GREYCORTEX JOINS ESET TECHNOLOGY ALLIANCE

Excellent news from Brno!

GREYCORTEX is proud to announce that we have been named as part of the ESET Technology Alliance. In addition to complimenting ESET’s existing endpoint security solutions – by addressing traffic within the network, this relationship means that GREYCORTEX MENDEL is now available through all ESET partners, worldwide. You can read our full press release below:

GREYCORTEX Joins ESET Technology Alliance

Brno, Czech Republic – GREYCORTEX, advanced network security solutions provider, is happy to announce that it has been named as a part of the ESET Technology Alliance which provides holistic protection against advanced cyber threats. Launched in 2013, the ESET Technology Alliance is an integration partnership that aims to better protect businesses by offering a range of complementary IT security solutions. All members of the ESET Technology Alliance are carefully vetted against a set of established criteria to extend “best-in-class” business protection across IT environments.

Through the ESET Technology Alliance partnership, MENDEL, GREYCORTEX’s network traffic analysis solution, is now available to enterprise customers through all ESET partners. MENDEL uses advanced artificial intelligence, machine learning, and data analysis to detect threats to enterprise, government, and critical infrastructure networks that other network security solutions miss. It is able to offer rapid detection and response to network security teams, but also gives them the security to know that they can efficiently monitor network performance and visualize the entire network up to, and including the application layer.

Providing effective network security is continually evolving. Security analysts need to be able to identify not just threats like viruses, but also advanced persistent threats like malware, RATs, Trojans, and Zero-day attacks. Analysts also need to know that they have full network visibility on every device and application in the network. MENDEL provides complete network visibility and detailed insight into application and network performance, so that security teams can identify threats before they do damage,” said Petr Chaloupka, CEO, GREYCORTEX.

GREYCORTEX compliments ESET’s existing endpoint security solutions, by addressing traffic within the network. “There are never enough layers of security for one’s network infrastructure,” said Jeronimo Varela, Director of Global Sales at ESET. “The GREYCORTEX solution provides an analysis of any behavioral anomalies that may go unnoticed. Moreover, the solution is easily integrated into the infrastructure of businesses of any size and can work not only as a detection or monitoring tool, but also to provide visibility into the  functionality of additional security components.”

For more details about GREYCORTEX’s solution MENDEL, please click here.
More information about the ESET Technology Alliance can be found here.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

WE ARE CESA AWARDS NATIONAL FINALISTS IN 3 CATEGORIES

For the second year in a row, GREYCORTEX has been nominated as a National Finalist at the Central European Startup Awards (CESA) – http://centraleuropeanstartupawards.com. The awards select the best startups from across 10 Central European countries, with the winners qualifying to go forward to the Global Startup Awards.
Last year, GREYCORTEX won Best Early Stage Startup, given in Ljubljana, Slovenia. This year, GREYCORTEX is nominated in three categories:

  • Startup of the Year
  • Best AI Startup
  • Best Newcomer

The Czech winners will be announced at the Czech National Finale on September 25th in Prague. Public voting GREYCORTEX in these three categories is currently open, and may be found here: http://centraleuropeanstartupawards.com/vote

GREYCORTEX PROTECTS AGAINST WANNACRY

GREYCORTEX is happy to report that MENDEL, our network traffic analysis solution, affirmatively detects infection by the WannaCry ransomware, its possible variants/clones, and protects users more effectively than rule-based detection tools alone.

Because GREYCORTEX MENDEL uses advanced artificial intelligence, machine learning, and data analysis to identify network anomalies, it easily identifies threats like WannaCry, allowing network security teams to take rapid action and stop threats before they do damage.

In the case of WannaCry, GREYCORTEX tested the ransomware in our malware lab. It was found to engage in aggressive and anomalous practices, like port-scanning behavior on an SMB port (445), attempting to connect to over 4000 devices in 175 countries across the Internet in five minutes, and downloading TOR network software. All of these behaviors were identified by MENDEL’s advanced network behavior analysis.

MENDEL users are better protected from malware like WannaCry and its variants/clones than users of firewall, IDS, or other rule-based security solutions alone. Rule-based security solutions require a known malware signature in order to create a rule. This means an attack must happen before the signature of the attack can be added as a rule. MENDEL doesn’t need a signature to identify the attack. It’s network behavior analysis features detect the attack’s symptoms before it harms the network. This means security teams have the peace of mind to know that should an attack happen, they will see it, and be able to stop it before it does damage.

If you are concerned about malware attacks, either from WannaCry or from other ransomware or malware, you may benefit from a 30 day Proof of Concept (PoC) from GREYCORTEX. During the PoC, MENDEL automatically learns your network to identify threats which may exist, including ransomware which is lying dormant in your network, or unpatched applications, which may leave you vulnerable. Do not hesitate to contact your network security professional, or GREYCORTEX  directly to arrange a PoC.

GREYCORTEX IN CYBER DEFENSE MAGAZINE

Martin Korec’s article “Integration May Answer Questions in Machine Intelligence” has been published in the most recent edition of Cyber Defense Magazine’s “Cyberwarnings Newsletter.” A .pdf of the issue is available here. We have included the full article below.

Integration May Answer Questions in Machine Intelligence

Introduction

You are probably familiar with terms “Artificial Intelligence” and “Machine Learning,” i.e. the idea that computers can be taught to learn, and then make predictions based on the data they are given. Artificial Intelligence/Machine learning tools present huge opportunities in many areas, especially in cyber security. The UK government considers it technology which is the engine of the digital revolution. But, some are skeptical. Gartner put Machine Learning (a subset of Artificial Intelligence) at the “Peak of Inflated Expectations” in its 2015 Hype Cycle. Simon Crosby of Bromium considers these tools to be a “pipe dream.”

What Are Artificial Intelligence and Machine Learning?

Machine Learning is a subset of Artificial Intelligence, and both address the capability of machines to be taught to make predictions based on “learned” data. Both are popular terms in marketing materials, and are often confused. Deloitte has decided that a better term is “Machine Intelligence” – describing it as “an umbrella term for a collection of advances representing a new cognitive era. We are talking here about a number of cognitive tools that have evolved rapidly in recent years: machine learning, deep learning, advanced cognitive analytics, robotics process automation, and bots, to name a few.” We’ll use Machine Intelligence here (partly because “Artificial Learning” didn’t work as well) to mean the use of data analytic/predictive tools in the network security context.

The Benefits of Machine Intelligence

The essential benefit in Machine Intelligence is that it can take truly massive amounts of data, analyze it in real time, and identify anomalous or malicious behaviors invisible to manual review, or which would not be accurately identified through static detection rulesets (which are also a hassle to set up). Of course, the more data a Machine Intelligence solution has, the more effectively it can do its job. Some have claimed prediction can be improved by over 90%. If the solution has limited data from only Netflow, it is limited in its effectiveness. If input data comes from the every layer of the network, then it can identify anomalies at each layer, and each device within each layer. This means the Machine Intelligence solution identifies behavior – like advanced persistent threats or insider attacks – that may be limited or very well hidden among massive volumes of network traffic, and which would be missed by a security team pre-programming logic in SIEM systems, even well thought-out ones (a limitation of SIEM systems), or working with an IDS ruleset alone.

Some Claim Machine Intelligence has Drawbacks

Advanced analytics have been around for 20 years or more, there must be something wrong with them, or we’d all be using them. Right? Naturally, as with anything created by humans, Machine Intelligence solutions can be defeated by other humans. However, there are several existing approaches, including classification algorithms, proven to successfully mimic security analyst behavior which can be used in design and testing to avoid defeat by new threat samples. A second criticism of Machine Intelligence solutions is that they are not “plug and play,” e.g. that they need analyst time to filter out false positives/e.g teach the system what is a threat and what isn’t. Failure to do so leads to excessive false positives and alert fatigue. Alert fatigue is a problem. A recent article suggests that over half of security professionals are missing alerts they should address. However, MIT research indicates that human/Machine Intelligence collaboration is actually beneficial and can reduce false positives by close to 85%. Furthermore, while Machine Intelligence solutions may not be “plug and play,” their implementation time is much lower as compared to SIEM systems (hours vs. months) and training the machine on false positives requires a very small actual time commitment (minutes a day).

Bringing Solutions Together

Is it possible to have the benefits of Machine Intelligence technology, but minimize the hassles? Is it possible to use Machine Intelligence in such a way that this technology is used for truly advanced analysis, reducing false positives and saving the security team’s time? Integrating several features/technology types into one solution mitigates several issues with Machine Intelligence technology, and creates a more efficient system. Specifically, integrating with IDS rules and network performance monitoring is an efficient means of improving network security by joining complimentary features and data sets.

Advantages

In such an integration, detection is more effective and false positives are reduced. Less time training the system is required, and information that is “trained” starts from a more accurate position.

Integration with an IDS ruleset specifically brings two benefits: The first is that the IDS, a list of existing rules and known signatures, helps the Machine Intelligence tools function more efficiently, by determining early in the data analysis that certain traffic matches known malicious code or patterns, creating a deeper chance for analysis of events that do not trigger an IDS alert. Secondly, this type of integration has the added benefit of identifying for the Machine Intelligence tools what particular viruses/malware/trojans, etc, look like. This means that the predictive analysis tools have more, and more accurate data upon which to build their analysis. This data is also available much more quickly than if the solution was completely self-educating, or assisted only by the security team.

This also applies to adding a performance monitoring capability. A more informed and more efficient Machine Intelligence solution exists because traffic data is integrated to help it spot things like too many communication partners, services which haven’t been used before, exceptional network application delays, changed MAC addresses, or new devices or services in the network.

Integration also benefits the security team, because integrated IDS data increases efficiency. Not only does the team spend less time training the system (see above) but it also means more accurate results, resulting in less risk of alert fatigue. Alerts that actually matter are less likely to be missed as a result of the process.

In summary, Machine Intelligence technology, despite what its detractors suggest, is here to stay. Though all providers may not be using its full capabilities, its potential is too great, and its benefits in terms of detection of advanced threats too tangible for it to be given up. But, it can be improved. An integrated approach; featuring several different types of input and analysis helps to streamline Machine Intelligence data analysis, making it more effective and improves the functionality of the integrated tools. This means more effective and more efficient network security, and more family time for security analysts.

MS VULNERABILITIES EXPOSED BY GOOGLE

Google has disclosed the latest of several unpatched flaws in Microsoft software. GREYCORTEX MENDEL’s advanced machine learning and predictive analysis can identify these attacks.

Google’s “Project Zero” team recently disclosed a second unpatched Microsoft Windows security flaw, after Microsoft failed to fix the bug within Google’s set 90 day window. The vulnerability is identified as CVE-2017-0037, and is classed as a “type confusion flaw” in a module of Microsoft Edge and Internet Explorer. This flaw can lead to arbitrary code execution, and be used to crash IE or Edge, and allow hackers to execute code and gain administrator privileges on infected systems.

Advanced hackers may have either already exploited this flaw or they may soon exploit it. Network security solutions like GREYCORTEX that identify anomalous behaviour within your network are especially important in this situation. These solutions mean your IT team can identify malware by its anomalous movement within the network, and identify it as it replicates. GREYCORTEX MENDEL identifies such anomalous behavior, offers deep network visibility, and differentiates between human and machine behavior, meaning you can find infected devices within your network and secure your company’s data and reputation even without relying on Microsoft to fix vulnerabilities in its browsers.

You can read more about the vulnerability here: http://thehackernews.com/2017/02/google-microsoft-edge-bug.html

GREYCORTEX ATTENDS CEE INNOVATORS SUMMIT

The team from GREYCORTEX was selected as one of only five Czech high technology companies to attend the CEE Innovators Summit in Warsaw, Poland on March 27-28 2017. The conference focused on innovation ecosystem in the Visegrad Four (V4) countries – Czech Republic, Slovakia, Poland, and Hungary. It’s purpose was to highlight the need for greater innovation and investment in the V4 Group, and included a signing by the Prime Ministers of each of the four countries of the “Warsaw Declaration” – a statement of intent by each of the V4 countries to undertake the development of an innovative economy in the region.

The event brought together not only government officials, but press, investors, innovators, and other interested groups to the Służewiec Racetrack in Warsaw. At the conference, GREYCORTEX was represented by Pavel M. Chmelař and Milan Kaděra, who presented GREYCORTEX MENDEL, our innovative network security solution based on artificial intelligence and machine learning, which finds network threats that traditional security network security solutions miss.

If you are interested in finding out more about the conference itself, you can find it here: http://ceeinnovatorssummit.pl/en/

Press coverage from the Czech Republic can be found here: http://domaci.ihned.cz/c1-65675460-visegradska-ctyrka-se-ma-stat-rajem-inovaci-premieri-domlouvaji-spolecnou-podporu-vedy-i-start-upu (in Czech)

GREYCORTEX LOOKS FORWARD TO FUTURE COLLABORATION WITH KONICA MINOLTA

Following its inclusion in the Berlin-based global release of Konica Minolta’s new Workplace Hub, GREYCORTEX is looking forward to working with Konica Minolta, in the future, to provide its performance monitoring and advanced network traffic analysis, solutions as an extension of the Konica Minolta Workplace Hub.

Konica Minolta’s newest offering – Workplace Hub – is an innovative new enterprise IT solution, which unifies an organization’s technology into single centralized platform. Designed to future-proof workplaces of every size as they work towards digital transformation, Workplace Hub directly addresses growing IT complexity by providing more efficient and effective management of the disparate array of tools, services, and devices used by modern organizations.

Konica Minolta is one of the leading innovators in the technology sector. We are looking forward to working with them in the future, to offer network performance monitoring and advanced traffic analysis solutions as an additional extension of Workplace Hub. We believe the partnership will be a good fit because of our advanced artificial intelligence, machine learning, and data mining functionality which will help users identify threats to their emerging businesses.” Petr Chaloupka, CEO of GREYCORTEX.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

About Konica Minolta Laboratory Europe
KMLE is the hub where innovative solutions in the field of ICT come to life to transform the next generation of products and services from Konica Minolta. KMLE is the catalyst for development of business opportunities and innovative applications for Digital Workplace, Sensor Information and Automation, Digital Healthcare and Smart Data Systems. As a research organization, KMLE is eager to share innovative projects and ideas with its network of academic and industrial partners.

GODMODE DDOS ATTACKS INCREASING

Indian network security researchers have noticed an increase in DDoS attacks from a Windows OS and Windows Explorer vulnerability. The attack allows hackers to deliver a malware payload which spreads across the network to infect other machines, and can be controlled by a Command and Control (CnC) server.

In this case, the malware installs via user access to a malicious website. After checking for compatibility, the malware, as part of its penetration into the system, disables restricted VBScript functionality within the browser. This process; which involves changing the safemode flag within the browser, is also known as the “GodMode” exploit. Once “GodMode” is exploited, the virus is downloaded, then the virus payload connects to a remote CnC server, downloads  additional malware executable files, copies itself into C:WINDOWS, and deletes itself to avoid detection. Once installed, the malware spreads throughout the network, and executes DDoS attacks specified by the CnC server. To avoid this infection, researchers suggest immediately installing the latest system and browser updates.

Would you be able to tell if your network was infected with this attack? Updating your browser and operating system might stop future infection, but what about if the infection has already happened, and the malware is lying in wait? GREYCORTEX MENDEL identifies threats like the one described here because its advanced artificial intelligence and machine learning identify communication between the malware and its CnC server. MENDEL is unique in the industry because it can distinguish malware communication with a CnC server from human communication. MENDEL can also identify the threat through flow analysis. Because it analyzes all network flow data (rather than just a specific profiled flow – like Netflow or IPFIX), its IDS engine can identify the malware’s signature, even though it is encrypted.

To learn more about how GREYCORTEX can help you identify attacks of this nature, contact your IT Security professional, or GREYCORTEX directly. The original research on the attack can be found here: http://blogs.quickheal.com/ddos-attacks-spreading-godmode-exploit-cve-2014-6332/

GREYCORTEX IS A STARTUP TO LOOK FOR IN 2017

Leading European start-up blog “EU-Startups.com” has identified GREYCORTEX as one of “7 Czech Startup to Look For in 2017.” The website, an authority on the European startup ecosystem, has published a list of its selections for leading Czech startups since 2015, and has included well-known companies like Kiwi.com (formerly “Skypicker”) in previous editions. Article author Pavel Curda notes the advanced artificial intelligence, machine learning, and big data analysis components of GREYCORTEX MENDEL which set us apart from other network security products.

Developed after several years of academic and market research, and based on technology which won four US-based NIST Challenges in a row, MENDEL uses artificial intelligence and machine learning tools to identify advanced persistent threats which commonly deployed network security solutions often miss. While several other solutions in the market which claim to focus on meeting advanced threats, MENDEL is unique in that it provides exceptionally deep network visibility, combined with the ability to differentiate between human and machine behavior. This allows IT security teams to spot more threats as they emerge, and take action.

You can read the full article here: http://www.eu-startups.com/2017/02/7-czech-startups-to-look-out-for-in-2017/