04 Jan, 2022

Cyber Incident Response and Binalyze AIR

In today's technology world, information security incidents can pose risks that can cause serious harm to an organization. Security measures are taken before/after any possible risk. The technologies used; While it is expected to be fit for purpose, fast, effective and to alleviate the workload of analysts, its compliance with certain standards and its legal dimension should also be considered.

The global cyber threat has become one of the top three topics on CEOs' agendas, with data breaches increasing in number and changing nature every year. A malware is produced every 15 milliseconds around the world, and a cyber attack occurs every 39 seconds. This number continues to increase by more than doubling every year. The cost of cyber attacks to economies reaches 6 trillion dollars. There are 3 million malware attacks per minute and 1.6 million per year in our country. Corporate networks, on the other hand, receive 200,000 attacks per year. Among the targets of attack, Turkey has been in the top 5 for the last 5 years. In 2020, it is the country most exposed to cyber attacks.

In today's technology world, information security incidents continue to pose risks that can cause serious harm to organizations, while institutions continue to take many different security measures for all kinds of risk before/after processes. Technologies used in these processes; While providing the opportunity to intervene in cyber incidents effectively and quickly, it is of strategic importance for institutions that analysts access and report cyber incidents by accessing fast interpretable incident reports.



SORU CEVAP[vc_empty_space]

[vc_toggle title=”Binalyze Air SIEM’in yapamadığı neleri yapıyor?”]

It is not possible to compare the product with SIEM because the purpose and use cases are quite different. Here, in addition to SIEM, we have 156 different proofs and searches on them, but if we talk only for logs, Sigma rules can be written on Binalyze side. can be used to be made. Most SIEM brands do not offer sigma support directly, it is necessary to translate the rule into their own language structure. Second, a retrospective search in SIEM can take hours in large log directories. In Binalyze, on the other hand, since each agent will run the sigma rule on its own machine, the load is distributed and the searched item becomes faster. Finally, SIEM cannot receive real time logs from machines. Even the best SIEMs work near-real time. One of the first moves an attacker will make after breaking into the machine is to kill the outgoing log service. At this point, as long as it keeps logs on the machine, Binalyze works in a way that it can go and receive them. (Some SIEMs can also work this way, that doesn't mean it's different from all of them)

[/vc_toggle]
[vc_toggle title=”KVKK kapsamında veri ihlali bildirimi yaparken Binalyze Air’in raporları kullanılabilir mi?”]

Available. Since Binalyze's counting of evidence is more valuable than a simple log, almost everything that can be counted as evidence with a log is also evidence with Binalyze.

[/vc_toggle]

[vc_toggle title=”Saldırgan işi bittikten sonra içeride bıraktığı izleri silme yöntemini tercih eder bu durumda Binalyze Air nasıl bir vizibilite sağlayabilir?”]

There is no possibility of an attacker destroying all the evidence inside. Surely there will be evidence in some places. Of course, it may not be possible to detect all the movements of an attacker who deletes/hides his evidence, but it is possible to extract many parts of the big picture by examining the evidence remaining inside.

[/vc_toggle]

[vc_toggle title=”Ransomware gibi zararlılar bulaştığı an itibari ile Binalyze Air ile delil toplayabilir miyiz? Bununla ilgili bir özelliği var mıdır?”]

Ransomeware shield feature is available. Binalyze process runs with system level rights (higher than Admin rights) and the process is protected against interupt by any process. Retrieves all unencrypted evidence on a ransomeware infected machine. This includes the RAM image.

[/vc_toggle]

[vc_toggle title=”Saldırgan diski şifreledikten sonra da Binalyze Air’in kullanılması ve çözüm üretebilmesi mümkün mü?”]

If the entire disk is encrypted, it is not possible for the operating system to work properly. This question may differ depending on the case and the type of ransomeware encountered.

[/vc_toggle]

[vc_toggle title=”Air ürünün rekabetçileri ile farkı nedir? Neden FTK, Thor vb. kullanmayıp Air ürününü kullanmalıyım?”]

First of all, Binalyze is ahead of its competitors in the number of evidence it collects against all its other competitors and parsing it and presenting it in the report. In order to compare Binalyze, it is currently necessary to compare 3 different product groups. In addition, these products require 3 different management, 3 different interfaces and 3 different controls, and then these data need to be combined and interpreted. In addition, even with these 3 products, it may be necessary to include a 4th product here due to its live-response capabilities. These are evidence collection, comprimise assessment and basic auto-discovery products. Third, the Binalyze product is superior to its competitors in terms of speed. Some of the named competitors can take an incredible 3 days to do their job. If we only have to wait for one vehicle for a period of 3 days in an emergency or during an incident response, the situation is far from an incident response or urgency situation. Finally, Binalyze has brought a different and innovative approach to forensic and incident response. Instead of classical methods, the product is progressing with the philosophy of racing against time, easy use and progress with what is needed. Availability is very important in 2022 and institutions should not experience interruptions. In such cases, both low resource consumption and being able to work without any interruption provide a great advantage to the institutions. Some competitor products require impossible resources for institutions such as 200GB of ram even for simple scans. (If 200 gb of free ram can be given on the currently running server, it means the system is configured incorrectly)

[/vc_toggle]

[vc_toggle title=”Air ürününü İoT ve mobile tarafta kullanma imkanımız var mı? Yok ise böyle bir özellik eklenecek mi?”]

No. In the future, it may be able to run on different devices running Thin client or Linux/Windows operating systems, but it will not be Android or IOS.

[/vc_toggle]

[vc_toggle title=”Hazır Emre Bey’i yakalamışken forensic severler olarak kendi bir olay müdehalesi yaparken özellikle ilk baktığı yerler veya delilller nelerdir?”]

The first place to look depends on the story. In our country, some of the incident response experts start by looking at the evidence they feel comfortable with, but the truth is, you should prioritize the evidence according to the case you come across and choose your beginning. Shellbags or shimcache can be called favorites here.

[/vc_toggle]

[vc_empty_space]


SPEAKERS

[vc_empty_space][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]
Erdem Eriş
CyberArts
Kurucu & CEO[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_single_image image=”2721″][/vc_column_inner][/vc_row_inner][vc_separator][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]Emre Tınaztepe
Binalyze
Kurucu & CEO[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_single_image image=”2720″][/vc_column_inner][/vc_row_inner][vc_separator]

[vc_row_inner][vc_column_inner width=”1/2″][vc_column_text]Nurettin Erginöz
SabancıDX
Siber Güvenlik Direktörü[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/2″][vc_single_image image=”6118″][/vc_column_inner][/vc_row_inner][vc_separator]

[vc_row][vc_column][vc_cta h2=”” add_button=”bottom” btn_title=”Teklif Talep Edin” btn_style=”flat” btn_shape=”square” btn_color=”danger” css_animation=”fadeInLeft” btn_link=”url:https%3A%2F%2Fcyberartspro.com%2Fteklif-isteme-formu%2F||target:%20_blank|”]Siber Güvenlik, Dijital Dönüşüm, MSSP, Sızma Testi, KVKK, GDPR, ISO 27001, ISO 27701 ve DDO Bilgi ve İletişim Güvenliği Rehberi başlıklarıyla ilgili teklif almak için lütfen tıklayın.
[/vc_cta][/vc_column][/vc_row]

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram