cyphon security

3. Overview
Cyphon is a triage, enhancement, and decision-support platform that organizes your
alert workflow.
With Cyphon, you can:
• Aggregate data from numerous sources: email, logs, social media, and APIs.
• Enhance data with automated analyses, like geoip
• Generate custom alerts with push notifications
• Throttle alerts and bundle related incidents
• View alerts by category, priority, and source
• Investigate alerts and track work performed

4. • security team struggle with notification overload
• alert fatigue and overload incidents it
exposes your infrastructure
• communication and information
leaving you open to security breaches
and malicious cyber attacks

6. collects data from a variety of sources, including
emails, log messages, and social media. It lets you
shape the data however you like, so it’s easier for you
to analyze. You can also enhance your data with
automated analyses, like geocoding.

7. creates alerts for important data as it arrives, so
you’re notified when something of interest happens.
You can prioritize alerts using custom rulesets, and
bundle related alerts so you don’t get inundated.
Respond

8. making it easier to collaborate assign tasks and
transition its streamlined workflow pioneering API
integration make it easier than ever to share
information and harness team member expertise

9. Analysts can quickly investigate alerts by exploring
related data, and annotate alerts with their findings.
With JIRA integration, they can escalate important
alerts by creating a ticket in Service Desk.

11. Cyphon admin dashboard.

12. Cyclops UI dashboard view.

13. Cyclops UI alerts view.

14. Cyphon Use Cases

15. Incident Management
Many organizations manage post-processed security events as email notifications,
which is incredibly inefficient. An inbox flooded with alert notifications creates an
environment where critical issues are overlooked and rarely investigated.
Cyphon eliminates this issue by throttling events and prioritizing them based on user-
defined rules. Analysts can quickly investigate incidents by correlating other data sets
against indicators that matter. They can then annonate alerts with the results of their
analysis.
Today, Cyphon supports integrations with Bro, Snort, Nessus, and other popular security
products.

16. Social Media Monitoring
Leveraging publicly available APIs, Cyphon can collect data from streaming sources.
Search is based on keywords, geofencing, and adhoc parameters. Cyphon supports the
current version of the Twitter Public Streams API.

17. IoT and Sensor Data Processing
Cyphon can process events from any sensor type, offering a unique way to analyze
information from physical environments.

18. Architecture
The Cyphon platform is made up of a backend data processing engine (“Cyphon
Engine”) and a security operations front end UI for visualization (“Cyclops”). They are
maintained in separate projects. The source code for Cyphon Engine source code available
while the Cyclops project source code available.

19. Deployment
Cyphon works with the help of several open source projects. To get Cyphon up and
running, you’ll need to install all of its dependencies

20. License
Cyphon works with the help of several open source projects. To get Cyphon up and
running, you’ll need to install all of its dependencies

21. Installing Cyphon

22. Docker
Cyphon is most easily installed using Docker. Cyphon maintain many of compass files for
installation.

23. Virtual Machine
Cyphon is most easily installed using Docker. Cyphon maintain many of compass files for
installation.

24. Manual Install
Also can install Cyphon by manual install with need to install some of service like :
PostgreSQL/PostGIS
RabbitMQ
Logstash
Elasticsearch and/or MongoDB
Nginx or Apache

25. Questions ?!

26. Thanks J