX

Sample Vulnerability Report

Vulnerability Scanning Is Now Available

Vulnerability Scanning and Management is now available to be added within a single appliance.  We provide internal and external vulnerability scanning, risk based reporting and interactive UI.

CyFlare Vulnerability Scanning addresses the core of your security by addressing your weakest points. Vulnerability Scanning is an automated technology that continuously scans your network for known gaps and weaknesses around the clock, alerting you of critical vulnerabilities and providing instructions to lower the risk to your network.

Vulnerability Scanning presents fixes for those security gaps in a format that’s easily managed and fixed by the average IT professional, without requiring a dedicated security expert. By identifying and managing weaknesses in your network, Pulse Vulnerability Scanning helps to prevent security breaches from hackers, ransomware, and other malicious sources.

Vulnerability Scanning works in concert with other defensive solutions, such as firewalls and antivirus, enabling more effective patch management and expediting the remediation process.

The Benefits

The CyFlare appliance provides a true easy button for cyber security.
We watch your network traffic flows, ingest logs and enable compliance.

Our team will pre-configure the appliance before shipping. We "burn in" all appliances for 72 hours.
High performance
Monitor up to 3gbps of traffic per appliance. Higher density models are available for large deployments.
Month To Month
We earn the business monthly offering no long term contracts for the Pulse offering.
Superior Technology
Feature rich cyber security platform with features unmatched by competitive SOC providers.
Enable Compliance
The security controls built in enable common compliance controls such as HIPAA, NIST, PCI and ISO 27001.
Deploys In Minutes
With a few simple firewall changes the SOC in a Box is enabled.