MENDEL 3.3 RELEASED

April 16, 2019
GREYCORTEX has released the latest version of our MENDEL network traffic analysis solution. Version 3.3 has several important new features which improve detection and response for the network security team.
The biggest is that MENDEL’s detection and visibility capabilities are now available for SCADA/ICS environments. This new capability goes beyond support for several protocols found in earlier versions of MENDEL, and extends it to a whole new module, including the ability to visualize not just devices, but time series in IEC 61850 Goose, SNMP, and IEC104 protocols.
Not content with just SCADA features, we have added new reporting for managers and security analysts, detection and logging of TLS 1.3, and fingerprinting of encrypted traffic on the JA3 framework, as well as increasing the capabilities of the multi-sensor configurations.
New features

  • New managerial and security analyst reports summarize network data and security threats
  • New module for processing and visualization of SCADA protocols, including new dashboards for visualizing time series in IEC 61850 Goose, SNMP, and IEC 104 protocols
  • Added support for parsing CC-link protocol
  • Added support for parsing Enip/CIP protocol
  • Added support for parsing Kerberos protocol
  • Added support for parsing TFTP protocol
  • Added support for parsing IKEv2 protocol
  • Added support for parsing FTP protocol including parsing FTP data streams
  • Added detection engine for SSL/TLS client fingerprints JA3
  • Added multi-disc installation of MENDEL
  • Added GUI localization into Polish and Korean
  • Introduced new light color scheme
  • Integration with firewalls from Check Point

Please note New system of reports will replace in the near future the old type of reports. If you use them don’t forget to configure new reports.
Enhancements

  • Improved installer with enhanced user interface and new features
  • Improved dark color scheme
  • Redesigned severity color scheme
  • Reorganized main menu for better accessibility
  • Redesigned user dashboards for better user experience
  • Improved network capture module for better performance and less resource consumption
  • Improved network models for faster detection and reduced storage demands
  • Improved task planner and optimization of parallelized processing in the service for better resource consumption and management creating faster processing for multiple sensors on one collector
  • Improved detection and reparation of unusual, incomplete, or swapped flows
  • Improved parsing of incomplete or unidirectional flows
  • Improved network capture default configuration for better capture on all configurations
  • Improved processing of Active Directory events for better calculation of logged users
  • Improved Mikrotik plugin
  • Added button to restore user dashboards to default
  • Improved creation of complex firewall rules in plugin
  • Improved HTTP proxy pairing for incomplete or invalid communication

Bug Fixes
In general, our development team focused on improving the user experience and reporting.
Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.3 to work for you.

GREYCORTEX JOINS MICROSOFT CYBERSECURITY TECH ACCORD

On January 18, GREYCORTEX joined the Microsoft Cybersecurity Tech Accord along with 10 other companies. This brings the total to 79 signatories committed to improving the security of cyberspace. Together, GREYCORTEX and the rest of the Tech Accord members pledge to protect users and customers everywhere. GREYCORTEX joins a global expansion, contributing to the increasingly diverse reach of the signatory community – further broadening the dialogue around cybersecurity with signatories from Argentina, Bulgaria, Chile, the Czech Republic, Germany, Luxembourg, The Netherlands, Slovakia, and the United States, expressing a commitment to a more secure cyberspace. This expansion continues to deepen the group’s expertise, adding to the variety of sectors and technologies that characterize the organization.
“As a company focused on the development of network security solutions, we couldn’t agree more strongly that defense, regardless of the type or goal of the threat, is essential to defend the world from cyberattacks. Moreover, we firmly believe that governments and enterprise should act defensively, and that such defense should be both simple and complete. We are happy to be part of the Cybersecurity Tech Accord,” said Petr Chaloupka, GREYCORTEX CEO.
By joining the agreement, the signatories agree to four key commitments:
a stronger defense against cyberattacks – pledging to protect all customers globally regardless of the motivation for attacks online;

  1. a stronger defense against cyberattacks – pledging to protect all customers globally regardless of the motivation for attacks online;
  2. taking no offense by choosing not to help governments launch cyberattacks against innocent citizens and enterprises and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution;
  3. doing more to empower developers and the people and businesses that use their technology, by helping them build and improve capacity for protecting themselves; and
  4. building on existing relationships and taking collective action together to establish new formal and informal partnerships with industry, civil society and security researchers. The goal being to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace.

Since forming the Cybersecurity Tech Accord, the signatories have supported initiatives on email and routing security, implemented Domain-based Message Authentication, Reporting and Conformance (DMARC) in their own operations, participated in global requests for comments on the UN’s new High Level Panel on Digital Cooperation, and endorsed the Paris Call for Trust and Security in Cyberspace as an early supporter. Additionally, the group has coordinated with like-minded organizations such as the Global Cyber Alliance, the Internet Society, and the Global Forum on Cyber Expertise (GFCE).

GREYCORTEX ATTENDS IT SA 2018

IT-SA is Europe’s leading trade fair for IT security. Held in the German city of Nuremberg over October 9-11, it features over 630 presenters in three halls, in diverse areas like mobile, cloud, network, and data security. It also offers an additional day of expert speakers in the field of IT Security. GREYCORTEX will attend for the second time attending the show.
If you’re going, make sure to stop by our booth in Hall 10.1 / 10.1-408, and ask Michal Srubar, Pavel Chmelar, and Irina Milshina how MENDEL’s advanced detection, deep visibility, and quick response features can secure your network.
You can find our profile here and floor plan here.

GREYCORTEX JOINS EY PROGRAM

GREYCORTEX is happy to announce that we have been selected to be part of the 2018 EY Accelerating Entrepreneurs program. This event, which happens in Amsterdam between the 21st and 24th of April, 2018, brings together companies selected as among the most innovative and advanced, worldwide.  In addition to being one of only 30 companies selected to attend, GREYCORTEX is also the first Czech company in the history of the program to be selected.
As the EY press release notes: “The 2018 class of entrepreneurs represent dynamic businesses that focus on innovative and disruptive fields like artificial intelligence (AI), augmented reality, virtual reality (VR), customer interface, analytics, robotics and the Internet of Things (IoT).”
According to Annette Kimmitt, EY Global Growth Markets Leader, “… This year’s class is already solving big challenges, disrupting their markets and have cutting-edge technologies. We want to prepare these transformative entrepreneurs to expand from their local markets to a position of navigating and leading the world by pursuing their global growth objectives.”

We’re looking forward to joining the other 29 companies and accessing the wealth of information available from EY.

GREYCORTEX RELEASES MENDEL 3.0

March brings the most recent version of GREYCORTEX MENDEL; Version 3.0. As part of this release, MENDEL 3.0 brings several new features SOC administrators will love, as well as continued expansion for SCADA networks and upgraded hardware support.

Specifically, MENDEL now supports the latest in DELL Rx40 hardware. Those in SCADA network environments will enjoy updates to the MENDEL IDS system. Version 3.0 also includes visibility for the NFS (Network File System) and IEC 60870 5 101/104 protocols. SOC users will note that dashboards have been adjusted to better accommodate multiple sensors, and that the overall capacity for sensors connected to one collector has been increased to 30. Finally, MENDEL’s capabilities have been expanded to include the ability to add your own blacklist file, as well as export files to IBM Qradar SIEM via the LEEF format.
New Features

  • GREYCORTEX has added support for the latest Dell servers (Rx40) so users will now be able to use the latest hardware.
  • SCADA support continues, with updates to the MENDEL IDS engine to include visibility IEC 60870 5 101/104 protocols – bringing new security for professionals in the energy infrastructure sector.
  • SOC administrators will appreciate several new features in version 3.0, including new dashboard settings suitable for multiple sensors for better SOC visualization, as well as the ability to add up to 30 sensors on one collector, and finally; LEEF expert format for events exported to IBM Qradar SIEM, and the ability to upload users’ own blacklists in .csv file.

Improvements
Several MENDEL features were improved. These included easier license extension, host identification, decryption performance, status monitoring, and data export.
Bug Fixes

In general, our development team focused on improving the user experience and reporting.

Please note that updating to version 3.0 requires appliance restart and may take up to one hour.

Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.0 to work for you.

GREYCORTEX OPENS JAPANESE OFFICE, ANNOUNCES FIRST PARTNER AND CUSTOMERS

GREYCORTEX is happy to announce that we have successfully entered the Japanese market with our first office outside of Europe, and first Japanese partner and customers.
The new GREYCORTEX office, located in Kobe, Japan, will focus on sales and service across the APAC region. It will be led by Milan Fujita, who brings nearly 20 years of experience in the software sector and the Japanese and APAC markets. The office will also coordinate the regional collaboration between GREYCORTEX and its regional ESET technology alliance partners. The office may be contacted at: Kobe Fashion Mart 10F, 6-9 Koyo-cho Naka, Higashinada-ku Kobe, Hyogo, Japan 658-0032.
GREYCORTEX is also happy to announce our first partner in Japan: iSEC. Information Security Inc. Based in Kobe City, iSEC is led by CEO Yoshihisa Suzuki. iSEC offers the MENDEL Network Traffic Analysis throughout the country. The relationship is already bearing fruit, with two customers implementing GREYCORTEX MENDEL; Hyogo Prefectural Government (https://web.pref.hyogo.lg.jp/fl/index.html) and University of Hyogo (http://www.u-hyogo.ac.jp/english/index.html)
We look forward to many years of success from these relationships.

GREYCORTEX MONITORS NATO CCDCOE CYBER DEFENSE EXERCISE

GREYCORTEX is happy to announce that we, represented by Petr Chmelar, Chief Research Officer, successfully participated as a member of the Situational Awareness (Yellow) Team in the recent “Crossed Swords 2018” cyber defense training exercise, held in Latvia and organized by the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) in cooperation with CERT.LV.
The sister event to the larger NATO CCDCOE “Locked Shields” cyber defense exercise (the largest and most complex live-fire cyber defense exercise in the world), “Crossed Swords” is focused on practicing skills required to carry out responsive tactical cyber operations. “The exercise aims to practice skills required to fill the role of the Red Team at cyber defence exercises and to offer the most cutting-edge and challenging training experience for national cyber defenders. It is evident that in order to defend ourselves better in cyberspace, we need to know how attacks are carried out,” explained Aare Reintam, Project Manager of Technical Exercises at the NATO CCDCOE. The “Crossed Swords 2018” event included a group of more than 80 cybersecurity professionals from 15 countries.
In this year’s exercise, the Red Team was tasked with conducting a full spectrum cyber operation in a fictional scenario, while the Blue Team actively defended their assets. The Yellow Team monitored Red Team activity from different sources of information, such as network tap and host-based log files, and provided a highly valuable near real-time feedback. As part of the exercise, GREYCORTEX contributed features to “Frankenstack,” a novel stack of tools built by NATO CCDCOE, Tallinn University of Technology, CERT.LV, and industry partners.
GREYCORTEX’s experience didn’t end with the end of the training exercise. Inspired by “Crossed Swords,” GREYCORTEX renamed its Malware Lab research team to the “Red Team,” but as Petr Chmelar noted, “We will always be Yellow Team-focused.”