MENDEL PARTNERS WITH BRNO UNIVERSITY OF TECHNOLOGY (VUT)

GREYCORTEX is happy to announce that our MENDEL network security tool is now part of the Brno University of Technology (VUT) cybersecurity program. MENDEL is used as part of the compulsory Bachelor’s course called “Information and Communication Technologies Security 2”, offered in the Faculty of Electrical Engineering and Communication specifically the Information Security Program.
The course teaches extended information and communication security knowledge of secure network device configuration, secure configuration testing, and penetration testing. MENDEL is used in laboratory exercises as a visualisation tool for various scans, exploits, and other tests practised by students.
VUT is in the top 5 % of world universities, and offers wide range of education programs. The 30 students in the course as well as the Lecturers are happy that MENDEL’s advanced security tools are available to them. They were especially interested in MENDEL’s intuitive filter and full network visualization. GREYCORTEX is happy to work with the next generation of Security Analysts and to provide the right tools to ready them to participate in the future of network security.

THREAT HUNTING WITH MENDEL

“Threat hunting,” or “cyber threat hunting” is the process of proactively and iteratively searching through networks and datasets to detect threats that evade existing automated tools and is done by a threat hunter or security analyst. It is essential for network security because it works to identify hidden threats within an existing set of network data.
Threat hunting utilizes manual techniques from the threat hunter and machine-assisted techniques, the combination of which aims to find Tactics, Techniques, and Procedures (TTPs) of advanced adversaries. While this methodology is both time-tested and effective, it is also time consuming, and can sometimes miss important clues in mountains of network data. In the article below, we will discuss not only what threat hunting is, but also how it can be made more efficient through the use of modern tools.
Download the article here.

GREYCORTEX MENDEL DETECTS BADRABBIT

GREYCORTEX is happy to report that it is able to detect the BadRabbit ransomware. This ransomware appeared in Eastern Europe (Russia, Ukraine) but has begun to spread across several countries including South Korea, Poland, the Baltic, and regions. It uses an NSA-based exploit known as “EternalRomance” to enter networks and spreads by SMB port.
MENDEL is able to detect this ransomware in two different ways:

  • MENDEL’s integrated ruleset includes a rule specifically detecting the BadRabbit ransomware.
  • Independent from this IDS rule, MENDEL’s advanced artificial intelligence and machine learning detects the ransomware’s anomalous port sweep activity.

This detection capability demonstrates that MENDEL can identify unknown threats before rules are created in rules-based security tools. MENDEL provides network security teams vital extra time to protect their networks.

GREYCORTEX WINS IN POLAND

The success continues for GREYCORTEX. This time, the team was first overall at the Pitch Competition at the 3rd Annual European Cybersecurity Forum held in Krakow, Poland on October 10th and 11th, 2017. The event featured cybersecurity-focused speakers from government and industry across Europe, as well as several from North America.
The Pitch Competition, held on Monday afternoon, as part of the Forum, featured 16 companies from Central and Eastern Europe. As winners, GREYCORTEX received the chance to present MENDEL on the main conference stage to a full audience. The pitch presentation itself focused on the overall costs of data breach – not only in data loss – but in lost business reputation, opportunity, and brand value, demonstrating GREYCORTEX MENDEL’s ability to detect advanced persistent threats in the network, as well as it’s founding – with generous support from YSoft Ventures – and its membership in the ESET Technology Alliance.

MENDEL 2.8 RELEASED

We are happy to announce the latest version of GREYCORTEX MENDEL. Version 2.8 includes three new important features: the first is the Event Collector. Released as part of v2.7 (a limited release), the Event Collector offers the opportunity to centrally monitor events from several remote GREYCORTEX MENDEL collectors. The second major new feature is the Correlation Engine. This tool correlates individual, less-serious events – which together may be indicative of attacks within the network, to more effectively alert security analysts. Finally, MENDEL 2.8 includes proxy pairing functionality which identifies source or destination addresses hidden by proxy servers, which will allow security analysts to better identify potential issues on the network and provide even greater visibility.
New Features

  • Added a beta version of the Correlation Engine, including seven tuned rules which further increase security (The feature may be turned on by going to Settings->System Components)
  • Added a proxy pairing feature to display source or destination addresses hidden by a proxy server

Improvements

  • Optimized the display of charts and tables in the Network module
  • Added information about the type of key exchange algorithms in HTTPS and TLS flows
  • Improved the calculation of flow metrics to show values valid for specific parts

Bug Fixes

  • Fixed issues with disabling deep packet inspection and enabling rules in IDS
  • Fixed an issue with updates to older installations
  • Fixed issues with MS-SQL protocol parsing at higher speeds
  • Fixed an issue with displaying current values on the Network Services tab
  • Fixed an issue with displaying multiple VLAN IDs in a single flow
  • Fixed issues with parsing SMB flows
  • Fixed issues with editing export definitions
  • Fixed an issue with pagination results in the Peers graph
  • Fixed issues with restarting services
  • Fixed an issue with filtering by protocol type
  • Fixed an issue with deleting user-defined filters
  • Fixed an issue with saving user-created or user-defined filters
  • Fixed an issue with displaying VLAN statistics in the Analysis module
  • Fixed an issue with exporting records in CEF and Syslog formats
  • Fixed an issue with long hostnames
  • Fixed issues with calculating the minimum and maximum duration of flows
  • Fixed link formatting in Exports
  • Fixed an issue with displaying ASN names in flows
  • Fixed an issue with displaying host information in the Analysis module
  • Fixed the calculation of RTT and ART metrics in long term flows with unfinished communication
  • Fixed an issue with the validation of row counts in Column Manager

GREYCORTEX WINS AGAIN AT CESA 2017

GREYCORTEX took home the top prize in its category at the Czech Finals of the 2017 Central European Startup Awards (CESA). The Czech final,  held on September 25th in Prague, recognized GREYCORTEX as the Best AI Startup in the country.
The Central European Startup Awards is a series of national events in the CEE countries, recognizing and celebrating the entrepreneurial spirit and startup ecosystems of the region. Having been successful in the AI Startup category in the Czech Republic, GREYCORTEX now competes in the Regional Finals, to be held in Sofia Bulgaria on November 23rd. GREYCORTEX was successful at least year’s Regional Final, winning “Best Newcomer” in Ljubljana, Slovenia.
A list of CESA Czech Winners in 2017 may be found at: http://centraleuropeanstartupawards.com/season-2017/czech-republic-national-winners

GREYCORTEX JOINS ESET TECHNOLOGY ALLIANCE

Excellent news from Brno!
GREYCORTEX is proud to announce that we have been named as part of the ESET Technology Alliance. In addition to complimenting ESET’s existing endpoint security solutions – by addressing traffic within the network, this relationship means that GREYCORTEX MENDEL is now available through all ESET partners, worldwide. You can read our full press release below:

GREYCORTEX Joins ESET Technology Alliance

Brno, Czech Republic – GREYCORTEX, advanced network security solutions provider, is happy to announce that it has been named as a part of the ESET Technology Alliance which provides holistic protection against advanced cyber threats. Launched in 2013, the ESET Technology Alliance is an integration partnership that aims to better protect businesses by offering a range of complementary IT security solutions. All members of the ESET Technology Alliance are carefully vetted against a set of established criteria to extend “best-in-class” business protection across IT environments.
Through the ESET Technology Alliance partnership, MENDEL, GREYCORTEX’s network traffic analysis solution, is now available to enterprise customers through all ESET partners. MENDEL uses advanced artificial intelligence, machine learning, and data analysis to detect threats to enterprise, government, and critical infrastructure networks that other network security solutions miss. It is able to offer rapid detection and response to network security teams, but also gives them the security to know that they can efficiently monitor network performance and visualize the entire network up to, and including the application layer.
Providing effective network security is continually evolving. Security analysts need to be able to identify not just threats like viruses, but also advanced persistent threats like malware, RATs, Trojans, and Zero-day attacks. Analysts also need to know that they have full network visibility on every device and application in the network. MENDEL provides complete network visibility and detailed insight into application and network performance, so that security teams can identify threats before they do damage,” said Petr Chaloupka, CEO, GREYCORTEX.
GREYCORTEX compliments ESET’s existing endpoint security solutions, by addressing traffic within the network. “There are never enough layers of security for one’s network infrastructure,” said Jeronimo Varela, Director of Global Sales at ESET. “The GREYCORTEX solution provides an analysis of any behavioral anomalies that may go unnoticed. Moreover, the solution is easily integrated into the infrastructure of businesses of any size and can work not only as a detection or monitoring tool, but also to provide visibility into the  functionality of additional security components.”
For more details about GREYCORTEX’s solution MENDEL, please click here.
More information about the ESET Technology Alliance can be found here.
About GREYCORTEX
Built on a decade of extensive industry and academic experience, GREYCORTEX uses advanced machine learning and data analysis to help protect sensitive data, networks, trade secrets, and reputations. In addition to the ESET Technology Alliance, serves customers in over 14 countries through its own distributor network. In 2016 GREYCORTEX received an investment of 1.3 million USD from Y Soft Ventures, a venture capital arm of leading enterprise office solution provider Y Soft.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.

MENDEL: SECURITY AND VISIBILITY IN NETWORK MANAGEMENT

Network management is a stressful proposition, comprising not only the administration of the network, but also maintaining its performance, provisioning devices, etc. With the number of devices in a network growing – due in part to IoT within the office and BYOD which come and go frequently, and the risks of advanced persistent malware, the stress is only increasing.

Luckily, GREYCORTEX MENDEL helps reduce the stress of network administration. According to recent studies, 76% of IT Professionals cite lack of visibility as a challenge in addressing issues in their networks. MENDEL offers full network visibility, up to, and including the application layer, without profiling a specific subnet or host. This means that whenever a new device enters the network, or a subnet or host is moved, identifying vulnerabilities or reconnecting appropriate devices is easy to accomplish.
MENDEL also helps network administrators improve their security, especially against advanced threats hiding within a network. It is common to use firewalls, antivirus, but also SIEMs, IPS, sandboxes, etc to protect a network. These various solutions all overlap for layered security, but each can be defeated.
Currently it takes 46 days to detect a network breach. MENDEL steps into these gaps by identifying anomalous network traffic activity, differentiating between human and machine activity, and integrating robust IDS rulesets to identify threats before they can do damage – often within hours. In some cases, like the recent WannaCry ransomware attack, MENDEL was able to identify the attack in a matter of minutes, well before it could start encrypting files.
MENDEL is based on machine learning and big data analysis. It installs in 30 minutes and can be configured in under two hours. It monitors networks using network traffic analysis without slowing traffic. Because deployment is painless, and network speed is preserved, a risk free 30 day trial is truly “risk free.” To find out more about MENDEL, or to see what may be hiding in your network from a 30 day trial, contact your local distributor or GREYCORTEX directly.

WE ARE CESA AWARDS NATIONAL FINALISTS IN 3 CATEGORIES

For the second year in a row, GREYCORTEX has been nominated as a National Finalist at the Central European Startup Awards (CESA) – http://centraleuropeanstartupawards.com. The awards select the best startups from across 10 Central European countries, with the winners qualifying to go forward to the Global Startup Awards.
Last year, GREYCORTEX won Best Early Stage Startup, given in Ljubljana, Slovenia. This year, GREYCORTEX is nominated in three categories:

  • Startup of the Year
  • Best AI Startup
  • Best Newcomer

The Czech winners will be announced at the Czech National Finale on September 25th in Prague. Public voting GREYCORTEX in these three categories is currently open, and may be found here: http://centraleuropeanstartupawards.com/vote

GREYCORTEX RELEASES MENDEL V 2.6.1

In the newest version of GREYCORTEX MENDEL (2.6.1) we have implemented several new features to improve performance, including a new flow scheme. This new scheme will also store more flow data and metrics. Existing data will be automatically transferred into this new scheme to ensure its continued usability. This data transfer process will run in the background, allowing you to continue to work with new flow data. Depending on the amount of existing flow data, the transfer may take few days, but it will not affect system usability.
We have also added a new DHCP application parser. This means you can now use DHCP data to identify hosts by their hostnames, giving you better knowledge/information about hosts; for better and more effective action.
Additional Features

  • Added new aggregated flow structures and their visualizations to achieve better performance
  • Added an additional severity decision mechanism for outlier detection to better highlight larger anomalies
  • Added a new DHCP application parser
  • Added the capability to display unfinished flows
  • Added an additional metric:  UET – User Experience Time – to network flows

Improvements

  • Improved database query performance
  • Improved the precision of the Round Trip Time and Server Application Response Time metrics computation
  • Optimized the performance of the Peers graph for faster loading
  • Upgraded the database to achieve greater performance
  • Set default log interval in log reporting to 7 days

Bugs Fixed

  • Fixed SMB protocol identification
  • Fixed network services model calculation
  • Removed queries to root DNS servers
  • Fixed missing DNS server configurations, which occurred in rare cases
  • Fixed settings for RX queues in network drivers
  • Fixed timezone usage
  • Fixed filtering issues in Incident Management
  • Fixed data inconsistency between Peers and Hosts graphs
  • Fixed report generation where data fields did not display correctly
  • Fixed hyperscan support on non-Intel architectures
  • Fixed password escaping issue
  • Fixed custom server certificate handling
  • Fixed system monitoring data propagation
  • Fixed DNS server settings
  • Fixed ICMP event and flow pairing
  • Fixed MS-SQL protocol parser
  • Fixed time handling in False Positives for different time zones
  • Fixed color configuration for Port Sweep detection
  • Fixed flows search in Outlier events
  • Fixed issue with duplicate hostnames
  • Fixed flow search in limit events
  • Fixed network configuration calculation
  • Fixed Url Share functionality in the comments field in Incident Management
  • Fixed filtering issue in Incident Management
  • Fixed pagination in Incident Management
  • Fixed issue in Url Share
  • Fixed transfer data calculation in the Peers graph
  • Fixed firewall autoconfiguration when enabling Netflow source
  • Fixed events filtering by name
  • Fixed subnet traffic calculation
  • Fixed allow/deny configuration description
  • Fixed the “To Filter” button in Peers graph
  • Fixed port and service name filtering
  • Fixed other issues related to Incident Management
  • Fixed subnet icons in Events
  • Fixed vulnerability to CVE-2016-2183
  • Fixed empty service description editing
  • Fixed false positives value editing
  • Fixed ICMP flow filtering on services
  • Fixed the assignment of hosts into incorrect subnets
  • Fixed host information display in the Analysis module
  • Fixed invalid DHCP transaction IDs in individual flows
  • Fixed DHCP parsing issues on flows from the DHCP relay
  • Fixed the password warning message when the password is shown as invalid during installation
  • Fixed the event payload display in IDS events
  • Fixed issues with special characters during installation
  • Fixed an issue with filtering port number and service name together
  • Fixed an issue with flow duration calculation
  • Fixed cancel button functionality in Flows view
  • Fixed calculation of the number of subnets in Events
  • Fixed the use of an incorrect filter in subnet to filter function in the Events tab
  • Fixed the filling service in False Positive
  • Fixed traffic information in incident links