Proactive Defense
Systematically assess, stress test and build your cyber resilience while meeting your business performance needs. Annanowa Cyber Security applies robust methodologies and expertise to help you increase your security against threats, overcome complexity, build resilience and manage risk.
Strengthening Security Posture Assess your resilience across multiple security pillars and against both best practices and Annanowa Cyber Security’s major attack scenario methodology. Identify vulnerabilities, align security to threats, and optimize your portfolio to maximize security ROI.
Compromise Assessment Proactively hunt for sophisticated attacks on your network and detect and defeat attacks at an early stage. Leverage Annanowa Cyber Security’s Advanced Compromise Assessment process to build confidence in the security of your network and data assets.
Annanowa Cybersecurity-Design Support the evolution of business, platform, application, program and digital transformation with security by design. We will work with you to apply resilience design principles and create a cyber strategy and architecture that will be effective, efficient and adaptable from the start.
Visibility and IR Readiness Improve visibility, logging, analytics, and incident processing to create rapid detection and response capabilities. Assess and improve your processes and contingencies to improve cyber readiness, reduce response time, and minimize the impact of a breach.
Red Team and War Games Stress test your network and train your security and IT teams with attack simulation and Annanowa Cyber Security’s advanced Red and Purple Team methodologies. Build management knowledge and capabilities to lead in cyber crises through tabletop exercises based on real-life experiences.
ICS Assessments Diagnose and improve the safety and security of industrial control systems, SCADA, and IOT. Our approach is designed to address security needs across IT and OT, including manufacturing, critical infrastructure, utilities, and data centers.
Threat Response
Quickly detect and detect attacks on your network to minimize and ensure effective recovery. Annanowa Cyber Security has built one of the most robust forensics and incident response capabilities designed to effectively counter unregulated attacks.
Manage risks, contain and defeat attacks Swiftly contain and defeat attacks within your network, while minimizing impact and enabling effective recovery. Annanowa Cyber Security has built one of the strongest forensics and incident response capabilities, designed to effectively counter the most sophisticated attacks.
Incident Response Incident response is a surgical combat operation within your network. In many cases, it also poses a strategic challenge to business. Cyber Security’s response teams combine technological agility and depth, an unparalleled understanding of the attackers, and extensive experience in investigating, containing and remediation threats, from criminal groups to state-level attacks.
Forensics Support Perform digital forensic investigations of internal and external incidents. Strengthen your capabilities with Annanowa Cybersecurity Tier 3 support by assisting your experts with forensic identification, reverse engineering, and evidence preservation. Manage uncertainty by determining if security alerts pose a critical risk and receive actionable recommendations to remediate vulnerabilities and mitigate threats.
Advanced Monitoring Strengthen security by leveraging Annanowa Cyber Security’s capabilities to monitor your network after incident response or during times of significant business and security risk. We use advanced monitoring, analysis, and hunting capabilities contextualized to your needs and focused on advanced targeted attacks.
We set out to establish Annanowa Cyber Security because we believed we could make a difference and make a real and lasting impact on the security of organizations. Annanowa Cyber Security exists to help organizations build resilience, defeat attacks, and excel in the cyber age. We are building a technology and services company that we would want to hire ourselves. We go where we are needed and deliver the highest level of professional excellence, commitment, and determination. These are what define who we are.
Our Services
End-to-End Solutions to Empower Your Business
We bring cutting-edge technological expertise and technical innovation to your security. Our teams bring together the best attack specialists, forensic experts, data scientists, system architects, and enterprise security engineers. They leverage both commercially available capabilities and proprietary technologies developed by our R&D group.Security is a structure consisting of technology, structure, process, strategy and people. We address all these dimensions comprehensively. Ultimately, we aim to provide security against the highest impact risks to your business and focus on the highest impact opportunities to strengthen your resilience. When under cyber attack, every minute counts. Our response teams can outmaneuver the enemy and thwart attacks quickly and decisively. We use Annanowa Cyber Security’s proprietary incident response technology suite, but we can also leverage existing solutions in your environment to maximize efficiency and speed.
Asma
Asma offers you a range of ways to discover and manage information assets in your network in a regulatory-compliant manner. You can define your information assets and business processes from a single center and easily track them throughout their lifecycle – all in one place!. Asma is a web-based cybersecurity software developed to detect and manage your network assets. It discovers MAC and IP addresses of assets, operating systems and running services and helps you protect information such as owner, responsible, brand, model. ASSET DISCOVERY METHODS
Adapters are used to detect assets with IP addresses and TCP services provided through these assets. The list of adapters that can be activated for asset discovery is given below. While these adapters sometimes provide the collection of a lot of data about the asset on their own, they are sometimes used to enrich the data discovered by another adapter. Therefore, activating as many adapters as possible and collecting as much data from the network as possible will speed up asset discovery and enable the discovery of more assets.
Port Mirror
The port mirror adapter on the relevant sensor is activated via the ASMA Central Management Component interface. Then, the mirror port traffic received from a central network device deemed appropriate for asset detection is directed to the relevant sensor. From the moment the traffic starts to arrive, IP assets and TCP services on these assets are discovered depending on the data passing through the port mirror.
Netflow
The Netflow adapter on the relevant sensor is activated via the ASMA Central Management Component interface. Then, the Netflow traffic is directed to the Sensor IP address via a central network device deemed appropriate for asset detection. Based on the data in the incoming Netflow packets, IP entities and TCP services on these entities are discovered.
VMware
The VMware adapter on the relevant sensor is activated via the ASMA Central Management component interface and VMware user information is entered. The ASMA sensor connects to the VMware server and retrieves information about all active ‘Guest’ and ‘Host’ machines with IP addresses and sends it to the Central Management component.
Microsoft Active Directory
The Active Directory adapter on the relevant sensor is activated via the ASMA Central Management component interface and Active Directory user information is entered. The ASMA sensor connects to the Active Directory server and retrieves information about all machines in the directory and sends it to the Central Management component.
Microsoft DHCP
The Microsoft DHCP adapter on the relevant sensor is activated via the ASMA Central Management component interface and the necessary information is entered to access the Microsoft DHCP log file. The ASMA sensor reads the DHCP file it accesses, retrieves information about the IP addresses distributed by the DHCP server and sends it to the Central Management component.
DNS Server
The DNS records of the entities discovered with all adapters are detected with this adapter without any additional adjustments and enriched with DNS information.
Layer 2
The Layer 2 adapter on the relevant sensor is activated via the ASMA Central Management component interface. After this process, the sensor listens to the ARP traffic on the network it is on and enables the discovery of the IP addresses of the entities on this network. When the ‘Active Scan’ feature on the adapter is activated, it performs a TCP port scan on the discovered IP addresses and enables the discovery of the open TCP ports on the discovered entities.
Features;
Active – Passive Asset Discovery
Detects IT assets in real time through sensors positioned on network segments.
New Asset Detection
Immediately detects when an asset that is not in your network inventory appears.
New Service Detection
Detects when a service occurs on your assets.
Service Change Detection
Detects service changes on assets in your network.
IP Address Change Detection
Detects IP address changes on your assets.
MAC Address Change Detection
Detects MAC address changes on your assets.
Asset-Based Correlational Anomaly Detection
Detects security anomalies on your assets with predefined correlation rules.
Easy Asset Inventory Management with User-Friendly Interface
With its user-friendly interface, it allows you to collect and manage asset inventory as soon as it is installed.
Two-Factor Security
To perform a DDoS test; both the operator (the tester) and the customer (tested) must approve the relevant test. In this way, the test is only guaranteed to the party who wants to take the test.
Emergency Stop Button
The tests being performed can be stopped by one-touch if desired. In case of unexpected situations, tests can be stopped deliberately and restarted at any time.
LoDDoS
LoDDoS is a cloud-based DDoS Test platform offered in the software-as-a-service (SaaS) model.
Thanks to LoDDoS, organizations are exposed to a real but controlled DDoS attack that is not initiated by the attackers, but initiated and managed by themselves. Thus, they can easily test the limits and capabilities of their information technology infrastructures, DDoS protection systems/services and incident response mechanisms as desired.
Tests defined on LoDDoS can be started with a single move, monitored live and stopped in a controlled manner at any time thanks to its user-friendly interface. Tests can be repeated as often as desired, reports can be produced at the end of the test and shared with stakeholders.
At the end of each test, the DDoS Resiliency Score (DRS), which shows how resistant the target system is to the DDoS test performed, is automatically calculated and reflected in the report.
LoDDoS is a useful and effective DDoS test platform for red and blue teams. In manual DDoS tests, the DDOS test preparation stages, which take a long time and require technical expertise, are automatically performed by LoDDoS. Tests are easily performed, and according to the test results, DDoS protection systems/services, network and security devices, applications, incident detection and response capabilities can be evaluated for improvement.
LoDDoS Architecture
LoDDoS basically consists of 3 components.
Command control center where attacks are defined, managed, monitored and reported,
- Bot network that performs attacks,
- Monitoring where target systems are monitored.
- The command control center is managed via a web interface.
There are different user roles for management, operation and monitoring, and the system is protected with 3-stage security authorization based on these users. The bot network runs on the cloud service provider and all bots are managed by the command control center. The number of bots in the bot network, the geographical location of the bots, and the created bandwidths can be changed via the command control center according to the test scope. The monitoring types to be performed by the monitoring tool are also managed by the command control center in the same way.
LoDDoS is an automated DDoS testing platform that is managed through a web interface. The platform allows organizations to experience DDoS attacks using real attack parameters. LoDDoS includes:
- Command Control Center
- Bot Networks
- System Monitoring
The Digital Operational Resilience Act (DORA)
Unlock DORA Compliance with LoDDoS!
LoDDoS plays a crucial role in helping organizations meet these compliance requirements by verifying their systems are resilient against cyber threats.
DDoS Attacks
The number of DDoS attacks grew 150% on a global basis compared to the previous year. More than half of the attacks were aimed at organizations in EMEA
Attacks by Layers
In 2022, 78% of DDoS attacks targeted the application layer of the OSI model, 17% hit the network and transport layers, and 3% targeted DNS.
Primary Targets
End Users, Financial Services, Cloud Services, and Public Services are the targets that are subject to DDoS attacks respectively.
Complexity
DDoS attacks continue to increase in complexity. Attackers typically leverage multiple and dissimilar vectors to increase the impact and make attack mitigation harder.
DDoS Attacks
The number of DDoS attacks grew 150% on a global basis compared to the previous year. More than half of the attacks were aimed at organizations in EMEA
Attacks by Layers
In 2022, 78% of DDoS attacks targeted the application layer of the OSI model, 17% hit the network and transport layers, and 3% targeted DNS.
Primary Targets
End Users, Financial Services, Cloud Services, and Public Services are the targets that are subject to DDoS attacks respectively.
Complexity
DDoS attacks continue to increase in complexity. Attackers typically leverage multiple and dissimilar vectors to increase the impact and make attack mitigation harder.Dedicated To Protect Your Business Against DDoS Attacks
LoDDoS is committed to deliver comprehensive and insightful results that enable businesses to operate smoothly without worrying about potential disruptions caused by cyber threats.
Instant Cloud Access
Direct cloud access by operator in case of network failure.
Attack Auto Time Out
Running attack vectors terminated automatically at the end of duration time and our botnet is able to finish each attack vector without any operator command if a connection issue takes place between CC and LoDDoS Manager system.
LoDDoS Last Knight
LoDDoS is a cloud-based service designed for performing comprehensive DDoS and load testing, providing organizations with a reliable solution for evaluating their systems’ resilience. The platform generates real DDoS attacks against services via real attack parameters. It also evaluates the resilience of internet-enabled web applications against high traffic.
This enables organizations to test the limits and the efficiency of their existing DDoS prevention systems prior to an actual DDoS attack. The tests which are defined on LoDDoS, are conducted with he attendance of an Operator as well as can be initiated with a single action, monitored live, stopped in a controlled manner, repeated as often as needed. Reports can be generated automatically and promptly by the end of each test thus results can be shared with third parties, if requested.
DDoS test sessions in LoDDoS platform can be monitored in real-time by all parties and can be paused at any time in case of an emergency. All tests can be repeated, and the results can be compared. Reports are generated instantly and can be saved for later evaluation.
A high number of requests targeted to web applications can be addressed with the help of LoDDoS’s Load Test feature, thus the limitations of these applications become visible. Load Test paves the way to analyze real situation that creates a considerable amount of load on applications before it occurs.
LoDDoS Autopilot’s Auto Run feature represents a significant advancement in DDoS testing, offering
unparalleled automation, reliability, and flexibility. By automating the initiation, execution, and
reporting of DDoS tests, while also allowing for manual intervention when necessary, it empowers
customers to conduct thorough assessments of their systems with minimal oversight, ensuring that
they can maintain robust defenses against DDoS attacks with maximum efficiency and control.
LoDDoS Autopilot
LoDDoS Autopilot revolutionizes the approach to Distributed Denial of Service (DDoS) testing by enabling fully automated test execution. This cutting-edge feature, known as Auto Run, empowers users to initiate and manage DDoS tests without any need for manual intervention once the project is set up.
By leveraging this automated approach, LoDDoS Autopilot ensures that tests are executed precisely as scheduled, providing customers with a streamlined, efficient, and reliable testing experience.
In practice, DDoS tests are performed to assess the efficiency and the limits of the DDoS prevention products and services in place, to improve these systems and related precautions, as well as to measure and enhance the efficiency and the capabilities of an organization, within the assumption of a DDoS attack. DDoS prevention solutions are not designed to work in a plug-and-play set-up. Hence, prior to taking the necessary safety measures, an organization’s normal and abnormal network traffics, baselines and thresholds must be determined. To identify these crucial elements properly, engineers should test the already-protected services against a real time DDOS attack and should also conduct some research on the current DDoS attack solutions within the market.
As of now, most DDoS tests are being executed manually. The technical and administrative preparation stages of these tests take way too long than usual. Security and IT teams must work concurrently for a considerable amount of time to configure on premise traffic generator systems to conduct DDoS tests. Moreover, the operational aspect of this preliminary work also consumes additional load of time and cost, too. Real-time monitoring of DDoS tests is usually not available during these manual tests, and it takes a significant amount of time to generate reports once the test phase is completed. Even if the test phase is done, predominantly these reports are not re-usable.
.
Boost Your Online Presence Today!
Security. In order to prevent abuse and misuse of LoDDoS provider has to take some precautions before tests.Depending on the type of tests performed, the customer’s target information (FQDN, URL and IP address), attack types, bandwidth must be acquired by LoDDoS provider in order to perform tests effective, safe and secure.The customer must prove the target information which is submitted is belongs to them before tests performed.