Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
The power-of-blogging
Next
Download to read offline and view in fullscreen.

0

Share

CryptTech 2015

Download to read offline

CryptTech 2015

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

CryptTech 2015

  1. 1. CYBER THREAT INTELLIGENCE – INNOVATIVE APPROACHES TARIK KOBALAS IDC IT SECURITY 2015
  2. 2. Agenda CryptTech; company profile, background and milestones CryptTech upcoming products and channels Log , Log management and SIEM CryptoSIM, SIEM solution General overview Signature/Rule Based Correlation New Approach to SIEM, Machine Learning Project Threat Intelligence Simulation via CryptoSim Artificial intelligent Siem Project – Crypttech Threat Exchange
  3. 3. Company Profile Leading R&D companies in Turkey in security intelligent solutions area ~3000 clients, small to large size enterprises over Turkey Our Services Log management Security Information and Event Management Hotspot solution Vulnerability and penetration tests Our Products CRYPTOLOG – Software based log manager CRYPTOSIM – Security Information and Event Management solution CRYPTOSPOT – Hotspot gateway Solution
  4. 4. Milestones CRYPTOLOG log manager CRYPTOSPOT Hotspot gateway CRYPTOSIM SIEM solution +600 Enterpries +2000 Customers Turkey CryptTech started
  5. 5. On Road Products… CryptoCTX - Crypttech Cyber Threat Exchange CryptoDLP - Data Lackage/Loss Prevention CryptoVMS – Vulnerability Management System CryptoWELA – Windows Event Log Analyser CryptoESC – Endpoint Security Client CryptoMON – Application and Network Monitoring System
  6. 6. Logs, Log Management and SIEM What are LOGs? Why Log management? What is SIEM? Records of actions and requests of application, operating system, network devices, servers Log data need to be processed into actionable intelligence for further analysis, reports, compliance. Security Information and Event Management Security intelligence on APTs, Risks and Incident management
  7. 7. Logs, Log Management and SIEM Collection Collect, Transport Parse, Normalize Categorize Analysis Search, Compliance Statistical reports Compression and Retention Correlation Events correlation Risk evaluation Alerts and Incident management Collection LOGs CRYPTOLOG CRYPTOSIM Correlation Analysis 7
  8. 8. General Overview Security Intelligence across network Universal Visibility over one Interface Forensic Analysis Compliance, Regulations Out-Of-the-Box Reports Application Troubleshooting
  9. 9. General Overview Threats Detection Event Correlation Risk Evaluation Incident Management CRYPTOLOG CORRELATION
  10. 10. Correlation A Linking multiple events together to detect strange behavior Event Based Rules Based Anomaly Based Risk Based Association of different but related events to provide broader context Event Time Source AccessContext
  11. 11. Correlation Types A Logical Correlation Cross Correlation Basic Correlation Basic Correlation Logical Correlation Cross Correlation Contextual Correlation Historical Correlation Hierarchical Correlation Contextual Correlation Historical Correlation Hierarchical Correlation Simple Rules, Login failures Performing cross correlation Between different source logs Of same events Based on priority assignment To events through a logical tree algorithm Based on asset’s characteristics Signature based and Anomaly based threat detection From previously gathered data Re-correlates the stored log with different correlation rules
  12. 12. Threat Intelligence A PortScan DMZ PortScan 5 Risk Level PortScan Detected Web Servers Detected by Hacker SQL Injection SQL Injection 6 SQL Injection Detected Deploying Payload Symetric Traffic 7 Symetric Traffic Detected Infected Web Server Open Connection 8 Open Connection to LAN by infected server Exploit 9 Windows Exploited – New User added 10 Windows Exploited – User Added Domain Admin Group
  13. 13. The more data, the more efficiency… Big data analytics from the point of Security view Complexity of system Thousands of correlation rules, billions or records for a day Elimination of false positives Updated rules, advancing system Professional services and expert team Unfortunately you need more and more data Solution is CTX – Threat Exchange Service
  14. 14. Innovative Aproaches to SIEM A CTX Crypttech Threat Exchange Advanced Threat and Malware Analyses Services CTX Agent Rules ML – Central Machine Learning Grid ML New CryptoSIM Engine Data New Rules Data New Rules CRYPTTECH SOC
  15. 15. Contact Info www.crypttech.com info@crypttech.com +90 212 217 7017 http://support.crypttech.com www.facebook.com/crypttech www.twitter.com/crypttech A
  16. 16. THANK YOU

CryptTech 2015

Views

Total views

666

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

16

Shares

0

Comments

0

Likes

0

×