Skip to content

GREYCORTEX Mendel as a Part of Your XDR System

In the world of cybersecurity, the term XDR has recently gained significant popularity, offering comprehensive protection, including real-time detection of security threats and a quick response to them. An XDR system can either be delivered by a single vendor or through third-party integrations from multiple vendors.

Let’s explore what NDR solutions like GREYCORTEX Mendel bring to XDR platforms.

EDR Was Only the Beginning… Prepare for XDR

The core of an XDR (extended detection and response) platform is an EDR (endpoint detection and response) solution, which is additionally enriched with data from siloed security tools. This boosts visibility into your infrastructure and streamlines threat hunting.

An XDR system can aggregate data from various sources, including NDR (network detection and response) solutions like GREYCORTEX Mendel, firewalls, company email, cloud services, and mobile devices. By incorporating data from Mendel or a firewall, XDR can effortlessly correlate data and detect malicious traffic flows between the firewall and compromised devices, or identify which application is causing bandwidth overloads in your office network.

Maximize Visibility

The IT environment has never been as complex as it is nowadays, with the interconnection of networks, communication tools, mobile devices, cloud services, and much more. Protecting such an environment demands a sophisticated detection and response system like XDR.

GREYCORTEX Mendel alone provides visibility into both IT and OT networks. However, with its native integration with EDR solutions, firewalls, and other security tools, you can achieve unparalleled visibility of your organization’s network.

Prioritize Critical Issues

An XDR platform prioritizes security events and vulnerable configurations, providing crucial information for further investigation. By understanding the scope and root cause of these issues, you can concentrate your efforts on the most critical problems and reduce the time required to respond.

NDR: A Powerful Component of XDR

NDR solutions diligently monitor your network traffic, identifying suspicious and malicious activities that might otherwise go unnoticed. Moreover, they detect anomalies and unusual traffic patterns originating from outdated systems and IoT devices. These solutions uncover rogue assets, insider threats, zero-day attacks, as well as malicious user and device activities.

Mendel sends data and alerts to your XDR platform as well as your security teams, as it does for SIEM or SOAR systems. Additionally, it exports and processes data from third-party security tools, including EDR and firewalls.

Read also: Why GREYCORTEX Mendel Is the Essential Member of Your Network Security Product Family

Implementing New Technology: 6 Cybersecurity Tips You Should Know

Worried about the increasing threat of cybercrime to your business and its repercussions? Consider these six tips to make your business more secure from these common risks.

In This Article:

  • Keep Software Up-To-Date
  • Leverage A Password Manager
  • Don’t Sleep On Your Network Security
  • Use A VPN
  • Create & Communicate A Solid Mobile Phone Policy
  • Train Your Employees On Cybersecurity

Cybercrime is one of the fastest-growing crimes worldwide and continues to affect businesses across all industries.

Here’s an alarming fact: 10% of the companies experience one or more successful cyber attacks yearly, with $188,400 in losses on average.

Staying protected from cyberattacks is challenging, as cybercriminals constantly seek new ways to exploit security vulnerabilities.

You must allocate budgets and resources to mitigate known risks. And that particularly includes cybercrime.

You must know the latest cybersecurity tips and best practices to prevent your company or firm from becoming a headline due to a security breach.

In this article, we’ll share six super-actionable tips you need to leverage in your organization.

1. Keep Software Up-To-Date

As users, we often download and install software without much thought. But to reduce the risk of security breaches, only keep the software you actively use on your device and uninstall any unused software.

Before installing new software, consider the permissions that the application requests. These include access to personal information, camera, location, or address book.

Also, read the licensing agreement and understand what you agree to. Decline third-party cookies to prevent your browsing data from being sold to third parties.

After installing software, keep it up to date for security reasons. Hackers often exploit vulnerabilities in outdated software, and software providers release patches to fix these vulnerabilities. Apply these patches promptly to prevent such security breaches.

Using outdated software puts your data at risk of being hacked. The same was the case with Equifax’s famous data breach. That happened because they had not updated a known vulnerable software.

While IT organizations may push patches for enterprise applications, be sure that the software on your devices is up-to-date with security patches.

2. Leverage A Password Manager

It’s nearly impossible to keep up with and remember all the passwords for the various accounts you have to create online.

That can be a massive risk to your online security, as it’s the same as having a single key to all your locks. If someone gets access to that one key, all your valuables will be at risk.

Password managers have recently become a popular recommendation for better security hygiene. Security experts suggest using password managers to combat password retention, reuse, and weak passwords.

A password manager retrieves, generates, and stores random passwords whenever you create a new account with a single ​master key” password.

The generated passwords are stored in a password vault. The autofill option fills in your username and password without you having to look at the password in clear text.

A password manager will also store other vital information, including credit card numbers, CVVs, and social security numbers. You only have to memorize one strong master password to access all the other passwords stored within the vault. This eliminates the need for password fatigue and reduces the risk of weak or reused passwords.

You should be clear as long as you use brand-name password managers like Dashlane, One Password, KeePass or Bitwarden. Just remember to create a solid master password.

3. Don’t Sleep On Your Network Security

Focus on your network security to protect the data within a computer network from cyberattacks. It involves taking multiple steps to ensure the network is secure and trustworthy.

A network involves interconnected devices, including computers, servers, and wireless networks, which attackers can target.

Networks are becoming more complex as organizations rely more on their networks and data to conduct business. Security must also evolve to combat evolving threat actors and new attack methods.

The network’s visibility needs to be on point to mitigate this risk. Improving network visibility is critical to closely monitoring network traffic for malicious activities and potential threats.

Identify unauthorized access to the network and enable security measures to respond quickly with improved network visibility. You will also detect malware concealed within encrypted network traffic.

If you use SSL/TLS to secure your communications, you must identify and address any potential threats lurking within encrypted traffic.

All of that you can have with an NDR tool such as GREYCORTEX Mendel that offers deep visibility into your network and the detection of both known and unknown threats. With its real-time network visualization capabilities, it allows you to see every network device, its communication partners, data transmission amounts, protocols used, metadata, and more.

Mendel goes beyond mere visualization by offering advanced filtering options that can be used to investigate the network activity of every device in depth. By combining over 25 parameters and using logic operators, Mendel allows you to efficiently perform root cause analysis, threat hunting, and network troubleshooting tasks.

4. Use A VPN

Virtual Private Networks (VPNs) provide two key aspects: privacy and security. A VPN offers tunneled communication between your local network and an exit node in a different location.

You’ll appear to be connecting from a different location thousands of miles away from where you actually are. This is the privacy aspect of a VPN. Also, when you use a VPN, this data tunnel is encrypted.

Use a VPN for added security when using any public Wi-Fi. Why? It allows encrypted communication between the public router and the service you are connected to or trying to reach.

Your sensitive business information is a sitting duck for many types of cyberattacks if you don’t use a VPN on a public network. 

An example of a network attack could be sniffing data, meaning an attacker could intercept communication between you and the router or service you are communicating with. 

Use a paid VPN, as you never know what a free VPN service provider is doing behind the scenes. We recommend NordVPN or Surfshark, as both offer very competitive rates, are secure and safe, and have a no-logging policy.

5. Create & Communicate A Solid Mobile Phone Policy

Employees often use personal mobile devices for work-related purposes. However, you must establish clear policies and controls to secure sensitive information.

Cybercriminals are increasingly targeting mobile phones as a potential entry point to company systems, making mobile security policies all the more critical.

Implement mobile security policies for best practices among employees who rely on mobile devices to securely access and handle corporate data.

Here are some important points to consider when implementing a mobile phone security policy:

  • Device management: Establish guidelines for device management that include identifying authorized users, device enrollment and provisioning, and device deprovisioning.
  • Password policies: Establish password policies that require strong passwords, regular password changes, and a policy of not using the same password across multiple accounts.
  • Encryption: All mobile devices that connect to your organization’s network should have encryption capabilities to protect sensitive data.
  • Application management: Set guidelines for application management that include identifying authorized applications and prohibiting the installation of unauthorized applications.
  • Employee training: Provide regular training on mobile phone security policies, procedures, and best practices to reduce the risk of security breaches.

6. Train Your Employees On Cybersecurity

Most security breaches involve human error or picked-up habits. This can include clicking on suspicious links, ignoring security alerts, delaying software updates, syncing sensitive data to unsecured devices, and more.

To combat these issues, follow up on employee training with simulated attacks to test their knowledge and help them develop better security habits.

Here are some best practices to train your employees on cybersecurity:

  • Implement policies to protect sensitive data: Create formal policies and share them with all employees.
  • Teach employees about cyber threats & accountability: Employees must understand the severe nature of cyber threats and know they will be held accountable for violating protection policies.
  • Require backup of all critical data: The company data should be kept safe and backed up in case of any disaster.
  • Only allow authorized individuals to use your devices: Ensure company-issued devices are only used by authorized employees, and stress the importance of obtaining authorization before using any device.
  • Create web content securely: Authorized individuals should be the only ones updating company websites and know how to do so securely to avoid backdoors for cybercriminals to exploit.
  • Prohibit unauthorized software: Remind employees that unauthorized software should not be allowed on corporate devices.
  • Train on proper email use: Educate employees on spam and phishing, and teach them how to identify illegitimate emails.

Wrapping Up

It’s only natural to have your focus set on growing your company and achieving success. But cybersecurity should never be neglected. Protect your business and the valuable assets you’ve worked hard to build.

Seek help from experts in the field to confidently navigate the digital landscape without sacrificing your attention to growing your company.

Prioritize cybersecurity and take the necessary steps to protect your business. Invest in your own success, leverage these tips, and inspire your employees to follow in your footsteps and set your mind free from all the worries involving cybersecurity.

Visibility – an Essential Part of Cybersecurity

Visibility is key to protecting our networks. But what exactly is visibility and why is it important?

Visibility means having a clear understanding of what’s happening in your network at all times. That means you can continuously verify what you see in your policies and best practices, immediately catching configuration issues, vulnerabilities, irregularities in security protocols, and user behavior. You also gain knowledge in the area of network performance and services as well as their availability.

By having visibility, you can act preventively, and systematically strengthen your network’s resilience to intrusions and reduce the room for maneuver for potential attackers. It also allows you to observe traffic in all relevant locations and network segments, whether on local networks, servers, or in the cloud.

So, how can you achieve perfect visibility?

One tool that can help is GREYCORTEX Mendel, which provides real-time monitoring and visualization of all communication in your network. It builds a mathematical model of your network and helps you determine what devices are communicating with each other, when, and how much data they’re sending and receiving. In Mendel, you can read details about used protocols for communication, including analysis of application data, or user identities. This provides detailed context and additional information about security events and threats.

Visibility is also crucial for managing any OT/SCADA network.

An up-to-date and accurate knowledge of what elements are involved in these communications, and what appears or disappears in them is invaluable, if only from an operational point of view. On top of that, GREYCORTEX Mendel understands OT/SCADA protocols, which brings visibility to critical control parameters such as temperature, RPM, voltage, or any other relevant factor in the data transmitted over the network. This adds more visibility into the processes in operation and provides an additional opportunity for the prevention of and response to abnormal events.

It does not stop here. GREYCORTEX Mendel goes a step further in this visualization. Thanks to advanced filtering, combining a number of parameters and using local operators, you can examine each device and its communication also to the smallest details as well as in the history. That makes root cause analysis, threat hunting, and network troubleshooting simple. This has also been confirmed by SOC teams that found Mendel an invaluable tool for post-hack analysis and prevention activities.

In short, visibility is an essential part of cybersecurity, and tools like GREYCORTEX Mendel can help you achieve it. By clearly understanding what’s happening on your network at all times, you can take preventive measures to strengthen your network’s resilience and protect against potential attacks.

Protecting Industrial Networks: Analyzing a Cyber Attack on a Factory

The integration of IT and OT networks has brought significant benefits to industrial processes, including increased efficiency, real-time data access, and improved decision-making. However, this integration also brings serious security challenges that could threaten equipment availability and the integrity of factory data. Manufacturers rely on data to make critical business decisions, which can cause production delays, equipment failures, and even safety hazards if the data is compromised.

This blog post reviews and analyzes a potential cyber attack on a production factory and demonstrates how it could be detected using GREYCORTEX Mendel. It serves as an example of how network detection and response solutions can effectively protect against massive cyber attacks.

Traditional security approaches, such as air-gapping or DMZ, are no longer effective in protecting OT networks. Although existing security solutions are attempting to close the gap between IT and OT infrastructures, unfortunately, it is highly problematic to achieve. Industrial equipment is more outdated as its lifecycle is much longer than that of IT devices (which, in some cases, can be 20 years or more). Furthermore, IT professionals are responsible for network security in both IT and OT, whereas OT professionals are more concerned with maintaining smooth operations and data integrity than cybersecurity. And the lastly, IT and OT professionals have difficulty communicating and understanding each other due to the use of different terminologies, technologies, and educational orientations.

About the Factory

For this scenario, we will imagine that GREYCORTEX Mendel has been installed in a bakery consisting of three separate locations: the main office building, the storage and production building, and the packaging and logistics building. Although separate, the IT and OT networks of these locations are interconnected.

Attack Description

The cyber attack took place over the weekend. The attackers, who may have been amateurs, cybercriminals, or hackers hired by a competitor, were able to connect to a device that had an outdated operating system on the private office network via public Wi-Fi. Using the infected device, they launched a network scan and discovered production machines in remote facilities. The attackers gained control over the oven and packing line and made changes to their configuration.

Detection in GREYCORTEX Mendel

The first thing that IT or OT specialists would see in GREYCORTEX Mendel is a representation of the industry standard MITRE ATT&CK® Security Framework. It is a dashboard designed to be a connection point for IT and OT specialists as it uses terminology that is understandable for both sides. Here, they can detect security alerts concerning industrial equipment.

By going to the event section in Mendel, the analysts can filter all events related to the OT network and this cyberattack. Here, they detect that the attacks were able to infiltrate the internal network and, upon scanning, discover both IT and OT infrastructures. The cybercriminals found devices that were open and could be used to initiate a connection.

Security Alert: Temperature Change in the Oven

The attackers tested their ability to make changes to the machine settings. They connected to a device controlling the oven and altered the temperature.

Continuing in the incident investigation, the analysts observe that Mendel detected the change in the oven temperature. Upon analyzing this event, they discover that there was a connection from the engineering workstation from the IT network to a machine in the Storage and Preparation network over the MODBUS protocol. In the application layer, they detect that the attackers set a high temperature, which could result in the cookies coming out burnt.

Security Alert: Change in Packaging Settings

Similar to the oven, the attackers in this example attempted to connect to the packaging line and change its configuration.

Mendel also detected that the cybercriminals changed the default number of pieces per package. They connected to a system within the Packaging and Logistics network via the MODBUS protocol, and upon analyzing the application layer, it was discovered that only eight pieces would be placed in one box instead of the usual ten.

Mendel alerted the analysts to these changes because the default values for the oven were set to 200 degrees Celsius and ten pieces for a single package. Thus, Mendel is capable of detecting any changes that occur in the OT network.

Empower Your IT and OT Security

Industrial networks need to operate continuously without unscheduled interruption, making security a secondary concern. However, failing to secure industrial networks can lead to devastating consequences, including production downtime, equipment damage, and even physical harm. The reason why cyber attacks can happen in the first place is that OT protocols are not designed with security in mind, making them vulnerable to cyberattacks.

We have described just two examples of what potential attackers could do, but they could take multiple actions, such as infiltrating the system and testing their abilities to make minor changes in the configuration. Such changes may be unnoticeable for analysts and OT professionals. The attackers could then wait until the right moment, such as the launch of a new product, to cause significant damage.

Thanks to the ICS module, the advanced industrial intrusion detection system (IDS), GREYCORTEX Mendel is able to detect such an attack. Mendel alerts manufacturers to potential security threats in the early stages, providing valuable time to prevent attacks. To narrow the gap between IT and OT worlds, the detection dashboard based on the MITRE ATT&CK® framework was created, which uses unified terminology understandable for both IT and OT professionals.

GREYCORTEX Mendel 4.1 Introduces a New User Interface

[May 31, 2023] — GREYCORTEX, a leading provider of network detection and response solutions, is pleased to announce the release of GREYCORTEX Mendel 4.1, featuring an all-new visually appealing interface that enhances the user experience. 
With a strong focus on usability, GREYCORTEX Mendel 4.1 introduces a cleaner and more modern look, offering users an intuitive environment. The new user interface has been meticulously designed to reduce visual complexity and provide seamless access to essential data, enabling users to effortlessly navigate through the system.

We understand the importance of simplicity in user interfaces,” said Radek Hloušek, Product Manager at GREYCORTEX. ​Our goal with GREYCORTEX Mendel 4.1 was to create an interface that not only looks great but also enhances the overall user experience. We wanted to make complex functionality accessible and intuitive for our users, allowing them to focus on what matters most – detecting and mitigating cyber threats.

One of the standout features of the new Mendel UI is the availability of light and dark themes, providing users with the flexibility to choose a visual style that suits their preference and working environment. Whether it’s a bright and vibrant theme or a sleek and sophisticated dark mode, GREYCORTEX Mendel 4.1 offers a personalized experience to cater to diverse user needs.

Additionally, the new version brings integration with endpoint detection and response platforms and software-defined networking solutions to enable extended detection and response capabilities. Moreover, advanced filtering helps power users extract the precise information they are looking for. For OT customers, BACnet protocol processing offers visibility into building management systems.

GREYCORTEX Mendel 4.1 represents the company’s commitment to continuously innovating and improving its offerings, ensuring customers have access to cutting-edge solutions that enhance their cybersecurity.

More about GREYCORTEX Mendel 4.1.

How to Secure Building Management Systems

As infrastructure modernizes, building management systems (BMS) are becoming increasingly sophisticated. They provide automation, control and management of the physical environment of buildings, and to operate reliably, you need to ensure their security. This can be crucial in some buildings, such as hospitals. What can you do to make buildings safer?

An Introduction to BMS

BMS stands for Building Management System. It is a computer-based system that controls and monitors a building’s mechanical and electrical equipment, such as heating, ventilation, and air conditioning (HVAC), lighting, and other building systems. There are several common BMSs used in buildings today, each with their own specific features and capabilities, these include:
  • Siemens Desigo
  • Johnson Controls Metasys
  • Honeywell WEBs
  • Schneider Electric Andover Continuum
  • Trane Tracer
  • Delta Controls
There are many more systems and the choice of BMS depends on the specific requirements of the building and the needs of the building owner or operator. However, they have one thing in common – the BACnet protocol is frequently used between these systems and HVAC-endpoints.

BACnet Protocol: Essential for Building Management Systems Security

The Building Automation and Control Network (BACnet) protocol is a communication protocol that is widely used in building automation and control systems for HVAC, lighting, and other building systems. BACnet was designed to provide a standard way for different building systems to communicate and share data, and is now used in thousands of buildings worldwide. One of the key features of BACnet is its support for security. BACnet includes several security features to protect against unauthorized access, tampering, and other types of attacks. These features include:
  • Authentication: BACnet supports the use of passwords and other forms of authentication to ensure that only authorized users can access the building automation and control systems.
  • Encryption: BACnet supports the use of encryption to protect the confidentiality and integrity of data as it is transmitted between different devices and systems.
  • Access control: BACnet includes features to restrict access to specific objects and properties within the building automation and control systems. This allows building operators to control who can access and control different systems within the building.
  • Auditing: BACnet includes the capability to record and log all access to the building automation and control systems. This allows building operators to detect and investigate any unauthorized access or tampering.
Despite these security features, the BACnet protocol has some security weaknesses. For example, some security experts have raised concerns about the use of static passwords for authentication, which can be easily guessed or cracked by attackers. Additionally, BACnet does not include support for security certificates or other forms of digital authentication, which can make it more difficult to ensure that devices are communicating with the correct systems. Another concern with BACnet security is that its security feature is not widely implemented. Many building automation and control systems using BACnet do not have security features enabled or are configured in an insecure way. This leaves them vulnerable to attacks and can make it easy for unauthorized users to gain access to sensitive systems and data.
BACnet is a communication protocol that is widely used in building automation and control systems, and provides several security features to protect against unauthorized access and tampering. However, there are some concerns about the security of the protocol, particularly regarding the use of static passwords and the lack of wide implementation of security features. It is important for building operators to be aware of these security risks and to take steps to secure their building automation and control systems, such as regularly changing passwords, enabling encryption, and monitoring for suspicious activities.

Risk Mitigation in BMS Security

One of the most important aspects of risk mitigation is the visualization of the flows from and to a BMS, whether it is executed via BACnet or a different OT-protocol. This allows a user to optimize their network configuration, mitigating the risks of:
  • Static passwords
  • Lack of certificates
  • Disabled security features on various BACnet-enabled assets
One tool you can use for the flow visualization is GREYCORTEX Mendel, which has protocol parsers and BMS-asset identification built into its core.

GREYCORTEX Mendel 4.0 Now Available

December 15, 2022 – We have released a new version of GREYCORTEX Mendel. Version brings a new view of security and risks that individual subnets and hosts bring, advanced NetFlow processing and integration with other tools and security platforms.

The new version is already available for new installations and will also be gradually released on December 19 for an online upgrade.

More about GREYCORTEX Mendel 4.0

GREYCORTEX Mendel 3.9.1. Now Available

September 20, 2022 – We have released GREYCORTEX Mendel 3.9.1 which brings minor improvements and bug fixes.


Event visibility level store its configuration on the user level (keep the last state before logout)

Improved performance and reliability for Failsafe mode

Improved subnet filtering by substring search in filter

Fixed issues with

  • Performance in the network capture module
  • Invalid license during Sensor&Collector upgrade
  • Default firewall configuration for an asset discovery tool
  • Checkpoint firewall rule policies
  • Detecting TOR traffic by IDS signatures
  • Resizing LVM storage on AWS
  • Two or more DNS servers on the management interface
  • Empty subnet graph for subnets filtered by tag(s)
  • User permissions
  • SSL configuration for Fortigate firewall plugin
  • Invalid CSV header in subnet import
  • Malformed input for network parsers

GREYCORTEX Mendel 3.9 Now Available

June 20, 2022 – We have released a new version of GREYCORTEX Mendel. Version 3.9 is more interactive, safer and allows even deeper data analysis than ever before. We have increased the interoperability of Mendel with other tools and extended the hardware support.

More about GREYCORTEX Mendel 3.9

GREYCORTEX Mendel 3.8 Now Available

We have released a new version of GREYCORTEX Mendel

You will now have even deeper insight into your IT and OT networks thanks to the customizability and versatility of GREYCORTEX Mendel 3.8.

GREYCORTEX Mendel 3.8 Features List

Dynamic monitoring of IT and OT network

Visualize your network assets in a broader context

We bring broader and clearer insights into your network with new automated or manual classification of devices and subnets into logical parts according to given criteria.
You are also able to create and assign a tag for all network assets including enhanced information. You can classify or process the tagged devices and subnetworks using other logical operations.
With individual tags, it is possible for you to monitor any changes that occur on your devices. This gives you an overview of the network in a broader context.

Better overview of network security

Keep your network security under control

Mendel interprets all events captured in your network with more clarity thanks to the MITRE ATT&CK® framework.
Events in the network are classified according to:
 —  MITRE ATT&CK® tactics and techniques
 —  Proofpoint rules
 —  Top events – you can see the most relevant events at the top

Wider options for network data retrieval

Choose your own view of your data

GREYCORTEX Mendel 3.8 is capable of deeper and more advanced data analysis than ever before. 
Thanks to the redesigned analysis module, you can  define any view over your processed and stored data using attributes, metrics and other variables.

Easier deployment of GREYCORTEX Mendel 

See all your subnets straight after deployment

Immediately after deploying GREYCORTEX Mendel 3.8 to your network, Mendel starts the process of finding and classifying all subnets by itself.
Thanks to this categorization at this early stage of deployment, you can orientate in the network quickly and clearly. 
A hidden subnet could be a potential threat to your entire network. Now you can avoid the danger using this new enhancement.

Asset Discovery

Do you know what is hiding in your OT/ICS network?

Search for information about the OT devices in your network proactively. GREYCORTEX Mendel supports many OT protocols, giving you the ability to see all devices in your network and also find detailed information about them. You will get such details as manufacturer, serial number, the last revision date of hardware or software, and much more.