Dashboard/ How-it-works
Offline
Four-Pillar Architecture

How CyberCore
Protects Your Practice

CyberCore uses a four-pillar approach to dental IT management: Watch, Protect, Fix, and Report. From kernel-level crash detection to autonomous remediation, every step is purpose-built for dental practices — engineered from 100,000+ real dental IT tickets.

Watch

24/7 monitoring

Protect

Threat detection

Fix

22-sec recovery

Report

Real-time dashboard

View Pricing Explore the Four Pillars
Pillar 1

Watch: Continuous Monitoring

The foundation of CyberCore is visibility. The Smart Agent runs as a lightweight Windows service on every workstation and server in your practice, streaming real-time telemetry to the CyberCore platform. Unlike generic RMM tools that treat a dental office like any other business, our agent knows what to look for in a dental environment.

What the Smart Agent Watches

Dental Software Health

27 applications detected and monitored — Open Dental, Dentrix, Eaglesoft, DEXIS, Carestream, Planmeca Romexis, and more. Process uptime, memory consumption, and hang detection in real time.

Dental Sensor Status

USB dental sensors (X-ray, intraoral cameras) tracked via VID/PID hardware fingerprinting. The agent detects connections, disconnections, and driver failures the moment they happen.

Network & Connectivity

Latency measurements, DNS resolution, gateway reachability, and bandwidth monitoring. The agent flags degradation before it becomes an outage that disrupts patient scheduling.

Printers & Peripherals

Network and USB printer discovery, queue monitoring, and status tracking. Knowing a label printer is offline before the front desk discovers it prevents workflow disruptions.

Antivirus & Firewall

Real-time verification of AV definition currency, scan schedules, and Windows Firewall status. If protection lapses, CyberCore flags it immediately — not at the next quarterly audit.

System Resources

CPU utilization, memory pressure, disk space trending, and Windows Update status across every endpoint. Each metric feeds into a per-device health score visible on your dashboard.

All of this telemetry streams over encrypted WebSocket connections with sub-second latency. The agent consumes under 50 MB of RAM and less than 1% CPU — invisible to your practice workflow. Every data point feeds into the Practice Dashboard, giving you a single pane of glass for your entire IT environment.

Pillar 2

Protect: Real-Time Threat Detection

Monitoring is only useful if the system can recognize danger. CyberCore's Protect layer continuously evaluates your practice's security posture and flags threats before they escalate into breaches. Dental practices are high-value ransomware targets — patient records, insurance data, and the operational urgency of healthcare make practices more likely to pay. CyberCore is built to counter that.

Ransomware Behavioral Analysis

CyberCore doesn't rely solely on signature-based detection. The agent monitors file-system behavior patterns characteristic of ransomware — rapid encryption of files, mass file-extension changes, and abnormal disk I/O patterns. When suspicious behavior is detected, the system triggers an immediate alert with contextual information about the affected workstation, allowing rapid isolation before lateral movement occurs.

Exposed RDP Port Detection

Remote Desktop Protocol exposed to the public internet remains one of the most exploited attack vectors in healthcare IT. CyberCore continuously scans for RDP ports (3389 and common alternates) visible outside the practice network. If an exposed port is found, the dashboard raises a critical alert with remediation guidance — because a single exposed RDP port has led to catastrophic breaches at dental practices nationwide.

Disabled Firewall & UAC Alerts

Windows Firewall disabled "temporarily" for troubleshooting often stays disabled indefinitely. CyberCore monitors firewall status on every endpoint and alerts the moment protection drops. The same applies to User Account Control — if UAC is weakened or disabled, you'll know within seconds, not at the next scheduled security review.

Antivirus Currency & Compliance

An antivirus product that's installed but outdated provides a dangerous false sense of security. CyberCore tracks AV definition dates, scan history, and real-time protection status. If definitions fall more than 48 hours behind, or if real-time scanning is disabled, the system flags it as a compliance risk — critical information for HIPAA security rule adherence.

Every threat detection event is logged with full context — timestamp, affected device, severity level, and recommended action. This data feeds directly into the Report pillar and can be exported for HIPAA security risk assessments. This assessment is informational and does not constitute legal advice.

Pillar 3

Fix: 22-Second Crash Recovery

This is the pillar that changes everything. When dental software crashes — and it does, regularly — the traditional response is to call your IT provider, wait on hold, explain the problem, and wait for a remote session. Average resolution: 45 to 75 minutes. CyberCore replaces that entire process with a 22-second autonomous recovery that happens before most staff even notice the crash.

The 22-Second Recovery Timeline

0

0 ms

ETW Kernel-Level Detection

The Smart Agent hooks into Windows Event Tracing for Windows (ETW) at the kernel level. The moment a monitored dental application process terminates unexpectedly, the agent captures the event — exit code, process ID, timestamp, and termination context. This is not a polling-based check; it's a kernel callback that fires in real time.

0–500

0–500 ms

10-Signal Classification Engine

Within half a second, the termination event passes through the classification engine. Ten independent signals are evaluated to determine whether this was a genuine crash or an intentional closure. Only terminations that score above the crash threshold proceed to remediation. This is what prevents false positives — the system doesn't blindly restart every closed application.

500

500 ms – 20 s

17–20 Second Grace Period

After confirming a crash, the agent waits 17 to 20 seconds before acting. This grace period serves multiple purposes: it allows Windows to release file locks held by the crashed process, gives the operating system time to flush pending I/O operations, and prevents conflicts with any Windows Error Reporting dialogs. The grace period is calibrated specifically for dental PMS databases that need clean release cycles.

20–22

20–22 s

2–3 Second Auto-Launch

The agent launches the application using the same execution context — correct user profile, working directory, and command-line arguments. The application opens in 2 to 3 seconds. Total elapsed time from crash to working application: approximately 22 seconds.

~22 sec

CyberCore autonomous recovery

45–75 min

Traditional MSP phone-call response

The difference is not incremental — it is orders of magnitude. A front-desk coordinator whose Open Dental crashes mid-checkout doesn't call IT, doesn't wait on hold, and doesn't lose the patient's appointment data. The application is back before the patient finishes signing their receipt. That's the Fix pillar in practice.

Pillar 4

Report: Real-Time Practice Dashboard

The Watch, Protect, and Fix pillars generate enormous amounts of actionable data. The Report pillar organizes that data into a Practice Dashboard that practice owners and office managers can understand without a computer science degree. No more waiting for monthly reports from your MSP — the health of your entire practice IT environment is visible in real time.

What You See on the Dashboard

Practice Health Score

A composite score from 0–100 calculated across all devices, software health, security posture, and network stability. One number that tells you whether your IT infrastructure is solid or needs attention.

Open Tickets & Alerts

Every detected issue — from a crashed application to an expired AV definition — creates a ticket. Tickets are prioritized by severity and include recommended actions. Resolved tickets show full remediation timelines.

Device Status Grid

Every workstation and server in the practice shown with real-time status: online/offline state, health score, last check-in time, installed dental software, and active alerts. Color-coded for instant visual triage.

Remediation History

A complete log of every autonomous action CyberCore has taken — crash recoveries, threat alerts, and proactive fixes. Each entry includes timestamps, the 10-signal classification results, and outcome status.

The dashboard is designed for two audiences. Practice owners see the big picture — health scores, cost impact, and compliance status. Office managers see the operational detail — which devices need attention, which tickets are pending, and what CyberCore fixed autonomously. Both views update in real time via the same WebSocket infrastructure that powers the Smart Agent.

The 10-Signal Classification Engine

The core intelligence behind crash-vs-intentional determination. Every process termination is evaluated against ten independent signals before any action is taken.

01

Exit Code Analysis

The process exit code is the first and strongest signal. Exit code 0 (clean shutdown) versus non-zero codes (0xC0000005 access violation, 0xC000001D illegal instruction) immediately shifts the crash probability. Known update-related exit codes are whitelisted.

02

Process Uptime

A process that ran for 8 hours and terminates is statistically different from one that crashes within 30 seconds of launch. Short-lived processes that terminate abnormally have a higher crash-score weight, helping detect launch failures and initialization errors.

03

Time of Day

A dental PMS closing at 6:15 PM in a practice that closes at 6:00 PM is almost certainly an intentional shutdown. A closure at 10:30 AM mid-appointment block is suspicious. The agent learns practice hours to refine this signal over time.

04

User Input Recency

If the user was actively interacting with the application (keyboard or mouse input within the last 5 seconds) when it terminated, the closure was likely unintentional. Idle processes that close are more likely to be intentional shutdowns or scheduled maintenance.

05

Scheduled-Task Flag

If a known scheduled task (Windows Update, backup agent, antivirus scan) is actively running when the process terminates, the engine reduces the crash score. Scheduled maintenance windows are expected sources of application closures.

06

Group-Exit Pattern

When multiple monitored applications terminate within a narrow time window (under 10 seconds), it indicates a system-wide event — shutdown, restart, or blue screen. Group exits are classified differently from isolated terminations.

07

Session-Lock State

If the Windows session is locked (user stepped away) when the process terminates, the closure pattern is different from an active-use scenario. Screen-saver and lock-state transitions are tracked to contextualize every termination.

08

Graceful-Shutdown Signal

Windows sends WM_CLOSE and WM_QUERYENDSESSION messages to applications during graceful shutdown sequences. If the process received these signals before terminating, the exit was coordinated — not a crash.

09

Parent-Process Chain

The agent traces the parent process that spawned (or terminated) the target application. If the parent is explorer.exe responding to a user close action, that's intentional. If the parent is an unknown process or the termination has no parent context, the crash score increases.

10

Restart-Loop Counter

If an application has crashed and been restarted multiple times within a short period, the engine prevents an infinite restart loop. After a configurable threshold (default: 3 restarts in 10 minutes), the agent escalates instead of restarting, creating a high-priority ticket for human review.

These ten signals were derived from analysis of 100,000+ real dental IT support tickets. Each signal is independently weighted, and the composite score determines whether to auto-recover, alert, or escalate.

Frequently Asked Questions

Common questions about how CyberCore works, what it monitors, and how to get started.

How is CyberCore installed on practice workstations?
The CyberCore Smart Agent is deployed as a lightweight Windows service — typically under 50 MB of RAM. Installation takes less than five minutes per device and requires no reboots. Your practice admin receives a single installer link, runs it on each workstation and server, and the agent auto-registers with your practice dashboard. No firewall changes or VPN configuration is needed.
Which dental software and hardware is compatible with CyberCore?
CyberCore currently detects and monitors 27 dental applications including Open Dental, Dentrix, Eaglesoft, DEXIS, Carestream, Planmeca Romexis, SoftDent, Dolphin Imaging, and more. Hardware monitoring covers USB dental sensors via VID/PID fingerprinting, network printers, servers, and standard workstation components. New integrations are added based on practice demand.
How does the crash recovery avoid false positives?
CyberCore uses a 10-signal classification engine that evaluates every process termination event. Signals include exit code analysis, process uptime, time-of-day context, user input recency, scheduled-task flags, group-exit patterns, session-lock state, graceful-shutdown signals, parent-process chain analysis, and restart-loop counting. Only events that score above the crash threshold after all ten signals are evaluated trigger auto-recovery. Intentional closures, system shutdowns, and updates are filtered out.
Does CyberCore access or store patient data (ePHI)?
No. CyberCore is designed with a HIPAA-friendly architecture that never reads, transmits, or stores electronic Protected Health Information. The agent monitors process health, system telemetry, and application status — not database contents. All telemetry is encrypted in transit via TLS 1.3 and at rest. This assessment is informational and does not constitute legal advice.
What does CyberCore monitor beyond dental software?
Beyond the 27 dental applications, CyberCore monitors operating system health (CPU, memory, disk), network connectivity and latency, printer availability, antivirus status and definition currency, firewall configuration, Windows Update status, RDP port exposure, USB device connections, and overall workstation health scores. Each metric feeds into a composite practice health score visible on your dashboard.
How long does it take to onboard a full practice?
Most single-location practices are fully onboarded in under 30 minutes. The process involves three steps: install the Smart Agent on each device (about 5 minutes per machine), verify device registration on the practice dashboard, and configure alert preferences. Multi-location practices with a dedicated onboarding engineer can typically complete rollout within one business day per location.

Ready to See It
In Action?

CyberCore is autonomous IT built for dentistry. See how the four pillars — Watch, Protect, Fix, and Report — work together to keep your practice running without manual intervention.

View Plans & Pricing Talk to Our Team

Explore more: Smart Agent · Practice Dashboard · Dental Software Crashes · Open Dental