Annanowa

Get Started

Artificial Intelligent

OUR BUSINESS PARTNERS

We have developed easy-to-follow cybersecurity information and resources to support people from non-English speaking backgrounds to be more cyber secure.The Annanowa Cyber Centre is the single unified source of expert advice, guidance, services, and support on cyber security for Turkey and International.

Acalvio-AppViewX-Arbor-BackBox – BeyondTrust – Binalyze – Blancco

[Acalvio][AppViewX][Arbor][BackBox][BeyondTrust][Binalyze][Blancco][Brandefense][Check Point][Cloudflare][CrowdStrike][CyberArk][Dece][Dell][Entrust][FileOrbis][Forcepoint][Forescout][Fortinet][Ground Labs][IBM][Indeni] [Infoblox][Invicti][Iriusrisk][Ivanti][Mbcom][Opentext][Microsoft][Nexus][Oracle][Picussecurity][Qualys][Rangeforce][Recordedfuture][Sailpoint][Saaspass][Securecodewarrior][Sonatype][Taurushq] [Tenable][Thalesgroup][Threatmark][Titus][Tripwire][Tufin][Vectra][Veritas][Waterfall] [Zimperium]

Infrastructure And Network Security

New Generation Firewall
Firewalls are an essential part of network security. A firewall controls the flow of traffic between networks within the framework of the rules defined on it. Its most common purpose of use is to protect the internal network of institutions from internet-based threats. It examines the incoming traffic, compares it with the rules defined on it, blocks the traffic according to the result, allows the traffic or forwards it to other network security technologies to take another action. New generation firewalls, where we can design logical network segmentation with agile and flexible methods; It is one of the solutions that can run many security functions such as Application Level Control, User-Based Content Control, Intrusion Prevention and Detection Systems (IPDS), SSL/TLS extraction, URL Filtering, APT protection, DNS protection.

Check Point

Content Filtering / Proxy
“Content filtering is applied to users’ e-mail and web access. The aim is to prevent content such as spam, viruses, and malware from harming systems through e-mail and web access. Considering that new websites are constantly being opened today, the content of websites can change instantly, and e-mails containing phishing and malicious code are changing shape and becoming widespread, it is very important that content filtering Services are effective Services that adapt to this rapid change. With content filtering, it is also possible to prevent users from accessing sites and applications that are not suitable for their business purposes.”

Symantec ForcePoint

APT Protection And Sandboxing
Firewall, IPS, anti-virus and content filtering services that can detect malicious codes with signature-based methods are insufficient in detecting malicious software developed specifically for institutions. These attacks, which we call APT (Advanced Persistent Threat), are also called “zero-day attacks” because a signature has not yet been developed. It is possible to prevent APT attacks thanks to the use of malicious code analysis and blocking services that run a copy of the traffic on virtual systems, examine its behavior and stop the traffic if a suspicious situation is detected.

Symantec Check Point

Network Access Control (NAC)
The general opinion is that attacks on corporate networks are external. However, the real danger is the dangers coming from within the network. If you do not know what is happening on the network, it is not possible to take precautions against dangers. It is necessary to maximize security control at physical network access points (printers, IP phones, cameras, smart TVs, etc.) located in common areas. To give an example of the dangers that may be encountered; malicious people can easily infiltrate your system by copying the MAC addresses and/or IP information of devices from network access points located in common areas such as meeting rooms. It is possible to prevent such intrusion attempts with Network Access Control (NAC) Services. With NAC technology, it becomes possible to see the details of each device on the network and take automatic precautions against possible threats.

ForeScout

DNS Security
“DNS is one of the most mission-critical systems of every organization. Inaccessibility of DNS within the organization can render all business continuity inoperable. DNS has become a vector frequently used by attackers today. Volumetric DNS attacks, NXDOMAIN attacks, DNS vulnerability exploitation, DNS server hijacking, poisoning, DGA attacks are the most common ones. DNS security aims to ensure the integrity and accessibility of DNS, as well as to protect against advanced attacks or prevent a threat that may occur internally.”

İnfoblox

SSL/TLS Visibility
“The Internet has become a part of every process we use in business continuity, from cloud applications to email traffic, from file sharing to web access. Sending sensitive and critical data encrypted during transmission is one of the most basic methods. However, encrypted traffic is also frequently used by attackers to leak their malicious content to the corporate network. SSL/TLS visibility is an important technology solution for detecting advanced threats and malware. SSL/TLS visibility platforms are used to open the content of SSL/TLS traffic and send it to the relevant security tools for security audits and checks.”

Symantec

DDOS Protection
One of the most common types of attacks seen today is DoS and DDoS attacks. These attacks aim to make the target system inaccessible / unusable for a while. DoS/DDoS protection; It provides service-based prevention of attacks on servers running on the web. With these services, it is possible to reduce the response time of opened connections, provide protection against abnormal traffic, and prevent DoS/DDoS attacks.

CloudFlare Arbor

Network Packet Distribution Platform (Network Packet Brokers)
A network security distribution platform is a solution that can connect to the network virtually or physically and distribute traffic to relevant security devices or other applications as needed. By taking a copy of the current network traffic, they can filter according to different criteria and combine multiple traffics. These platforms also have the ability to produce multiple copies from a single link. At the same time, it is also possible to take meta-data from network traffic and direct it to various security analysis services.

Ixia

Network Device Backup
All settings and rules you make on network devices can be completely deleted due to a hardware or software problem that may occur on the device. Therefore, your network may be unprotected. Periodically or after each change, you need to take a backup of your network device and store it in a safe place. Backup and storage may not be a problem for an institution with several devices, but in institutions with complex structures and devices, you should prefer Services that automate backup, monitoring and safe storage.

Backbox

Cloud Security – Identity And Access Management

Cloud Security

Secure Access Services from the Cloud
We see that institutions are undergoing a serious digital transformation in Information Technologies day by day. It is also obvious that this transformation has significantly increased the importance of cloud technologies. The transition of institutions to SaaS applications, the transition of users to remote working methods, the shift of data from traditional data centers to cloud services, the increase in MPLS costs, the increase in traffic from remote offices to cloud services instead of the central office data center, and the formation of SD-WAN architectures are all leading to the reshaping of security needs. In all these sets of needs, SASE can offer WAN architecture and network security functions through a single and cloud service model. With the “Security-As-A-Service” modeling, many security functions such as firewall, IPS, SSL/TLS extraction, sandboxing, DLP, CASB can be modeled as a service with User-Centric Management and “Zero Trust Network Access”.

CloudFlare

Cloud Application Access Security
The increase in cloud applications, institutions starting to move their data to Public-Cloud environments, and in a world where users are everywhere, it is a very serious need that data needs to be managed at every point. CASB acts as a separator and distributor between cloud applications and the corporate network, and can offer many security functions as a solution set such as ShadowIT detection, listing of Defined-Undefined SaaS applications, encryption of data in cloud applications, SSO, device profiling, logging and malware detection.

Symantec ForcePoint

Identity And Access Management

Yetkili Erişim ve Ayrıcalıklı Hesap Yönetimi
Gittikçe büyüyen BT ortamlarında ayrıcalıklı hesaplar ve servis hesaplarının da sayısı hızla artmaktadır. Birçok yetkiye sahip bu hesapların doğru şekilde yönetilememesi büyük güvenlik risklerini de beraberinde getirir. Hedefli saldırıların (APT) çoğunda amaç, herhangi bir ayrıcalıklı hesap bilgisini ele geçirmek ve bu yetkileri kullanarak saldırıyı gerçekleştirmektir. Ayrıcalıklı hesaplara ve servis hesaplarına ait parolaların uygun şekilde yönetilmesi, sistemlere yapılan erişimlerin daha sonra gerektiğinde başvurmak üzere kaydedilmesi hem güvenlik yönetimi hem de ISO 27001, PCI DSS gibi standartlara uyum açısından büyük katkı sağlamaktadır.

CyberArk

Identity Governance, Single-Sign On, Role Management
Identity and access management systems are the most important tools that ensure the implementation of policies for application security. These Services provide important functions in terms of operational efficiency and productivity in addition to security and compliance. Since applications allow users to access raw data structurally, process it and execute corporate processes, their uncontrolled access creates a security gap for institutions. Therefore, it is necessary to be able to manage who can access which application, why, how and when. Institutions that perceive security gaps arising from application access as a threat want to create policies against it and put measures into effect to implement the policies. Identity and access management Services come into play at this point in the context of application security. The ability and capabilities of Identity and Access Management systems to work fully automated depend on their ability to work based on roles. Role Management is of vital importance in this sense. We call the systems that manage the life cycle of roles Role Management systems. In this sense, Identity, Access and Role Management systems complement and feed each other.

SailPoint Oracle İdentity Management

Multi-Factor Authentication
Strong Authentication Services aim to increase the level of security by adding a second factor to the standard password application when accessing a computer, application or corporate network. These Services, which can be summarized as making authentication secure by combining “something you know” with “something you have”, are encountered in many areas in our daily lives, from cash machines to one-time passwords and mobile signature applications on banks’ websites.

Thales

Risk and Compliance – Endpoint And Mobile Security

Risk and Compliance

Network Risk Analysis and Rule Change Management
Firewall rule analysis and configuration management services allow the management of security policies on firewalls, routers, VPN Solutions and other related devices used within the organization and the prevention of security vulnerabilities that may occur due to incorrect rules. It helps you easily implement your network security policy by automating control processes that require intensive labor and are prone to error.

Tufin

Third Party Risk Management
Supply chain attacks have become a serious problem for organizations. In particular, being able to manage the risk of third party organizations that companies work with has become an important topic.

File Integrity Monitoring
To detect attackers or users who access file systems without authorization, change or delete files, or add new files for different purposes, it is necessary to monitor the integrity and changes of operating system folders. It can also monitor changes to critical files, log files, and files containing application settings instantly, daily, or weekly.

TripWire

Endpoint And Mobile Security

Endpoint Protection Platform
Endpoint security is one of the most important solution sets that organizations cannot afford. It is an inevitable fact that attackers target the endpoint during the attack lifecycle. Prevention and protection mechanisms need to be expanded to user computers, workstations, servers and mobile devices. Traditionally, anti-virus systems have now become endpoint protection platforms. Anti-malware, host firewall and IPS, behavioral analysis, machine learning-based exploit prevention, device control, application control, Active Directory protection, and EDR capabilities provide a protection mechanism with multi-function features.

Symantec CrowdStrike

Server, Virtualization and Data Center Security
Today’s data centers have become Software Defined Data Centers (SDDC). Compression and hardening, host-based IPS control, Application Whitelisting management, file and system tamper protection, and many other topics have become security functions of the server and virtualization platform in the new generation data center.

Symantec

Mobile Device Management and Device Security
It is clear that mobile devices, which are increasingly used in business life, provide productivity increases for both employees and companies, and provide benefits such as being able to work and access resources in any environment. However, in order to use these devices in accordance with company security policies, to control which resources users can access and in what way, and to be protected from the rapidly increasing threats in the mobile world, “mobile security Services” are needed. These Services ensure that e-mails, files and other resources containing sensitive data can be used in a way that will not cause any security gaps or data leaks inside and outside the organization. When corporate or personal devices are lost, they prevent critical data from falling into the hands of others with a second authorization method. Thanks to mobile device management (MDM), mobile application and content management and secure mobile access Services, it becomes possible to manage smart devices according to corporate security policies and to effectively use different security levels and policies according to location. Additionally, with Mobile Security Services (Enterprise Mobile Security), you can protect your organization and its resources against threats that may come from rooted devices, phishing or mobile applications with machine learning-based measures.

Indeni Zimperium

ICS/SCADA Security – Unique Solutions

ICS/SCADA Security
Attackers’ only target is not the computers in our homes or the servers in our companies. The security of industrial systems and critical infrastructures has been under threat for a long time. Industrial Control Systems (EKS/SCADA) are used in all critical infrastructures such as energy and natural gas infrastructures, water networks, health systems, rail transportation infrastructures, air transportation control systems, defense industry infrastructures, nuclear facilities and production facilities, and the concept of “security” emerges as an important concept that must be taken into consideration in the design and operation of these systems. In scenarios where the systems in question are damaged and become inoperable, it is possible for large-scale material and moral damages to occur.

ICS Fusion

Unique Solutions

Bizzy
99% of attacks are carried out using vulnerabilities that have been known for more than 6 months. Classic vulnerability management tools are insufficient to close vulnerabilities that have a high impact on your business in a timely manner! Bizzy is a risk and vulnerability management platform that associates information from multiple data sources using machine learning. Bizzy combines, classifies, prioritizes and provides effective risk management of your vulnerabilities. Bizzy, which is used in nearly 20 institutions in different sectors such as telecommunications, finance, energy, automotive, defense, and retail, has also started to gain international references.

Bizzy

SignArt
With its proven and powerful technical architecture, SIGNart is an e-signature library that enables electronic signatures in accordance with international standards from a common interface for HSM, smart card and mobile signature.

SignArt

Application Security

Static Code Analysis
The importance of the concept of secure software development is well understood today, and this concept has been accepted as an element that reduces software development costs and time and increases the quality of the software. It is also the most effective way to prevent many security incidents that may occur during software use at their source. Static code analysis services examine the source code, reveal security vulnerabilities and their causes, prioritize vulnerabilities and determine the paths to be followed for their elimination. It provides code developers with information about best practices. It is possible to use these opportunities to examine all codes, including mobile applications.

OpenText CodeThreat

Dynamic Application Security Testing
We know that web-based assets are under serious attack vector today. Dynamically scanning and reporting vulnerabilities of applications during the test or operation phase is an important part of application security. Discovering and verifying vulnerabilities and integrating into DevOps processes and tools are made possible with DAST.

Netsparker OpenText

Software Composition and Open Source Security
Today, we see that the use of open sources in the application development cycle has increased significantly. Application development in institutions is built on libraries and frameworks downloaded from many sources such as GitHub, npm, Maven, Pypi. Software composition analysis and open source security have become an important part of performing security scans of open source libraries and frameworks, revealing their vulnerabilities and risks, and auditing relevant license violations and creating a secure life cycle in application development.

Sonatype

Threat Modeling
“Planning” in application development is the first and most important step to ensure that the DevSecOps culture can be operated. Adapting the security ecosystem to the planning phase is to provide the “Security By Design” approach for application development. Detecting existing risks in advance and detecting and eliminating them at the initial stage will minimize a possible security incident in the flowing processes of DevOps. Thanks to automated threat modeling tools, flow diagrams can be created and risks, compliance challenges and threats can be operated with a model.

IriusRisk

Secure Software Development Training Platform
One of the main topics underlying application security is to increase the security awareness of Software Developers. In the secure software development life cycle, it is very critical for developers to receive basic security training such as OWASP Top 10 and new attack vectors. Thanks to the new generation “challenge” platforms, in addition to increasing the security awareness of each software developer in a continuous manner, motivation management can also be provided.

Secure Code Warrior

Container & Kubernetes Security
Cloud-based new generation application architectures moving from monolithic architecture to microservice architecture are one of the most popular services of today’s transformation. Dockerized environments, Public-Private Cloud architectures, Kubernetes clusters used in this framework have created new security problems within the security ecosystem. While the vulnerability detection of dockerized images used in these environments is the most basic issue in container security, it is also important to detect security risks that these images may pose in real-time environments (runtime). Many other topics such as firewall, IPS, WAF capabilities, authorized access management to container areas, password vault management, process control, compatibility and regulation compatibility at the microservice level have been addressed to be solved within the container security solution set.

Polo Alto Networks Qualys

Web Application Firewall
Web services, which are increasing day by day, have an important place in the business processes of institutions. Many institutions have to deal with hundreds of different attacks on the web applications and web APIs they open to the outside during the day. Web Application Firewalls examine the traffic coming to web services in-line, detect them and have the ability to block malicious traffic. It is important that WAF Services, which can be designed with security models with a negative and positive security approach, are integrated in accordance with the new generation microservice architectures.

F5

Bot Blocking and Detection System
Not only known attacks occur on the applications of institutions. Attackers use more than one method to take over or exploit web applications. Methods such as identity theft, fake account use, exploitation of personal data, web scraping, and BOT use can be counted. Using new generation detection systems can be effective in detecting these attack vectors, which are difficult to detect with WAF tools.

CloudFlare HUMAN Bot Defender DataDome Appdome Fingerprint

Online Fraud Detection
With the serious development of mobile and web applications within institutions, fraudulent activities coming through these channels have also increased significantly.

In fraudulent activities, attackers need to have new capabilities in detection mechanisms as they use cyber attack vectors and methods. OFD technology, mobile SDK, web JS collectors can prevent users from performing malicious transactions (especially banking transactions). In addition to detecting threats, other fraudulent activities can be detected with device profiling, user behavior analytics, and navigation control.

ThreatMark

Data Security

Data Leak Prevention
Data leak prevention services are developed to prevent data that is confidential for the institution from leaking outside the institution. Data is detected, monitored and protected in the environments where it is stored (such as a file server), transmitted (such as web, e-mail, instant messenger, ftp) and used (such as user computers, USB flash drives). Various “deep content analysis” techniques are used to detect and protect data. DLP Services can also work integrated with content filtering Services.

Symantec ForcePoint

Data Classification
It is becoming increasingly difficult to keep data under control as its size increases day by day. Institutional data, which can be found in many different formats and environments, must first be structurally classified according to the institution’s needs and its criticality level must be determined. On this basis, necessary precautions can be taken to protect critical data. It is possible to meet this need with data classification services. Thanks to these services, it becomes much easier to determine the class of data and implement institution policies. Classification services are also critical to prevent data leakage.

Titus

Credit Card and Sensitive Data Discovery
Credit card information is one of the most sensitive information that must be properly protected under the PCI DSS standard. However, it is essential to take precautions to protect sensitive information not only to comply with this standard, but also to protect corporate reputation and avoid card theft. Credit card and sensitive information discovery services scan all files, shared areas, e-mails, databases, and storage areas in your system to discover where sensitive information such as credit cards and Turkish Republic ID numbers are located and guide you to take appropriate precautions.

GrounLabs Thales

Data Encryption
Many precautions are taken to prevent people from accessing data that they are not authorized to. Despite all precautions, there is a small possibility that unauthorized people can access the data. Against this possibility, data should be protected when it falls into the hands of unauthorized people. Encryption and tokenization technologies are used for this purpose. Format-Preserving Encryption technologies used in this context are a solution group that uses up-to-date and strong algorithms to establish encryption mechanisms that will not disrupt the format in accordance with data privacy policies in a structured or unstructured form or in transmission, in use or at rest.

Thales

Hardware Security Module
HSMs are devices designed to increase the security of encryption processes and provide suitable environments for storing sensitive information. In addition, they have areas of use such as database encryption, document signing, online banking, EFT transactions, root key protection. The number of digital signatures that these devices can create per second is very high. Therefore, they are used in processes such as electronic invoices and electronic document creation for both performance and security reasons. These devices are preferred for compliance with criteria such as PCI DSS, SOX.

Thales Entrust

Data Erasure
Data erasure Services add an additional layer of security to endpoint security policies by ensuring that IT assets are securely erased. All deletions are verified and confirmed through a secure audit trail that protects against any changes to the data.

Blancco

Data Access Governance
Data governance Services allow you to gain full control over unstructured data and increase visibility. With these Services, you can determine who accesses your sensitive data and how, and ensure that employees only access folders and files within their authority, in accordance with your access rules. In addition, it is also possible to classify data on a folder basis. With the machine learning feature, it is also an added value that these Services can provide by tracking users’ access habits and identifying unusual access.

SailPoint

Certificate Lifecycle Management
Digital certificates and SSH keys have an important place in information systems in terms of identifying the identity of assets. It is important to manage these certificates within a lifecycle within the scope of security risk. Discovery of certificates in all IT assets and keeping their inventory organized, checking the up-to-dateness of algorithms, monitoring renewal and cancellation periods constitute an important solution in this process. In addition, automatic generation of new certificates from internal and external certificate authorities and automatic loading of them to IT assets is an important function that can be used within this lifecycle.

AppViewX

File Synchronization and Sharing Platform
File Sharing platforms work to quickly meet the increasing file systems, file sizes and sharing needs. While meeting the increasing file access and sharing demands of end users, they also aim to minimize the time spent by IT units, technological threats, and risks arising from legislation and certification.

FileOrbis

Data Backup and Recovery
Institutions need to back up their data regularly and create recovery procedures within their business continuity plans in order to ensure business continuity against possible failures and cyber attacks. Being able to manage this entire process through an enterprise-level tool with software, hardware and cloud architecture is an important solution set.

Veritas

Security Operation, Incident Response, Threat Management

Security Information and Event Management (SIEM)
Logs stored on system components are used for many purposes such as troubleshooting, security, evidence creation, and compliance. Log management is one of the most important components required to comply with regulations such as ISO 27001, GDPR, Law No. 5651, PCI DSS. Depending on the type of logs kept, it is possible to collect and record various information such as which systems users access and when, occupancy rates, performance levels, tables accessed in databases, and the changes made.

Although log management is necessary, it is not sufficient. The collected logs should be associated, archived, and reported. With Security Information and Event Management (SIEM) solutions, it is easy to find meaningful information from millions of lines of logs, suspicious events can be revealed, and strong security analyses can be performed.

IBM OpenText

Security Orchestration, Automation, and Response (SOAR)
It would take hours for a security analyst at the security operations center to initiate, contain and terminate an alarm response. This duration makes security orchestration and automation an important topic in incident response against cyber attacks, where we race against time.

Security orchestration and automation prevent the security analyst from spending so much time on repetitive manual processes. SOAR tools are becoming indispensable for today’s modern security operations centers and cyber incident response teams. It allows for the automatic running of scenario-based event responses in a series of operations within a flow diagram. In the simplest scenario, it can prioritize an alarm that occurs within SIEM, enhance the alarm, and block and isolate in an IT system operating on the prevention layer.

IBM

Endpoint Detection and Response (EDR)
Visibility and the quality of the detection mechanisms are some of the most important concepts in the security operation center. Organizations can increase the detection and visibility of advanced threats by further collecting, analyzing, researching, and reporting incidents that occur at endpoints. EDR technology is one of the most important solutions that can perform threat discovery, prioritization, analysis, and intervention with the data collected from endpoints. Thanks to its continuous monitoring, collection of user, file, registry, memory, network, and process activity information, it can detect a threat that may occur from inside or outside in near real-time, take actions at the relevant endpoint, or integrate easily and flexibly with tools such as SIEM and SOAR.

CrowdStrike Symantec Check Point

Network Detection and Response (NDR)
Attackers move within the network while performing their attacks. Sometimes they do it in a north-south direction, sometimes east-west. Malicious or untraceable activities at the BIOS level may not allow sufficient visibility to the mechanisms used to detect threats. On the other hand, attackers attack within a life cycle, and part of this cycle is their movement within the network.

NDR provides a solution for detecting advanced threats from attackers by collecting, processing, and analyzing all activities occurring in the network in data format. Thanks to its machine learning algorithms and advanced analytics capabilities, it is an essential tool in detecting attacks that bypass traditional intrusion detection systems. Integration with other important security solutions such as SIEM, SOAR, EDR, TI is also crucial.

Vectra

User and Entity Behavior Analytics (UEBA)
User-based association on security event management and correlation systems is operationally very challenging. Profiling and user-based threat detection may mean entering dozens of different rule sets. UEBA technology can monitor the time-based activity of each user in the organization via a certain algorithm. This allows the detection of abnormal user activity, advanced malware detection, and user-specific threat hunting. Thanks to rule-based signature matching, pattern matching, and advanced analytical capabilities based on machine learning, incidents can be investigated.

IBM OpenText

Deception Platform
By using trap systems, that is, trap and bait systems that deceive and collect information about the attackers or users who have unauthorized access to information systems, it is possible to better understand the attack techniques and take precautions before the systems are actually attacked. Deception technology distracts attackers and saves time until they get to your real systems.

Thanks to the traps and baits placed in the network, the attack is contained and continues only within the trap. In this way, the threat hunting surface will increase, and event monitoring and analysis can be further enhanced using more data.

Acalvio

Cyber Attack Simulation and Validation Platform
Testing how systems will respond to a possible cyber-attack and determining the measures to be taken before the attack occurs constitutes an important set of solutions. These security tests, performed using current threat libraries and modern methodologies (MITRE ATTACK, Cyber Kill Chain, OWASP, etc.), constantly check security systems such as NGFW, IPS, WAF, EPP, SIEM, EDR, NDR to ensure that they are accessible and effective against current threats. Allows you to meet the regulation and compliance requirements.

Picus

Cyber Threat Intelligence Service
In conventional methods of warfare, the more intelligence obtained from the opponents, the stronger the protection against the attacks. The same is true about cyber environments. Being aware of the preparations for a cyber attack on an organization or senior officials in advance provides a great advantage to protect against these attacks. In this way, necessary measures can be taken and attacks can be prevented. Through threat intelligence solutions, data collected from open or closed Internet sources is turned into useful information through machine learning and made available to the organization

RecordedFuture BranDefense

Central Vulnerability Management
Information systems are built on asset management. Measuring, monitoring, and reporting the risk of each asset is critical both for compliance with laws and regulations and for a fundamental IT Risk management process. Measuring risks is possible by detecting vulnerabilities and gaps in information assets. Research shows that the vast majority of attacks exploit known vulnerabilities. The discovery, prioritization, analysis and, improvement of vulnerabilities, actively, passively, and continuously, and managing them in a life cycle minimizes the risks.

Tenable Qalys

Network Forensics Platform
An important part of the incident response process is the analysis and examination of all relevant evidence. The network forensic analysis platform is built through full packet capture of the data collected on the network and storage of all the contents in a central unit. In this way, in-depth examination of case and evidence, root analysis of historical activities, abnormal behavior detection, and harmful content detection can be performed.

Symantec

Cyber Range Platform
A cyber range is one of the core parts of the security operations center. It ensures that security analysts are ready to take action during a cyber attack, both with the training they will receive during the drills and through real-world scenarios they face in threat emulation environments.

RangeForce

Core Values – What Drives Us Forward

Annanowa CyberGenThreat enables STM analysts to obtain cyber threat strategy data by automatically collecting data from various sources (deep/dark web, social media, blogs, forums, etc.) by enriching it with subject and event-based records. In this way, it is possible to detect the activities of cyber threat actors, to prevent cyber attacks before they occur, and to prepare for protective measures. Thus, possible economic losses and reputational damage that may occur as a result of possible attacks can be prevented.

Intelligence data (blacklist IP addresses, domain names, malware hash values, vulnerability data) can be integrated into security devices. With the task management feature, manual/automatic task definitions can be made for the detected findings and thus incident tracking can be done.