About
50
Publications
23,996
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
21
Citations
Publications
Publications (50)
This research paper explores the modern cybersecurity landscape, particularly focusing on the risks associated with SIEM products and SOC services. It underscores the critical issue of insufficient logging practices that compromise an organization's threat detection and response capabilities, thereby increasing the risk of security breaches. The im...
This research paper examines the high risks encountered while using a Security Information and Event Management (SIEM) product or acquiring Security Operations Center (SOC) services. The paper focuses on key challenges such as insufficient logging, the importance of live log retentions, scalability concerns, and the critical aspect of correlation w...
In today's rapidly evolving cyber threat landscape, incident response plays a crucial role in safeguarding organizations against cyber attacks. Live logs, real-time records of system activities, have emerged as essential tools for incident response teams to detect and respond promptly to security incidents. However, archive log search speed is ofte...
A "cloud-agnostic" SIEM (Security Information and Event Management) installation should ideally allow for seamless switching from one cloud provider to another without the loss of data or significant disruptions. In essence, it means that the SIEM solution is not tightly coupled to a specific cloud provider and can work equally well across multiple...
In today's rapidly evolving cyber threat landscape, incident response plays a crucial role in safeguarding organizations against cyber attacks. Live logs, real-time records of system activities, have emerged as essential tools for incident response teams to detect and respond promptly to security incidents. However, archive log search speed is ofte...
Son yıllarda SIEM çözümlerinin canlı logları ne kadar süre saklaması gerektiği ve arşiv logların da ne kadar süre saklaması gerektiği ile ilgili kanun, emir ve standartlar net olarak yayınlandı ve dünyada artık uygulamada [1,2,3,4,5,6,7,8,9]. Bununla birlikte SIEM çözümlerinin korelasyon yetenekleri ile ilgili olan kanun, emir ve standartlar pek bi...
SOC ve SIEM Çözümlerinde Korelasyon yeteneklerinin sınıflandırılması
In today's complex and ever-evolving cybersecurity landscape, organizations face a myriad of sophisticated threats that can cause significant damage if left undetected. Cyber attackers are continuously refining their tactics, techniques, and procedures to evade traditional security measures. As a result, real-time detection and correlation have eme...
In the realm of cybersecurity, threat detection is of utmost importance to protect organizations from potential attacks. SureLog SIEM, led by Dr. Ertuğrul AKBAŞ, leverages SQL streaming and materialized views to enhance the efficiency and effectiveness of threat detection processes. This article explores the benefits and applications of SQL streami...
SIEM, which stands for Security Information and Event Management, is necessary in today’s cybersecurity landscape to help organizations detect and respond to security threats in real-time. Here are some areas where SIEM is necessary:
10 SIEM Scenarios With Very Low False-Positive Rates and Mostly Unique
Although it's not rocket science, try experimenting with the SIEM you use and see how many of the following scenarios you can accomplish
Toplanan logların denetim, yönetmelik ve kanunlar açısından geçerliliğini dört başlık altında değerlendireceğiz: 1. Canlı loglar ve logların arşivde durmasının yetersiz olduğu durumlar 2. Zaman damgası gerekliliği ve kriptografik işlemler veya hash almanın yetersizliği 3. Zaman damgası sunucusu senkronizasyonu 4. Denetim izlerinin bütünlüğünün peri...
Keywords: SANS, MITRE, Government, USA, Canada, Solarwinds, Google, RFP, Regulations, Recommendations
There are many recommendations and regulations mandating long-term hot, online, immediately available, and live logs. From a security point of view, the purpose of a log is to act as a red flag when something bad is happening.
Standart, çok bilinen temel SIEM kuralları dışında örnek senaryolar vermek üzere yapılan bir çalışmadır.
SIEM'den maksimum fayda alabilmek için dikkat edilecek hususlar ve uygulanacak yöntemlerle ilgili ip uçlarını içeren eğitim dokümanı
SureLog leverage automated behavioral profiling to automatically detect anomalies and autonomously define rules on the data, to discover security events that require investigation. Behavior analysis and profiling relies on statistical modeling and data science in SureLog in order to identify patterns of behavior and compare them against other human...
SureLog SIEM is a security platform which differs from many SIEM products. The main difference is; correlation engine which you can develop your own logic with a High-Level Domain-specific Language. There is no restriction in the logic because you can develop your logic in JAVA including Machine learning, statistical methods and artificial intellig...
There are many SIEM solutions available. And some ML or AI modules/tools/Add-ons available on the market. Some of those ML/AI tools available are using pure statistics for outlier detection apart from current hot topic ML, AI algorithms. What is tactical SIEM? if you are spending 80 percent of your time within a SIEM tool doing alert review and ana...
How come SureLog detects things like a failed login from all brands and types of devices. The answer is in the taxonomy it uses.
A taxonomy aids in pattern recognition and also improves the scope and stability of correlation rules. When events from heterogeneous sources are normalized they can be analyzed by a smaller number of correlation rules, w...
The correlation capability is one of the most important features of a SIEM product. The correlation capabilities of SIEM products differ.In order To develop such rules; although developing such rules using a wizard is a distinguishing feature in SIEM products. The required CPU and RAM resources for correlation are important parameters in terms of t...
The correlation systems consist of two parts.
1. Detection
2. Response
The response part is divided in two sub-parts as alarm and taking action.
ANET Surelog SIEM Product developed by ANET software has many advantages in the detection side compared to its rivals.
Maalesef Log Yönetimi ve SIEM aynı şeymiş gibi algılanmaktadır. Hatta SIEM i log yönetiminin bir alt kümesi veya biraz özelleşmiş hali olarak görenler de çoktur. Bu iki görüş de hatalıdır. Hatta maalesef bu iki görüş sahipleri bu görüşleriyle kurumsal güvenlik politikalarına negatif etki yaparlar ve güvenlik politikalarında indirgeyici bir yönetim...
Korelasyon yeteneği bir SIEM ürününün en önemli özelliklerinden biridir. Ürünlerin korelasyon yetenekleri farklılık göstermektedir [1]. Aşağıda ortalama bir korelasyon yeteneğine sahip bir SIEM ürünü ile geliştirilebilecek kurallara örnekleri listelemeye çalıştık. 1. Bir IP den tarama yapıldı ise ve sonrasında aynın IP den başarılı bir bağlantı kur...
Bilgisayar ağlarında kullanılan ağ cihazları olaylar hakkında
kayıt yapma özelliğine sahiptirler. Bu kayıtlar sayesinde ağ
üzerinde güvenlik olaylarının belirlenmesi ve önlem alınması
sağlanmaktadır. Buna Log Analizi denilmektedir.
Log analizi sayesinde sisteme girmeye çalışan kişilerin adres
bilgilerine ulaşılmaktadır. Ayrıca sistem içinde bul...
In this paper, we describe research into the use of baselining for enhancing SIEM Correlation rules. Enterprise grade software has been updated with a capability that identifies anomalous events based on baselines as well as rule based correlation engine, and alerts administrators when such events are identified. To reduce the number of false posit...
Most of available web filters especially parental controls work inline meaning that all outgoing and incoming packets are passed through a filter driver. This approach widely used in parental control applications because they mostly use blacklist, whitelist approach and defense of the applications to bypass the filter easily. Online content filteri...
In this Project we have worked on content filtering and especially parental control solutions. Our focus was localization of the content and the engine and finding an algorithm that has the power of applying all well-known techniques and our new solution white content detection.
In this paper we discuss local area based network security scanner with packet analyzing and a tool for investigating high level network events, Monitoring network activity has been a critical task for administrators. This project attempts to address visualizing and centralizing packet analyzing techniques with local based resources like the owner...
This paper investigates the control of nonlinear systems by neural networks and fuzzy logic. As the control methods, Gaussian neuro-fuzzy variable structure (GNFVS), feedback error learning architecture (FELA) and direct inverse modeling architecture (DIMA) are studied, and their performances are comparatively evaluated on a two degrees of freedom...
This paper investigates the control of nonlinear systems by neural networks. As the control methods, intelligent PD controller is studied and the performances of both classical PD and intelligent PD controller are comparatively evaluated on a two degrees of freedom direct drive robotic manipulator with respect to trajectory tracking performance, co...
This paper will outline a distributed and dynamic fault management system and practice of it. This work shows that proposed platform-independent, distributed and reusable fault management system architecture can be an integral part of the next generation of network management systems. Another feature of the proposed fault management system is being...
This paper will outline a complete system from automatic network model (network topology) generation to escalating events. The core parts of dynamic fault management system will be decomposed and intelligent methodologies both for detecting topology and root cause analysis will be analyzed and practiced. This work shows that proposed platform-indep...