crypttech 2015
TRANSCRIPT
AgendaCryptTech; company profile, background and milestonesCryptTech upcoming products and channelsLog , Log management and SIEMCryptoSIM, SIEM solution
General overviewSignature/Rule Based CorrelationNew Approach to SIEM, Machine Learning Project
Threat Intelligence Simulation via CryptoSimArtificial intelligent Siem Project – Crypttech Threat Exchange
Company ProfileLeading R&D companies in Turkey in security intelligent solutions area ~3000 clients, small to large size enterprises over TurkeyOur Services
Log managementSecurity Information and Event ManagementHotspot solutionVulnerability and penetration tests
Our ProductsCRYPTOLOG – Software based log managerCRYPTOSIM – Security Information and Event Management solutionCRYPTOSPOT – Hotspot gateway Solution
Milestones
CRYPTOLOGlog manager
CRYPTOSPOTHotspot gateway
CRYPTOSIMSIEM solution
+600 Enterpries+2000 CustomersTurkey
CryptTechstarted
On Road Products…CryptoCTX - Crypttech Cyber Threat ExchangeCryptoDLP - Data Lackage/Loss PreventionCryptoVMS – Vulnerability Management SystemCryptoWELA – Windows Event Log AnalyserCryptoESC – Endpoint Security ClientCryptoMON – Application and Network Monitoring System
Logs, Log Management and SIEMWhat are LOGs?
Why Log management?
What is SIEM?
Records of actions and requests of application, operating system, network devices, servers
Log data need to be processed into actionable intelligence for further analysis, reports, compliance.
Security Information and Event Management Security intelligence on APTs, Risks and Incident management
Logs, Log Management and SIEMCollectionCollect, TransportParse, NormalizeCategorize
AnalysisSearch, ComplianceStatistical reportsCompression and RetentionCorrelation
Events correlationRisk evaluationAlerts and Incident management
Collection
LOGs
CRYPTOLOG
CRYPTOSIMCorrelation
Analysis
7
General Overview
Security Intelligence across network
Universal Visibility over one Interface
Forensic Analysis
Compliance, Regulations
Out-Of-the-Box Reports
Application Troubleshooting
8
General Overview
Threats Detection
Event Correlation
Risk Evaluation
Incident Management
CRYPTOLOG
CORRELATION
CorrelationA
Linking multiple events togetherto detect strange behavior
Event Based
Rules Based
Anomaly
Based
Risk Based
Association of different but relatedevents to provide broader context
Event
Time Source
AccessContext
Correlation TypesA
Logical Correlation
Cross Correlation
Basic Correlation
Basic
Correlation
Logical
Correlation
Cross
Correlation
Contextual
Correlation
Historical
Correlation
Hierarchical
Correlation
Contextual
Correlation
Historical Correlation
Hierarchical
Correlation Simple Rules, Login failures
Performing cross correlation
Between different source logs
Of same events
Based on priority assignment
To events through a logical tree
algorithm
Based on asset’s characteristics
Signature based and
Anomaly based threat detection
From previously gathered data
Re-correlates the stored log
with different correlation rules
Threat IntelligenceA
PortScan
DMZ
PortScan
5Risk Level
PortScan Detected
Web ServersDetected by Hacker
SQL Injection
SQL Injection
6SQL InjectionDetected
Deploying Payload
Symetric Traffic
7Symetric TrafficDetected
Infected Web Server
Open Connection
8Open Connection to LAN by infectedserver
Exploit
9Windows Exploited – New User added
10Windows Exploited – User Added Domain Admin Group
The more data, the more efficiency…Big data analytics from the point of Security viewComplexity of systemThousands of correlation rules, billions or records for a dayElimination of false positivesUpdated rules, advancing systemProfessional services and expert teamUnfortunately you need more and more dataSolution is CTX – Threat Exchange Service
Innovative Aproaches to SIEMA
CTXCrypttech Threat Exchange
Advanced Threat and Malware Analyses Services
CTX Agent
Rules
ML – Central Machine Learning Grid
ML
New CryptoSIM Engine
Data
New Rules
Data
New Rules
CRYPTTECH SOC
Contact Infowww.crypttech.com
+90 212 217 7017
http://support.crypttech.com
www.facebook.com/crypttech
www.twitter.com/crypttech
A