• Home
  • Ertuğrul Akbaş
Ertuğrul Akbaş

Ertuğrul Akbaş
ANET · R&D

Manager

About

50
Publications
23,996
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
21
Citations

Publications

Publications (50)
Article
Full-text available
This research paper explores the modern cybersecurity landscape, particularly focusing on the risks associated with SIEM products and SOC services. It underscores the critical issue of insufficient logging practices that compromise an organization's threat detection and response capabilities, thereby increasing the risk of security breaches. The im...
Article
Full-text available
This research paper examines the high risks encountered while using a Security Information and Event Management (SIEM) product or acquiring Security Operations Center (SOC) services. The paper focuses on key challenges such as insufficient logging, the importance of live log retentions, scalability concerns, and the critical aspect of correlation w...
Article
Full-text available
In today's rapidly evolving cyber threat landscape, incident response plays a crucial role in safeguarding organizations against cyber attacks. Live logs, real-time records of system activities, have emerged as essential tools for incident response teams to detect and respond promptly to security incidents. However, archive log search speed is ofte...
Technical Report
Full-text available
A "cloud-agnostic" SIEM (Security Information and Event Management) installation should ideally allow for seamless switching from one cloud provider to another without the loss of data or significant disruptions. In essence, it means that the SIEM solution is not tightly coupled to a specific cloud provider and can work equally well across multiple...
Conference Paper
Full-text available
In today's rapidly evolving cyber threat landscape, incident response plays a crucial role in safeguarding organizations against cyber attacks. Live logs, real-time records of system activities, have emerged as essential tools for incident response teams to detect and respond promptly to security incidents. However, archive log search speed is ofte...
Preprint
Full-text available
Son yıllarda SIEM çözümlerinin canlı logları ne kadar süre saklaması gerektiği ve arşiv logların da ne kadar süre saklaması gerektiği ile ilgili kanun, emir ve standartlar net olarak yayınlandı ve dünyada artık uygulamada [1,2,3,4,5,6,7,8,9]. Bununla birlikte SIEM çözümlerinin korelasyon yetenekleri ile ilgili olan kanun, emir ve standartlar pek bi...
Preprint
Full-text available
SOC ve SIEM Çözümlerinde Korelasyon yeteneklerinin sınıflandırılması
Preprint
Full-text available
In today's complex and ever-evolving cybersecurity landscape, organizations face a myriad of sophisticated threats that can cause significant damage if left undetected. Cyber attackers are continuously refining their tactics, techniques, and procedures to evade traditional security measures. As a result, real-time detection and correlation have eme...
Research
Full-text available
Extraordinary SOC SIEM Use Cases
Technical Report
Full-text available
In the realm of cybersecurity, threat detection is of utmost importance to protect organizations from potential attacks. SureLog SIEM, led by Dr. Ertuğrul AKBAŞ, leverages SQL streaming and materialized views to enhance the efficiency and effectiveness of threat detection processes. This article explores the benefits and applications of SQL streami...
Technical Report
Full-text available
SIEM, which stands for Security Information and Event Management, is necessary in today’s cybersecurity landscape to help organizations detect and respond to security threats in real-time. Here are some areas where SIEM is necessary:
Technical Report
Full-text available
10 SIEM Scenarios With Very Low False-Positive Rates and Mostly Unique
Technical Report
Full-text available
Although it's not rocket science, try experimenting with the SIEM you use and see how many of the following scenarios you can accomplish
Research Proposal
Full-text available
Toplanan logların denetim, yönetmelik ve kanunlar açısından geçerliliğini dört başlık altında değerlendireceğiz: 1. Canlı loglar ve logların arşivde durmasının yetersiz olduğu durumlar 2. Zaman damgası gerekliliği ve kriptografik işlemler veya hash almanın yetersizliği 3. Zaman damgası sunucusu senkronizasyonu 4. Denetim izlerinin bütünlüğünün peri...
Technical Report
Keywords: SANS, MITRE, Government, USA, Canada, Solarwinds, Google, RFP, Regulations, Recommendations There are many recommendations and regulations mandating long-term hot, online, immediately available, and live logs. From a security point of view, the purpose of a log is to act as a red flag when something bad is happening.
Presentation
Full-text available
Standart, çok bilinen temel SIEM kuralları dışında örnek senaryolar vermek üzere yapılan bir çalışmadır.
Presentation
Full-text available
SIEM'den maksimum fayda alabilmek için dikkat edilecek hususlar ve uygulanacak yöntemlerle ilgili ip uçlarını içeren eğitim dokümanı
Research Proposal
Full-text available
SureLog leverage automated behavioral profiling to automatically detect anomalies and autonomously define rules on the data, to discover security events that require investigation. Behavior analysis and profiling relies on statistical modeling and data science in SureLog in order to identify patterns of behavior and compare them against other human...
Technical Report
Full-text available
SureLog SIEM is a security platform which differs from many SIEM products. The main difference is; correlation engine which you can develop your own logic with a High-Level Domain-specific Language. There is no restriction in the logic because you can develop your logic in JAVA including Machine learning, statistical methods and artificial intellig...
Technical Report
Full-text available
There are many SIEM solutions available. And some ML or AI modules/tools/Add-ons available on the market. Some of those ML/AI tools available are using pure statistics for outlier detection apart from current hot topic ML, AI algorithms. What is tactical SIEM? if you are spending 80 percent of your time within a SIEM tool doing alert review and ana...
Technical Report
Full-text available
How come SureLog detects things like a failed login from all brands and types of devices. The answer is in the taxonomy it uses. A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, w...
Presentation
Full-text available
The correlation capability is one of the most important features of a SIEM product. The correlation capabilities of SIEM products differ.In order To develop such rules; although developing such rules using a wizard is a distinguishing feature in SIEM products. The required CPU and RAM resources for correlation are important parameters in terms of t...
Article
Full-text available
The correlation systems consist of two parts. 1. Detection 2. Response The response part is divided in two sub-parts as alarm and taking action. ANET Surelog SIEM Product developed by ANET software has many advantages in the detection side compared to its rivals.
Technical Report
Full-text available
The Comparison of SIEM Products
Technical Report
Full-text available
Maalesef Log Yönetimi ve SIEM aynı şeymiş gibi algılanmaktadır. Hatta SIEM i log yönetiminin bir alt kümesi veya biraz özelleşmiş hali olarak görenler de çoktur. Bu iki görüş de hatalıdır. Hatta maalesef bu iki görüş sahipleri bu görüşleriyle kurumsal güvenlik politikalarına negatif etki yaparlar ve güvenlik politikalarında indirgeyici bir yönetim...
Technical Report
Full-text available
Korelasyon yeteneği bir SIEM ürününün en önemli özelliklerinden biridir. Ürünlerin korelasyon yetenekleri farklılık göstermektedir [1]. Aşağıda ortalama bir korelasyon yeteneğine sahip bir SIEM ürünü ile geliştirilebilecek kurallara örnekleri listelemeye çalıştık. 1. Bir IP den tarama yapıldı ise ve sonrasında aynın IP den başarılı bir bağlantı kur...
Technical Report
Full-text available
Bilgisayar ağlarında kullanılan ağ cihazları olaylar hakkında kayıt yapma özelliğine sahiptirler. Bu kayıtlar sayesinde ağ üzerinde güvenlik olaylarının belirlenmesi ve önlem alınması sağlanmaktadır. Buna Log Analizi denilmektedir. Log analizi sayesinde sisteme girmeye çalışan kişilerin adres bilgilerine ulaşılmaktadır. Ayrıca sistem içinde bul...
Conference Paper
Full-text available
In this paper, we describe research into the use of baselining for enhancing SIEM Correlation rules. Enterprise grade software has been updated with a capability that identifies anomalous events based on baselines as well as rule based correlation engine, and alerts administrators when such events are identified. To reduce the number of false posit...
Conference Paper
Most of available web filters especially parental controls work inline meaning that all outgoing and incoming packets are passed through a filter driver. This approach widely used in parental control applications because they mostly use blacklist, whitelist approach and defense of the applications to bypass the filter easily. Online content filteri...
Conference Paper
Full-text available
In this Project we have worked on content filtering and especially parental control solutions. Our focus was localization of the content and the engine and finding an algorithm that has the power of applying all well-known techniques and our new solution white content detection.
Conference Paper
Full-text available
In this paper we discuss local area based network security scanner with packet analyzing and a tool for investigating high level network events, Monitoring network activity has been a critical task for administrators. This project attempts to address visualizing and centralizing packet analyzing techniques with local based resources like the owner...
Article
This paper investigates the control of nonlinear systems by neural networks and fuzzy logic. As the control methods, Gaussian neuro-fuzzy variable structure (GNFVS), feedback error learning architecture (FELA) and direct inverse modeling architecture (DIMA) are studied, and their performances are comparatively evaluated on a two degrees of freedom...
Conference Paper
This paper investigates the control of nonlinear systems by neural networks. As the control methods, intelligent PD controller is studied and the performances of both classical PD and intelligent PD controller are comparatively evaluated on a two degrees of freedom direct drive robotic manipulator with respect to trajectory tracking performance, co...
Conference Paper
This paper will outline a distributed and dynamic fault management system and practice of it. This work shows that proposed platform-independent, distributed and reusable fault management system architecture can be an integral part of the next generation of network management systems. Another feature of the proposed fault management system is being...
Article
Full-text available
This paper will outline a complete system from automatic network model (network topology) generation to escalating events. The core parts of dynamic fault management system will be decomposed and intelligent methodologies both for detecting topology and root cause analysis will be analyzed and practiced. This work shows that proposed platform-indep...

Network

Cited By