Ceva <> Unfold Demo

Recap of what we covered together.

Recap

Key Takeaways

01

Observability Gaps Across Critical Systems

Correlating an incident today means manual exports, KQL queries, and console-hopping — costing hours on investigations that should take minutes.

02

A Small Team Carrying A Big Load

5 security people covering 47 countries, 7,000 employees, and a full enterprise security stack.

03

The Goal For Today's Demo

Show that any enterprise system can be connected to Ceva's existing security stack — starting with ERP access rights, queried in plain language.

Demo

Live Demo

Start Demo
Deployment

Deployment Overview

Deployment Architecture
Three Ways To Unfold Your Stack
Security Everywhere
Your Security Tools On Every Application
SIEM, DLP, identity, AI SOC — extend your entire security stack to every app, not just the ones vendors support out of the box.
Vendor Lock-In
Break Free From Closed Systems
Trapped by vendors with no export, no API, no way out. Unfold exposes structured, queryable access to any application's data.
Universal MCP
Your Agents On Top Of Any Application
No API? Partial API? Unfold exposes a Universal MCP — enable AI agents on top of every app.
AI Agents — Full Governance. Enable safe AI interaction with telemetry, control, and auditability built in.
Under The Hood

How Unfolding Works

How Unfolding Works
Example

Legacy CRM — Unfolded

A third-party CRM with a limited API and minimal logs. You need SOC visibility and workflow automation — but the vendor doesn't expose enough.

Raw CRM Log 
INFO 192.168.4.22 2026-03-07T09:42:15
/api/v3/reports/customers/export
Unfolded 
{
  "timestamp": "2026-03-07T09:42:15",
  "actor": "sarah.connor",
  "source_ip": "84.229.12.47",
  "action": "mass_customer_export",
  "resource": "customer_database",
  "records_exported": 84591,
  "export_format": "CSV",
  "target_id": "crm_core_prod"
}
Case Study

A Race Against Data Exfiltration in a Black-Box Application

CRM data was leaking live on Telegram — and with no visibility into who was acting in the application, they had no way to stop it.

Sector
Gov Entity
Company Size
5,000+
Environment
Self-Hosted
Incident
Active data exfiltration
01 · The Situation

Customer Couldn't Tell Who Is Accessing A Resource

01

3rd Party CRM

Self Hosted CRM, one of the market leader vendors

02

Elite IR Teams Trying For Weeks

Combined efforts of internal and external IR teams

03

Sensitive Customer Data Still Leaking

Classified records leakage, from a gov agency that has huge potential damage, continuously leaking to the public.

02 · Without Unfold

The Reality Before

01

Trying To Understand Who Is Accessing The Resource

Internal team trying to correlate between multiple resources (The asset, security products - EDR, FW, SIEM)

02

Two External IR Services Companies Called In

Reach out and hire 2 premium IR companies in order to accelerate the investigation process

03

Still, No Lead

After multiple weeks of manual investigation, they can't still determine who is the actor and what is the root cause

04

Negotiating With Attacker

Trying to reach out and interact with attacker in order to stop the incident

03 · With Unfold

Resolution in Minutes

01

Understanding the application in minutes

Using the Unfolding process, unfold learned the CRM deeply - its events, entities, protocols, and operational patterns.

02

Unfold Ships Correlated Events

Unfold Maps every user activity to any product functionality - Answering the question - which user triggered the export and from which IP.

03

From Installation To Remediation In Minutes

Immediately after the next export attempt, The Team was able to block the specific actor using the FW.

04

On-Going Monitoring

Telemetry pipeline from the CRM to the Customer's SIEM was built and continuously monitoring the asset.

04 · Impact

The Numbers

Time To Detect
From weeks of IR
2 Hours
Total Project Cost Reduced
Future cost avoided for all events
70%
Per App
Regulation Violations Avoided
Due to the security breach
5