IDC CIO Summit  SafeBreach Panel Talk

IDC CIO Summit – SafeBreach 

I would like to introduce the CTO of OTD Bilişim, Eray Atlas who will be here for his presentation “Security Control Verification with BAS in BT and OT Environments”. Mr. Atlas, the floor is yours.

Hello, my name is Eray Atlas and I’m the CTO of OTD Bilişim. Let me start by briefly talking about OTD Bilişim. OTD is an IT company founded in 2011 and it provides services in network security field. As of 2018, the company shifted towards distributorship, with an aim of bringing new innovative solutions to Turkey. We started to market cyber security solutions both in IT and OT in Turkey. We do this as a “boutique” company. Organizations always aim to have innovative approaches in terms of cyber security in this digital transformation era. While making new investments, they are always under some kind of threat.

  As cyber security companies, we always try to fight against these threats. So various security investments are being made. However, we must think of ways to configure the security systems we already have in tune with our environments. This is also important. With SafeBreach, we offer you an automated platform. You might as why we need such a BAS platform. It’s because we don’t have sufficient human resources. It’s difficult to meet needs in such issues where you need specialists all the time. Automating this work and integrating many attack vectors as if we are looking at this through the eyes of a hacker, we offer you a platform so that you can simulate these attacks in your environment with different scenarios, and at intervals you desire. This platform was designed considering the way of thinking of a hacker. So, you can simultaneously simulate different security solutions in your environment. The surface vulnerable to attacks is always getting bigger. And we have very competent security solutions for IT. When you look at automation, however, we have a shadow network and it’s hard to provide the security for such a structure that you can’t see. That’s why we offer a safe platform both in IT and OT, so that you can more actively defend your vulnerable surfaces. There are over 30,000 very advanced attack simulations on the platform. So, you can actually run a drill before the hackers attack your system.

  While we make sure that you explore your skills and measure your security level, we also constantly keep your IRT teams in your SOC environments fit with such drills. They can see the risks as if there was a real attack on your systems. We can cover a large attack surface while doing this. It can be cloud-based, on docker systems, or you can tighten your security by automating critical points in different zones of your network, your DLP system or EDR system, or end-user tests on this platform. It offers a variety of skills and it has one specific advantage. After all, every organization has a vulnerability test and a management program, and they run it periodically. We collect the outputs of such vulnerability tests and integrate those with the program. So we can thoroughly examine those outputs. Let me tell you this way. A globally recognized critical vulnerability may turn out as critical in your reports. However, it may not pose a threat to a valuable internal asset of yours. So you shouldn’t waste your time on it. But if attackers can get inside using a vulnerability with lower priority and reach a more critical system, then you must prioritize that vulnerability. So this system determines these priorities smartly and provide scored reports to you.  This way, you can set the priorities for vulnerabilities on SafeBreach platform. We can show both IT and OT environments. We also have very critical systems on the automation side. It’s not easy to perform penetration tests towards these. But we can do that safely. Because we have attacks on our systems 24/7 and you cannot always fight against these with your human force in your ecosystem. However, with this platform, you can constantly simulate these scenarios and perform your tests. And we offer this both as SAS solution, and on-prem for companies inclined towards that way. Think both of those as service-based. You can buy it with subscription method.

  There are many variables in the environment. There is a constant movement. So we always carry out simulations via simulators according to these movements. For example, we have 12 different scenarios. You can monitor and evaluate your whole security framework with these scenarios. You can perform security verification for various complex security devices such as your IPC, DLP, sand-box, EDR solutions etc. Or you can get help from us to know whether you have the right configurations for a more specific DLP solutions of yours and whether your DLP scenarios are correctly configured. You can also test your sandbox and phishing skills by performing your attacks test on your end users via us. We have very advanced attack testing skills. But we always want to emphasize this. We see that everyone focuses on so called advanced, new generation attacks which make up 5% of all attacks. But companies are actually exposed to more known attacks, in other words, the 95%. And most of the breaches occur here. That’s why we give great importance to automation. When you automate this, you use your resources more efficiently, you defend these vulnerabilities with every change. For example, when you patch a system of yours, you can test the changes that come with it. When you upgrade the versions of your end-users, you can test these changes or maybe you upgrade your webserver to a new version etc. So, you can always test your environment with such scenarios. In this sense, we have automated everything and there is no need for human force here. The system can perform these tests according to the scenarios you’ve planned. SafeBreach is categorized as BAS, meaning Breach Attack Simulation. We automated everything, so it responds to your needs automatically in both IT and OT, which is a big advantage. 

The attacks against simulators you’ve configured can test that zone without interrupting any system in your actual environment. Zone is a term covering all the attacks ranging from your software on cloud environments to your most critical HMI or historian servers on OT. By this way, you can tighten the security of both your IT and OT. For example, IT-OD segmentation configuration is highly in-demand. A lot of projects come to us, and we are also very competent in OT. That’s one of the reasons we brought SafeBreach to Turkey. Often, after we complete a configuration… Our solutions like SCADAfence are passive monitoring solutions. We can show a lot of intelligence here but our customers started to ask something different from us. They said, “Yes, we set this up but when an attack occurs, can this system really prevent it?” and this is not easy to do. So we saw this need for such a platform,  brought it to Turkey and made it available for both IT and OT. In this sense, you can do a lot of work with little resources with this platform. You can tighten your security and quickly understand whether your current security devices are correctly configured. With the reports we generate, we provide a lot of details for remediation. Both executives and technical specialist can benefit from the information we provide. We do this continually so that you can tighten your security. Tightening security is very important because a variable that doesn’t show up this week may come up the next week. That’s what I defend here. Let’s not be one step behind but one step ahead because we have business goals, and these can’t wait. With SafeBreach we introduce to you a very advanced cyber-attack simulator, thus getting one step ahead of our competitors. There are over 30,000 attack simulators in the playbook of SafeBreach. You get a very advanced simulator and perform your attack simulations based on various scenarios when you have these attack vectors and use them with threat intelligence services. When there is a new vulnerability published globally, we quickly add it to the playbook in 24 hours automatically, which is an important guarantee and commitment. This is an advanced platform in this sense. You may have different security solutions in your environment such as CM solutions, and we have serious integration skills for this. We say we have the most advanced integration skills in the market. We can perform a quick integration with the security solutions you use in your environments and make sure that you get a better overview of your defense with fusing your data with our outputs. This contributes greatly to your performance and makes sure you are pro-active rather than reactive. You figure out how you will defend your environment having seen these attacks before. So this is a platform that emphasizes pro-activity. Thank you.