Cytomic platform features

Cytomic is the new management, communication, and data processing platform developed by Cytomic and designed to centralize the services common to all of the company’s products.

The Cytomic platform manages communications with the agents deployed across the network. Its management console presents the data gathered by Advanced EDR in a structured and easy to understand way for later analysis by the network administrator.

The solution’s modular design eliminates the need for organizations to install new agents or products on customers’ computers for any new module that is purchased. All Cytomic products that run on the Cytomic platform share the same agent on customers’ endpoints as well as the same web management console, facilitating product management and minimizing resource consumption.

Key benefits of Cytomic

The following are the main services that Cytomic provides for all Cytomic products compatible with the platform:

Cloud management platform

Cytomic is a platform hosted on the Cytomic cloud, with a series of significant benefits in terms of usage, functionality, and accessibility.

It does not require management servers to host the management console on the customer’s premises: As it operates from the cloud, it can be accessed directly by all devices subscribed to the service, from anywhere and at any time, regardless of whether they are office-based or on-the-road.

Network administrators can access the management console at any moment and from anywhere, using any compatible Internet browser from a laptop, desktop, or even mobile devices such as tablets or smartphones.

It is a high-availability platform, operating 99.99% of the time. Network administrators do not need to design and deploy expensive systems with redundancy to host the management tools.

Real-time communication with the platform

The pushing out of settings profiles and scheduled tasks to and from network devices is performed in real time, the moment that administrators apply the new settings profiles to the selected devices. Administrators can adjust the security parameters almost immediately to resolve security breaches or to adapt the security service to the dynamic nature of corporate IT infrastructures.

Multi-product and cross-platform

The integration of Cytomic products in a single platform offers administrators a series of benefits:

  • Minimizes the learning curve: All products share the same platform, thereby reducing the time that administrators require to learn how to use the new tool, which in turn reduces the TCO.

  • Single deployment for multiple products: Only one software program is required on each device to deliver the functionality of all products compatible with Cytomic Platform. This minimizes the resource consumption on users’ devices in comparison with separate products.

  • Greater synergy among products: All products report through the same console. Administrators have a single dashboard from which they can see all the generated data, reducing the time and effort invested in maintaining several independent information repositories and in consolidating the information received from different sources.

  • Compatible with multiple platforms: It is no longer necessary to invest in a range of products to cover the whole spectrum of devices used by a company. Cytomic Platform supports Windows, Linux, and macOS, as well as persistent and non-persistent Virtual Desktop Infrastructure (VDI) environments.

Flexible, granular settings

The new configuration model speeds up the management of devices by reusing settings profiles, taking advantage of specific mechanisms such as inheritance and the assignment of settings profiles to individual devices. Network administrators can assign more detailed and specific settings profiles with less effort.

Complete, customized information

Cytomic Platform implements mechanisms that enable the configuration of the amount of data shown across a wide range of reports, depending on the needs of the administrator or the user of the information.

This information is completed with data about the network devices and installed hardware and software, as well as a log of changes, which helps administrators accurately determine the security status of the network.

Cytomic architecture

Cytomic architecture is designed to be scalable in order to provide a flexible, efficient service. Information is sent and received in real time to and from numerous sources and destinations simultaneously. These can be endpoints linked to the service, external data consumers such as SIEM systems or mail servers, or web instances for requests for settings changes and the presentation of information to network administrators.

Moreover, Cytomic implements a backend and a storage layer that implements a wide range of technologies that enable it to efficiently handle numerous types of data.

Logical structure of Cytomic shows a high-level diagram of Cytomic Platform.

Logical structure of Cytomic

Cytomic on users’ computers

Network computers protected by Advanced EDR have a software program installed, consisting of two independent yet related modules which provide all the protection and management functionality:

  • Cytomic communications agent module (Cytomic agent): This acts as a bridge between the protection module and the cloud, managing communications, events, and the security settings profiles implemented by the administrator from the management console.

  • Advanced EDR protection module: This is responsible for providing effective protection for users’ computers. To do this, it uses the communications agent to receive the security settings profiles and sends statistics and detection information as well as details of the items scanned.

Cytomic real-time communications agent

The Cytomic agent handles communications between managed computers and the Advanced EDR server. It also establishes a dialog among the computers that belong to the same network in the customer’s infrastructure.

This module manages the security solution processes and gathers the configuration changes made by the administrator through the web console, applying them to the protection module.

Flowchart of the commands entered through the management console

The communication between the devices and the Command Hub takes place through real-time persistent WebSocket connections. A connection is established for each computer for sending and receiving data. To prevent intermediate devices from closing the connections, a steady flow of keep-alive packets is generated.

The settings profiles configured by the network administrator through the Advanced EDR management console are sent to the backend through a REST API. The backend, in turn, forwards them to the Command Hub, generating a POST command which pushes the information to all managed devices. This information is transmitted instantly provided the communication lines are not congested and every intermediate element is working correctly.