CYBER THREAT INTELLIGENCE – INNOVATIVE APPROACHESTARIK KOBALASIDC IT SECURITY 2015

AgendaCryptTech; company profile, background and milestonesCryptTech upcoming products and channelsLog , Log management and SIEMCryptoSIM, SIEM solution

General overviewSignature/Rule Based CorrelationNew Approach to SIEM, Machine Learning Project

Threat Intelligence Simulation via CryptoSimArtificial intelligent Siem Project – Crypttech Threat Exchange

Company ProfileLeading R&D companies in Turkey in security intelligent solutions area ~3000 clients, small to large size enterprises over TurkeyOur Services

Log managementSecurity Information and Event ManagementHotspot solutionVulnerability and penetration tests

Our ProductsCRYPTOLOG – Software based log managerCRYPTOSIM – Security Information and Event Management solutionCRYPTOSPOT – Hotspot gateway Solution

Milestones

CRYPTOLOGlog manager

CRYPTOSPOTHotspot gateway

CRYPTOSIMSIEM solution

+600 Enterpries+2000 CustomersTurkey

CryptTechstarted

On Road Products…CryptoCTX - Crypttech Cyber Threat ExchangeCryptoDLP - Data Lackage/Loss PreventionCryptoVMS – Vulnerability Management SystemCryptoWELA – Windows Event Log AnalyserCryptoESC – Endpoint Security ClientCryptoMON – Application and Network Monitoring System

Logs, Log Management and SIEMWhat are LOGs?

Why Log management?

What is SIEM?

Records of actions and requests of application, operating system, network devices, servers

Log data need to be processed into actionable intelligence for further analysis, reports, compliance.

Security Information and Event Management Security intelligence on APTs, Risks and Incident management

Logs, Log Management and SIEMCollectionCollect, TransportParse, NormalizeCategorize

AnalysisSearch, ComplianceStatistical reportsCompression and RetentionCorrelation

Events correlationRisk evaluationAlerts and Incident management

Collection

LOGs

CRYPTOLOG

CRYPTOSIMCorrelation

Analysis

7

General Overview

Security Intelligence across network

Universal Visibility over one Interface

Forensic Analysis

Compliance, Regulations

Out-Of-the-Box Reports

Application Troubleshooting

8

General Overview

Threats Detection

Event Correlation

Risk Evaluation

Incident Management

CRYPTOLOG

CORRELATION

CorrelationA

Linking multiple events togetherto detect strange behavior

Event Based

Rules Based

Anomaly

Based

Risk Based

Association of different but relatedevents to provide broader context

Event

Time Source

AccessContext

Correlation TypesA

Logical Correlation

Cross Correlation

Basic Correlation

Basic

Correlation

Logical

Correlation

Cross

Correlation

Contextual

Correlation

Historical

Correlation

Hierarchical

Correlation

Contextual

Correlation

Historical Correlation

Hierarchical

Correlation Simple Rules, Login failures

Performing cross correlation

Between different source logs

Of same events

Based on priority assignment

To events through a logical tree

algorithm

Based on asset’s characteristics

Signature based and

Anomaly based threat detection

From previously gathered data

Re-correlates the stored log

with different correlation rules

Threat IntelligenceA

PortScan

DMZ

PortScan

5Risk Level

PortScan Detected

Web ServersDetected by Hacker

SQL Injection

SQL Injection

6SQL InjectionDetected

Deploying Payload

Symetric Traffic

7Symetric TrafficDetected

Infected Web Server

Open Connection

8Open Connection to LAN by infectedserver

Exploit

9Windows Exploited – New User added

10Windows Exploited – User Added Domain Admin Group

The more data, the more efficiency…Big data analytics from the point of Security viewComplexity of systemThousands of correlation rules, billions or records for a dayElimination of false positivesUpdated rules, advancing systemProfessional services and expert teamUnfortunately you need more and more dataSolution is CTX – Threat Exchange Service

Innovative Aproaches to SIEMA

CTXCrypttech Threat Exchange

Advanced Threat and Malware Analyses Services

CTX Agent

Rules

ML – Central Machine Learning Grid

ML

New CryptoSIM Engine

Data

New Rules

Data

New Rules

CRYPTTECH SOC

Contact Infowww.crypttech.com

info@crypttech.com

+90 212 217 7017

http://support.crypttech.com

www.facebook.com/crypttech

www.twitter.com/crypttech

A

THANK YOU