SlideShare una empresa de Scribd logo

CryptTech 2015

Descargar como PPTX, PDF
Mustafa Kuğu
Mustafa Kuğu

CryptTech 2015

Tecnología
1 de 16
CYBER THREAT INTELLIGENCE – INNOVATIVE APPROACHES TARIK KOBALAS IDC IT SECURITY 2015
Agenda CryptTech; company profile, background and milestones CryptTech upcoming products and channels Log , Log management and SIEM CryptoSIM, SIEM solution General overview Signature/Rule Based Correlation New Approach to SIEM, Machine Learning Project Threat Intelligence Simulation via CryptoSim Artificial intelligent Siem Project – Crypttech Threat Exchange
Company Profile Leading R&D companies in Turkey in security intelligent solutions area ~3000 clients, small to large size enterprises over Turkey Our Services Log management Security Information and Event Management Hotspot solution Vulnerability and penetration tests Our Products CRYPTOLOG – Software based log manager CRYPTOSIM – Security Information and Event Management solution CRYPTOSPOT – Hotspot gateway Solution
Milestones CRYPTOLOG log manager CRYPTOSPOT Hotspot gateway CRYPTOSIM SIEM solution +600 Enterpries +2000 Customers Turkey CryptTech started
On Road Products… CryptoCTX - Crypttech Cyber Threat Exchange CryptoDLP - Data Lackage/Loss Prevention CryptoVMS – Vulnerability Management System CryptoWELA – Windows Event Log Analyser CryptoESC – Endpoint Security Client CryptoMON – Application and Network Monitoring System
Logs, Log Management and SIEM What are LOGs? Why Log management? What is SIEM? Records of actions and requests of application, operating system, network devices, servers Log data need to be processed into actionable intelligence for further analysis, reports, compliance. Security Information and Event Management Security intelligence on APTs, Risks and Incident management
Logs, Log Management and SIEM Collection Collect, Transport Parse, Normalize Categorize Analysis Search, Compliance Statistical reports Compression and Retention Correlation Events correlation Risk evaluation Alerts and Incident management Collection LOGs CRYPTOLOG CRYPTOSIM Correlation Analysis 7
General Overview Security Intelligence across network Universal Visibility over one Interface Forensic Analysis Compliance, Regulations Out-Of-the-Box Reports Application Troubleshooting
General Overview Threats Detection Event Correlation Risk Evaluation Incident Management CRYPTOLOG CORRELATION
Correlation A Linking multiple events together to detect strange behavior Event Based Rules Based Anomaly Based Risk Based Association of different but related events to provide broader context Event Time Source AccessContext
Correlation Types A Logical Correlation Cross Correlation Basic Correlation Basic Correlation Logical Correlation Cross Correlation Contextual Correlation Historical Correlation Hierarchical Correlation Contextual Correlation Historical Correlation Hierarchical Correlation Simple Rules, Login failures Performing cross correlation Between different source logs Of same events Based on priority assignment To events through a logical tree algorithm Based on asset’s characteristics Signature based and Anomaly based threat detection From previously gathered data Re-correlates the stored log with different correlation rules
Threat Intelligence A PortScan DMZ PortScan 5 Risk Level PortScan Detected Web Servers Detected by Hacker SQL Injection SQL Injection 6 SQL Injection Detected Deploying Payload Symetric Traffic 7 Symetric Traffic Detected Infected Web Server Open Connection 8 Open Connection to LAN by infected server Exploit 9 Windows Exploited – New User added 10 Windows Exploited – User Added Domain Admin Group
The more data, the more efficiency… Big data analytics from the point of Security view Complexity of system Thousands of correlation rules, billions or records for a day Elimination of false positives Updated rules, advancing system Professional services and expert team Unfortunately you need more and more data Solution is CTX – Threat Exchange Service
Innovative Aproaches to SIEM A CTX Crypttech Threat Exchange Advanced Threat and Malware Analyses Services CTX Agent Rules ML – Central Machine Learning Grid ML New CryptoSIM Engine Data New Rules Data New Rules CRYPTTECH SOC
Contact Info www.crypttech.com info@crypttech.com +90 212 217 7017 http://support.crypttech.com www.facebook.com/crypttech www.twitter.com/crypttech A
THANK YOU

Recomendados

Reconnex
ReconnexReconnex
Reconnex
gigamon
 
LogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEMLogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEM
Denitsa Dimova
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at Scale
Amazon Web Services
 
IEEE CSE Projects 2017 2018
IEEE CSE Projects 2017 2018IEEE CSE Projects 2017 2018
IEEE CSE Projects 2017 2018
CloudTechnologies
 
Novel cloud computingsecurity issues
Novel cloud computingsecurity issuesNovel cloud computingsecurity issues
Novel cloud computingsecurity issues
Joo Manthar
 
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1cbcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
Sam Kumarsamy
 
Network Security Thesis Topics
Network Security Thesis TopicsNetwork Security Thesis Topics
Network Security Thesis Topics
Phdtopiccom
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)
Priyanka Aash
 

Recomendados

Reconnex
ReconnexReconnex
Reconnex
gigamon
 
LogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEMLogSentinel Next-Gen SIEM
LogSentinel Next-Gen SIEM
Denitsa Dimova
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at Scale
Amazon Web Services
 
IEEE CSE Projects 2017 2018
IEEE CSE Projects 2017 2018IEEE CSE Projects 2017 2018
IEEE CSE Projects 2017 2018
CloudTechnologies
 
Novel cloud computingsecurity issues
Novel cloud computingsecurity issuesNovel cloud computingsecurity issues
Novel cloud computingsecurity issues
Joo Manthar
 
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1cbcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
bcs_sb_TechPartner_SSLVisibility_Lastline_EN_v1c
Sam Kumarsamy
 
Network Security Thesis Topics
Network Security Thesis TopicsNetwork Security Thesis Topics
Network Security Thesis Topics
Phdtopiccom
 
A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)A New Security Paradigm for IoT (Internet of Threats)
A New Security Paradigm for IoT (Internet of Threats)
Priyanka Aash
 
8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security Broker8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security Broker
Bitglass
 
Why Cyglass?
Why Cyglass? Why Cyglass?
Why Cyglass?
Cyglass
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
Bitglass
 
A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...
finalsemprojects
 
SIEM game changer
SIEM game changerSIEM game changer
SIEM game changer
Security Dialog
 
Cloud computing projects
Cloud computing projects Cloud computing projects
Cloud computing projects
CloudTechnologies
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security Brokers
Abhishek Tripathi
 
Blockchain for automation
Blockchain for automationBlockchain for automation
Blockchain for automation
SAGE Automation
 
Blockchain for network engineers
Blockchain for network engineersBlockchain for network engineers
Blockchain for network engineers
Blockchain Council
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
OWASP Nagpur
 
Blockchain for automation
Blockchain for automation Blockchain for automation
Blockchain for automation
JustEngineering
 
Cloud gateways for regulatory compliance
Cloud gateways for regulatory complianceCloud gateways for regulatory compliance
Cloud gateways for regulatory compliance
Ulf Mattsson
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the Hype
JoAnna Cheshire
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
Priyanka Aash
 
Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015
Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015
Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015
Hebe On
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
Priyanka Aash
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
Raffael Marty
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
The power-of-blogging
The power-of-bloggingThe power-of-blogging
The power-of-blogging
CIM East of England
 
Korelasi
KorelasiKorelasi
Korelasi
Rania Rofila
 

Más contenido relacionado

La actualidad más candente

Cloud gateways for regulatory compliance
Cloud gateways for regulatory complianceCloud gateways for regulatory compliance
Cloud gateways for regulatory compliance
Ulf Mattsson
 

La actualidad más candente (20)

8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security Broker8 questions to ask when evaluating a Cloud Access Security Broker
8 questions to ask when evaluating a Cloud Access Security Broker
 
Why Cyglass?
Why Cyglass? Why Cyglass?
Why Cyglass?
 
CASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the CloudCASB Cases: How Your Peers are Securing the Cloud
CASB Cases: How Your Peers are Securing the Cloud
 
A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...A secure and efficient id based aggregate signature scheme for wireless senso...
A secure and efficient id based aggregate signature scheme for wireless senso...
 
SIEM game changer
SIEM game changerSIEM game changer
SIEM game changer
 
Cloud computing projects
Cloud computing projects Cloud computing projects
Cloud computing projects
 
Cloud Access Security Brokers
Cloud Access Security BrokersCloud Access Security Brokers
Cloud Access Security Brokers
 
Blockchain for automation
Blockchain for automationBlockchain for automation
Blockchain for automation
 
Blockchain for network engineers
Blockchain for network engineersBlockchain for network engineers
Blockchain for network engineers
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 
Blockchain for automation
Blockchain for automation Blockchain for automation
Blockchain for automation
 
Cloud gateways for regulatory compliance
Cloud gateways for regulatory complianceCloud gateways for regulatory compliance
Cloud gateways for regulatory compliance
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the Hype
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
 
Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015
Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015
Hebeon Technologies Providing Final year IEEE Projects Title 2014-2015
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
 

Destacado

Organizational fitness2013
Organizational fitness2013Organizational fitness2013
Organizational fitness2013
Globant
 
Lab2 2 ubuntu-officeapplication
Lab2 2 ubuntu-officeapplicationLab2 2 ubuntu-officeapplication
Lab2 2 ubuntu-officeapplication
Haliuka Ganbold
 
Staffing event finance
Staffing event financeStaffing event finance
Staffing event finance
Bobby Munster
 
Embedding the ecosystem approach in policy: Problems and Potential
Embedding the ecosystem approach in policy: Problems and Potential Embedding the ecosystem approach in policy: Problems and Potential
Embedding the ecosystem approach in policy: Problems and Potential
ruralfringe
 
Playing around with rural futures in Birmingham and Nebraska
Playing around with rural futures in Birmingham and NebraskaPlaying around with rural futures in Birmingham and Nebraska
Playing around with rural futures in Birmingham and Nebraska
ruralfringe
 

Destacado (20)

The power-of-blogging
The power-of-bloggingThe power-of-blogging
The power-of-blogging
 
Korelasi
KorelasiKorelasi
Korelasi
 
Como llegar a Excel
Como llegar a ExcelComo llegar a Excel
Como llegar a Excel
 
Bab3
Bab3Bab3
Bab3
 
Ning california
Ning californiaNing california
Ning california
 
Organizational fitness2013
Organizational fitness2013Organizational fitness2013
Organizational fitness2013
 
Lab2 2 ubuntu-officeapplication
Lab2 2 ubuntu-officeapplicationLab2 2 ubuntu-officeapplication
Lab2 2 ubuntu-officeapplication
 
Opinator
OpinatorOpinator
Opinator
 
Boletin bibliografico
Boletin bibliograficoBoletin bibliografico
Boletin bibliografico
 
Ad hoc Networks
Ad hoc NetworksAd hoc Networks
Ad hoc Networks
 
Staffing event finance
Staffing event financeStaffing event finance
Staffing event finance
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 
Embedding the ecosystem approach in policy: Problems and Potential
Embedding the ecosystem approach in policy: Problems and Potential Embedding the ecosystem approach in policy: Problems and Potential
Embedding the ecosystem approach in policy: Problems and Potential
 
Measurement of NY
Measurement of NYMeasurement of NY
Measurement of NY
 
Lab4 internet
Lab4 internetLab4 internet
Lab4 internet
 
The Effect Of Testing Parameters On The Functional Impact Resistance Of UPVC ...
The Effect Of Testing Parameters On The Functional Impact Resistance Of UPVC ...The Effect Of Testing Parameters On The Functional Impact Resistance Of UPVC ...
The Effect Of Testing Parameters On The Functional Impact Resistance Of UPVC ...
 
Front legal 1--decreto-supremo-0-20150416_1032
Front legal 1--decreto-supremo-0-20150416_1032Front legal 1--decreto-supremo-0-20150416_1032
Front legal 1--decreto-supremo-0-20150416_1032
 
寫40個願望給未來
寫40個願望給未來寫40個願望給未來
寫40個願望給未來
 
Playing around with rural futures in Birmingham and Nebraska
Playing around with rural futures in Birmingham and NebraskaPlaying around with rural futures in Birmingham and Nebraska
Playing around with rural futures in Birmingham and Nebraska
 
Test
TestTest
Test
 

Similar a CryptTech 2015

Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
Blue Coat
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Evident.io
 

Similar a CryptTech 2015 (20)

Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
CEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk ManagementCEP and SOA: An Open Event-Driven Architecture for Risk Management
CEP and SOA: An Open Event-Driven Architecture for Risk Management
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Using Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise SecurityUsing Event Processing to Enable Enterprise Security
Using Event Processing to Enable Enterprise Security
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Correlog Overview Presentation
Correlog Overview PresentationCorrelog Overview Presentation
Correlog Overview Presentation
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About Us
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 

Más de Mustafa Kuğu

Más de Mustafa Kuğu (20)

Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdfMarmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
Marmara Üniversitesi Mx Yaratıcı Endüstriler Çalıştayı 2024 (1).pdf
 
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdfKVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
KVKK v.2.0 Güncel Yasa Değişiklikleri Notu.pdf
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5Company
 
KVKK-Kararlar.pdf
KVKK-Kararlar.pdfKVKK-Kararlar.pdf
KVKK-Kararlar.pdf
 
CenturyDX-IT-Company
CenturyDX-IT-CompanyCenturyDX-IT-Company
CenturyDX-IT-Company
 
Dataliva Company Brief 2024
Dataliva Company Brief 2024Dataliva Company Brief 2024
Dataliva Company Brief 2024
 
Right Consulting Turkiye - Eng.pptx
Right Consulting Turkiye - Eng.pptxRight Consulting Turkiye - Eng.pptx
Right Consulting Turkiye - Eng.pptx
 
Three-S Retail Automation (AcilimSoft Product)
Three-S Retail Automation (AcilimSoft Product)Three-S Retail Automation (AcilimSoft Product)
Three-S Retail Automation (AcilimSoft Product)
 
Eng Three-S Hq (AcilimSoft Product)
Eng Three-S Hq (AcilimSoft Product)Eng Three-S Hq (AcilimSoft Product)
Eng Three-S Hq (AcilimSoft Product)
 
Telenity Solutions Brief
Telenity Solutions BriefTelenity Solutions Brief
Telenity Solutions Brief
 
Netmera Presentation.pdf
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdf
 
NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
 
NTGapps DTB Platform.pdf
NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdf
 
PRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRMPRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRM
 
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
Inypay Pitch Deck - March 2023-Latest copy 2.pdfInypay Pitch Deck - March 2023-Latest copy 2.pdf
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
 
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdfAçık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
Açık-Kaynak-Kod-Geçiş-Rehberi-2023.pdf
 
Startup Business Models
Startup Business ModelsStartup Business Models
Startup Business Models
 
Navigating VC Negotiations
Navigating VC NegotiationsNavigating VC Negotiations
Navigating VC Negotiations
 
Quantum Computing Market Report
Quantum Computing Market ReportQuantum Computing Market Report
Quantum Computing Market Report
 
Product Metrics
Product MetricsProduct Metrics
Product Metrics
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

CryptTech 2015

  • 1. CYBER THREAT INTELLIGENCE – INNOVATIVE APPROACHES TARIK KOBALAS IDC IT SECURITY 2015
  • 2. Agenda CryptTech; company profile, background and milestones CryptTech upcoming products and channels Log , Log management and SIEM CryptoSIM, SIEM solution General overview Signature/Rule Based Correlation New Approach to SIEM, Machine Learning Project Threat Intelligence Simulation via CryptoSim Artificial intelligent Siem Project – Crypttech Threat Exchange
  • 3. Company Profile Leading R&D companies in Turkey in security intelligent solutions area ~3000 clients, small to large size enterprises over Turkey Our Services Log management Security Information and Event Management Hotspot solution Vulnerability and penetration tests Our Products CRYPTOLOG – Software based log manager CRYPTOSIM – Security Information and Event Management solution CRYPTOSPOT – Hotspot gateway Solution
  • 4. Milestones CRYPTOLOG log manager CRYPTOSPOT Hotspot gateway CRYPTOSIM SIEM solution +600 Enterpries +2000 Customers Turkey CryptTech started
  • 5. On Road Products… CryptoCTX - Crypttech Cyber Threat Exchange CryptoDLP - Data Lackage/Loss Prevention CryptoVMS – Vulnerability Management System CryptoWELA – Windows Event Log Analyser CryptoESC – Endpoint Security Client CryptoMON – Application and Network Monitoring System
  • 6. Logs, Log Management and SIEM What are LOGs? Why Log management? What is SIEM? Records of actions and requests of application, operating system, network devices, servers Log data need to be processed into actionable intelligence for further analysis, reports, compliance. Security Information and Event Management Security intelligence on APTs, Risks and Incident management
  • 7. Logs, Log Management and SIEM Collection Collect, Transport Parse, Normalize Categorize Analysis Search, Compliance Statistical reports Compression and Retention Correlation Events correlation Risk evaluation Alerts and Incident management Collection LOGs CRYPTOLOG CRYPTOSIM Correlation Analysis 7
  • 8. General Overview Security Intelligence across network Universal Visibility over one Interface Forensic Analysis Compliance, Regulations Out-Of-the-Box Reports Application Troubleshooting
  • 9. General Overview Threats Detection Event Correlation Risk Evaluation Incident Management CRYPTOLOG CORRELATION
  • 10. Correlation A Linking multiple events together to detect strange behavior Event Based Rules Based Anomaly Based Risk Based Association of different but related events to provide broader context Event Time Source AccessContext
  • 11. Correlation Types A Logical Correlation Cross Correlation Basic Correlation Basic Correlation Logical Correlation Cross Correlation Contextual Correlation Historical Correlation Hierarchical Correlation Contextual Correlation Historical Correlation Hierarchical Correlation Simple Rules, Login failures Performing cross correlation Between different source logs Of same events Based on priority assignment To events through a logical tree algorithm Based on asset’s characteristics Signature based and Anomaly based threat detection From previously gathered data Re-correlates the stored log with different correlation rules
  • 12. Threat Intelligence A PortScan DMZ PortScan 5 Risk Level PortScan Detected Web Servers Detected by Hacker SQL Injection SQL Injection 6 SQL Injection Detected Deploying Payload Symetric Traffic 7 Symetric Traffic Detected Infected Web Server Open Connection 8 Open Connection to LAN by infected server Exploit 9 Windows Exploited – New User added 10 Windows Exploited – User Added Domain Admin Group
  • 13. The more data, the more efficiency… Big data analytics from the point of Security view Complexity of system Thousands of correlation rules, billions or records for a day Elimination of false positives Updated rules, advancing system Professional services and expert team Unfortunately you need more and more data Solution is CTX – Threat Exchange Service
  • 14. Innovative Aproaches to SIEM A CTX Crypttech Threat Exchange Advanced Threat and Malware Analyses Services CTX Agent Rules ML – Central Machine Learning Grid ML New CryptoSIM Engine Data New Rules Data New Rules CRYPTTECH SOC
  • 15. Contact Info www.crypttech.com info@crypttech.com +90 212 217 7017 http://support.crypttech.com www.facebook.com/crypttech www.twitter.com/crypttech A

Notas del editor

  1. Merhabalar, Hoşgeldiniz, İsmim Tarık Kobalas, Bu oturumda sizlere Siber Saldırı Tespitlerinde Yenilikçi Yaklaşımlar başlığı altında öğrenebilir bilgi güvenliği ve olay yönetim sisteminden bahsetmeye çalışıcam. Aynı zamanda kural tabanlı bir SIEM sistemiyle APT (gelişmiş kalıcı tehditlerini) yakalayan bir senaryoyu örneklendireceğim. Öncelikle şirketimiz Crypttech hakkında bilgi vereyim. Crypttech 2006 yılında kurulmuş, bilgi güvenliği alanında ürünler üreten %100 Yerli bir yazılım şirketidir.
  2. Yaklaşık 5 senedir SIEM ürünümüz ile birlikte Bilgi Güvenliği alanında birçok projede yer aldık. Edindiğimiz tecrübeler ile ürünümüzü daha ileri taşıdık. Şimdi yenilikçi yaklaşımlar ve gelecek nesil modeller üzerine çalışıyoruz. Siem sistemlerinin ötesinde Yeni Teknolojiler geliştireceğiz.
  3. Şu an geliştirilmesi devam eden ürünlerimizden ilk dördünü 2015 ikinci çeyrek sonuna kadar piyasa sürmeyi planlıyoruz. Kalan iki ürünümüzü de 2015 sonunda lansmanının yapacağız. Bazı projelerimizde bu ürünlerinden birkaçının beta versiyonlarını kullanmaya başladık. CTX – Siber tehdit ve analiz servisimizi detaylı olarak sunumun ilerleyen kısımlarında aktaracağım. DLP – Data Lackage Prevention ürünümüzün beta testleri devam etmekte. DLP’nin alt kolu NLP (doğal dil işleme) modülü için özel bir çalışma yapıyoruz. Bu konuda Türkçe verilerde başarı oranlarının düşük olduğunu görmekteyiz. Bu sebeple, Türkçe metin ve içerikleri anlayacak, zararlı sızmaları önleyecek algoritmalar üzerine geliştirmelerimiz devam ediyor. VMS – Güvenlik açıklıkları yönetim sistemi. Yıllar önce Türkiyenin önde gelen bir ISP’si yaptığımız projeyi ürün haline getiriyoruz. Bir çatı çözüm olacak. Birçok zafiyet tarama sisteminin sonuçlarını kullanarak ilişkilendiren sistem üzerinde çalışıyoruz. WELA – Sadece Windows sistemlerin güvenlik olay günlüklerinden, anormallik, zafiyet çıkaran bir ürün. ESC – Uç nokta güvenliği, uygulama, port, erişim kontrolleri yapan, verinin dışarı çıkmasını izleyen ve engelleyebilen bir ürün. MON – Uygulama, servis, Erişilebilirlik kontrolü yapan ürünümüz. Web servis, sitelerin çalışırlık durumunu, içerik değişikliklierini, iç içe akışları kontrol eden.
  4. Temelde bir olay yönetimi olarak düşünebiliriz SIEM sistemlerini. Veritabanına bir uygulama ya da kişinin bağlanması olaydır. Bu olaya bir risk değeri atarsanız artık risk değerlendirmedir. Bir servisin kişinin yetkilerinin olmadığı veritabanı, tablo, dosya sistemi üzerinde işlem yapılabiliyor olması riskli bir durumdur. Ve bu durumu başka bir veri ile ilişkilendirebiliyorsanız korelasyondur. Firewall kayıtlarından bu kişinin dışarıdan geldiğini bulabiliyorsanız sakıncalı bir durumdur. Birçok farklı ilişkilendirme kurallarını devreye aldığınız zaman artık bir saldırı tespitidir.
  5. Korelasyon, bağımlı ilişkilendirme olarak tanımlanabilir. CryptoSIM ürünümüz ile Olay tabanlı, kural tabanlı, anormallik tabanlı, risk tabanlı bir ya da birden fazla çeşit kaynağı ilişkilendirebiliyoruz. Böylelikle, zaman, adet, varlık değeri ekseninde davranışsal analizler yapabiliyoruz.
  6. Biz bunların hepsini 2010dan beri CryptoSim ile sağlıyoruz.
  7. Artık kurumlara özgü worm, solucan lar yazılmakta. İmza tabanlı sistemler bu olayı yakalayamamakta. Çünkü bu signature lar daha önce karşılaşılmamış. Dolayısıyla Güvenlik duvarları, IPS/IDS sistemleri bu tür saldırıları bulamamakta. Bu tür davranışsal analizler başarılı bir SIEM ürünü yapabilirsiniz. Bu örnekte saldırgan internete açık sunuculara bir port taraması gerçekleştiriyor. CryptoSim fw loğları aldığı için, bir IP den farklı Portlara erişilmeye çalışıldığını farkederek bunun bir port taraması olduğunu algılıyor ve Risk Seviyesi 5 olarak alarmı üretiyor. Sonrasında saldırgan DMZ ağında bulduğu web sunuculara SQL injection denemeleri yapıyor. CryptoSim hem fw hem web server loğlarını alarak ve daha önceki saldırı/IP ile ilişkilendirerek SQL injection saldırısını, risk seviyesi 1 artırarark alarmı veriyor. Sonrasında saldırgan injecte edebileceği sunucu olduğunu görüp bir exploit kullanarak karşı tarafa bir program/payload yüklüyor. CryptoSim bu saldırı sonrasında firewall loğlarından ve önceki saldırıları da ilişkilendirerek Simetric Trafiği buluyor. Ve başarılı olmuş saldırıyı tespit edip alarm sevisyesini 1 yükseltiyor. Sonrasında saldırgan ele geçirdiği web sunucu üzerinden local networkteki sunuculara açık bağlantılar aramaya çalışıyor. CryptoSim local fw loğunu da işlediği için, ve önceki saldırılarla ilişkilendirdiği iç ağa başarılı bağlantıyı tespit edip risk seviyesini 1 artırarak alarm veriyor. Sonrasında saldırgan local networkteki sunuculara bir erişim olduğunu farkedip, olası exploitleri deneyip bir tanesinde başarılı olup karşı sunucuda bir kullanıcı oluşturuyor. CryptoSim iç sunucu kayıtlarını ve iç firewall kayıtlarını topladığı için bu loğlar ile önceki saldırıları ilişkilendirip, saldırgan tarafından bir kullanıcı açıldığını tespit edip risk seviyesini 1 artırarak alarm veriyor. Ve en son olarak ele geçirdiği sunucu üzerinde oluşturduğu kullanıcıyı, yine bir exploit kullanarak Domain Admin grubuna ekliyor. CryptoSim bu sunucu ve domain admin kayıtlarını da topladığı için bu kayıtları ve önceki saldırıları ilişkilendirip saldırgan tarafından domain admin grubuna kullanıcı eklendiğini tespit ederek risk seviyesini 1 artırarak alarm veriyor. Bu senaryo kurgulanmış bir veri değildir, gerçekleştirilmiş veri setinden alınmıştır.
  8. Yıldız Teknik Üniversitesi, Bilgisayar Mühendisliği Bölümü ile ortaklaşa yürüttüğümüz projede CTX(Crypttech Threat Exchange) servislerini 2015 itibari ile piyasa çıkarıyoruz. Bu ürünümüz, CryptoSim motoru ile beraber bir makine öğrenmesi sisteminin çalıştığı bir altyapı sağlamaktadır. CryptoSim motorunun işlediği kural setlerinin algılayamadığı tehditleri makine öğrenmesi ile tespit eden bir yapıdan oluşuyor. Bunlar doğrudan yeni kural setleri olarak girilebildiği gibi merkezi «siber tehdit ve malware analiz servisleri» ne gönderecek. Birçok dağıtık sunucuda oluşan olayları, Crypttech tehdit ve analiz servisleri bu yeni tehdit adayını analiz etmesi için diğer sensörlerden gelen verilerle karşılaştıracak. Merkezi Makine Öğrenmesi Algoritmalarını da kullanarak, sınıflandırıp Crypttech Ar-ge/SOC ekibine iletecek. Bu olay onaylandıktan sonra tüm sensörlere kural olarak gönderilecek ve servisi almak isteyen tüm müşteri ve iş ortaklarına bu hizmet verilecek. Aynı zamanda bu sistemin bir parçası olarak CryptoSim den bağımsız projelendirilecek olan CTX Agent uygulamamız, bu hizmetten gelen verilere göre anormallikleri ve tehditleri tespit edip alarmlar üretecek.