Cyber ​​security

Anasayfa - Our Services - Cyber ​​security
Promet Information Systems

Cyber ​​security

null
Promet, which started to operate in the field of cyber security as of 2010, has achieved a significant growth with the contribution of the revenues obtained from large-scale projects undertaken as of 2012. Promet provides services to its customers in the field of corporate network security and internet security in the field of cyber security.

Enterprise Network Security

Although the protection of the corporate internal network (intranet) against external attacks is the first thing that comes to mind in network security, attacks coming over the local network are more frequent. With the security solutions offered by Promet, end-to-end security measures are taken against attacks that may come from both the outside and the local network. In this context, the products and services offered are as follows.

Solutions and services we offer in the field of Corporate Network Security;

Penetration Test

Our Pentest service is the detection of vulnerabilities in information systems and testing of overlooked intrusion points in the system, in line with the customer's request and approval. The main purpose of this service is to detect and close existing vulnerabilities before cyber hackers damage the systems of institutions. After the tests are done, penetration test reports are created. The reports also include an executive summary to facilitate the work of senior management. One aspect of penetration testing is social engineering studies. Through these studies, the aim is to increase the awareness of information security within the organization.

Network Access Control (NAC) Systems

NAC network güvenliğinin ilk adımı en basiti ama en etkili yöntemlerinden biridir. Erişim denetimi ile ağ üzerinde izin verilmeyen hiçbir istemci ve kullanıcı bulunamaz. NAC 802.1x protokolü kullanılarak ağa dahil olmak isteyen kullanıcı bilgisayarlarının MAC adresleri kullanılarak yapılır. NAC yetki ve izin denetimlerini kimlik ve erişim yönetimi olarak adlandırılan identity and access management (IAM) bileşeni üzerinden yapar. IAM’in sağladığı izin bilgilerinin ve önceden belirlenmiş kuralların yardımıyla NAC ağa gelen erişim isteklerini kabul veya red eder. NAC çözümü ilk uygulandığında, ağa o anda erişmekte olan tüm cihazları bulmak, ne tür cihazlar olduğunu saptamak, kurumun belirlediği politikalara göre bu cihazlarla ilgili ne tür bir işlem yapılacağını belirlemek gibi süreçleri işletir. NAC sistemleri genel olarak geniş bir ürün listesine ait kuralları ve izinleri belirlemeyi sağlayan ince ayarları içerir.

VPN, SSL VPN Solutions

In today's business life, workplaces are no longer just corporate offices and buildings. This situation is for home office workers, on-site workers in another institution, those who have to travel constantly, etc. can be exemplified. Institutional borders are gradually disappearing and in direct proportion to this, the importance of providing secure communication with the headquarters and offices is increasing. With SSL VPN, what is happening on the end user's device can be examined, user-based application controls and authentications can be made, and users can easily join the corporate network with any of their personal devices.

Log Collection System in Compliance with Law No. 5651

Every business has to keep internet records as specified by this law.
The Law No. 5651 on the "Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts" was published in the Official Gazette No. 26530 on 23 May 2007 and entered into force. Law No. 5651 is the law on systematically ordering and controlling the broadcasts made on the internet, as well as combating the crimes committed through these broadcasts.

Institutions that have opened the internet service within the institution to the use of their customers or employees collectively through wired or wireless connection since the date of entry into force of this law have conditions that they are legally obliged to fulfill. Institutions that are obliged to comply with the directives of this law; They are institutions that open the internet to mass use, such as hotels, shopping malls, universities, cafes, internet cafes, SMEs, factories. The scope of the law includes the free internet service offered by the businesses to their customers and the internet service provided by the companies to their employees within the company. The internet service we use in the cafes we frequent in our daily lives, in the restaurants we eat at or in the institution we work for is within the scope of the law. Wireless hotspots of this type of internet service provided by businesses and institutions are mostly encrypted. Although such services, which are provided without a password, are absolutely not secure, they may cause problems such as theft of the user's private information or the contamination of viruses and similar harmful software. Therefore, unencrypted connections should never be trusted.

Internet Safety

Every network with internet connection and especially hosting server services needs security. With security devices, external connections to the local network can be allowed or blocked. In this context, the products and services offered are as follows.

Solutions and services we offer in the field of Corporate Internet Security;

Firewall Solutions

Firewall or firewall, in its most basic definition, "security systems produced for computers." It means. Firewall or firewall devices, on the other hand, combine these software with appropriate hardware and enable them to work in harmony. The task of the firewall; It consists of deciding whether the packets coming to it on the network will go to the places they need to reach in accordance with the previously defined rules. The firewall, which allows the passage of packets that comply with the defined rules, prevents the passage of packets that do not comply with the existing rules, thus providing high protection.
While simpler versions of the firewall are available to individual customers, more complex and systematic versions can be developed for companies. The firewall, which protects the network within the company or the computers on the networks against attacks from the internet, controls the network traffic between the internal and external networks based on predetermined principles. This ensures a controlled data flow at all times. In addition, many firewalls can also work with a proxy that handles users' request packets before they go to the network.

Virtual Private Network Access (VPN), SSL VPN Solutions

In today's business life, workplaces are no longer just corporate offices and buildings. This situation is for home office workers, on-site workers in another institution, those who have to travel constantly, etc. can be exemplified. Institutional borders are gradually disappearing and in direct proportion to this, the importance of providing secure communication with the headquarters and offices is increasing. With SSL VPN, what is happening on the end user's device can be examined, user-based application controls and authentications can be made, and users can easily join the corporate network with any of their personal devices.

Attack Detection and Prevention (IDS / IPS )

It is used as an abbreviation for Intrusion Detection Systems. The purpose of IDS security systems is to identify and log malicious activity.
IPS, on the other hand, are security systems used to detect and prevent malicious movements or harmful connections in your network traffic. It is used as an abbreviation of the words Intrusion Prevention Systems. The purpose of IPS systems is to intercept and prevent malicious connections or movements on network traffic.

Briefly, IDS (Intrusion Detection System) aims to detect attacks, while IPS (Intrusion Prevention System) systems are designed to stop and prevent attacks.

IPS and IDS systems, which are integrated with new generation Firewall devices, play an important role when properly configured in the detection, capture and prevention of attacks that cause serious damage, especially against advanced cyber attacks that have increased in recent years. While IDS detects and logs the attack in in-depth packet analysis, IPS systems prevent attacks by learning or by detecting them through the rule list.

Intrusion detection and prevention systems are software or hardware security systems designed for security analysts or experts.

If IPS and IDS products, which come across as intrusion detection and prevention systems, are used together, it is defined as Intrusion Detection and Prevention Systems, ie IDPS. In advanced systems, IPS and IDS systems are used in an integrated manner.

Although firewall devices can restrict the passage of packets, they are not capable of automatically reprogramming themselves in the event of an attack. They generally come with IPS and IDS features to eliminate this situation. Thanks to Intrusion Detection System (IDS) technology, you can both understand that the corporate network you want to protect has been attacked, and you can prevent the attacker from accessing your system again, thanks to Intrusion Prevention Systems (IPS) systems.

Our network components have become much more complex with internet technologies, the inclusion of our business processes in the internet network, the widespread use of CRM and many similar applications and systems such as the Cloud. With this naturally developing technology network, it becomes difficult to ensure the security of many of our open connections and ports that we have to keep open.

On the security side, Firewall devices have started to be weak in keeping your network clean, as they cannot analyze network traffic in depth on their own. The new generation Firewall devices, which come across as integrated security systems, have gained the ability to analyze network traffic with IPS and IDS features.

IPS and IDS systems basically have two types of working logic in attack detection or analysis. The first is the signature-based operating logic, and the second is the rule-based operating logic.

Intrusion detection, analysis and prevention systems generally have the following features;

1- Sending alerts to security administrators at the time of attack
2- Detection of malicious codes
3- Disconnecting malicious connection sources
4- Dropping and resetting harmful packets
5- Fixing CRC errors
6- Detection of attacks originating from a software or user
7- Attack to strengthen and improve defense recording patterns
8- Keeping forensic records for forensic experts
9- Ensuring data integrity and accessibility
10- Ensuring confidentiality along with security

Advanced Intrusion Detection and Analysis System

Intrusion detection systems, which include methods that enable monitoring of network activities and analysis of traffic, are one of the important security components for the detection of possible attacks, violations and threats. Intrusion prevention systems, on the other hand, are network security systems that cover the detection and prevention of attacks.
Today, the fact that networks have a complex structure, they are connected to other networks, especially the internet, with many access points, the variety and increase of cyber attacks day by day, and at the same time, these complex network systems can no longer be protected only with encryption or firewall, realities such as network traffic is constantly monitored. made real-time detection of attack attempts inevitable.

IDS/IPS systems have functions such as monitoring the network frequently, identifying possible threats and keeping event logs (logs) about them, stopping attacks and reporting to security administrators. These systems can also be used in some cases to reveal weaknesses in the security policies of institutions. IDS/IPS can also detect attackers' information gathering activities about the network, thus stopping attackers at this early stage.

Major IDS methodologies

Signature-based detection: It looks for malicious bytes or strings in network traffic to detect possible threats and compares them with previously detected attack signatures.

Anomaly-based detection: It tries to detect serious deviations from this normal level by comparing the traffic on the network with the previously determined normal traffic. It is effective in detecting previously unknown threats.

Stateful protocol analysis: It includes the steps such as comparing the profiles created by identifying harmless protocol activities with each observed suspicious activity and detecting deviations.

Data Leakage Prevention System

DLP (Data Loss Prevention), which can be named as “data leakage prevention”, “data loss prevention”, “data leakage prevention”, “data leakage prevention”, “data loss prevention” or “data leakage prevention” according to the differences in view in the security industry, It is a data security technology that provides monitoring and protection of the unauthorized use and transmission of data within a network.
DATA TYPES IN DLP
The job/purpose of data leakage prevention technology, which is evaluated in the category of “data security” in information security, is to protect data throughout its life in the network, storage areas and end user (end) points. In this direction, data is handled in three different ways in
DLP: 1. Data in Motion: It is the type of data that moves within the network, that is, it is in constant motion on transmission channels such as e-mail, instant messaging, web and P2P.

2. Data at Rest: It is the type of data that is sensitive in databases, file systems and other special storage units that is queried and used when necessary, and that is generally required to be protected in the first place.

3. Data in Use: It is an active data type that is connected with sensitive and confidential data, although it is the type that the end user constantly uses and processes.

Antivirus System

In the early days, an antivirus program meant software that could detect and sometimes remove a computer virus on the infected device and even prevent it from infecting other devices. Of course, that was in the 1990s. Since then, the increase in the type and number of malware has caused antivirus programs to evolve into more complex security solutions.
Many advanced protection products use multiple technologies to keep their users safe. This enables the products to deal with a wide range of cyber attacks such as spyware, keyboard recording, credential stealing, unauthorized cryptocurrency mining, encryption of files due to ransomware, information leaking with trojans, spam and fraud.

Mobile device management and security system

As the use of mobile devices spreads rapidly in the corporate space, management and security vulnerabilities are growing. An easy way to carry information is through mobile devices such as laptops and smartphones. Considering the sensitive information and access authorizations on these devices, it is understood that security in mobile devices is an issue that needs attention.
Asset Management with Mobile Device Management (Device type, tracking of operating system version information, list of applications, detection of device when lost), Software Management (Remote version update and patch installation possibility), Configuration management (Management of different devices through a single interface Configuration & Error Reporting: Devices memory, battery, network information, alarm reporting) and Security Management (Password management, remote deletion of corporate information in case of theft or loss of the device, or remote locking of the device, etc.).

DdoS

DDoS (Distributed Denial of Service) attacks target complete accessibility as opposed to a data leak or account hijacking. Servers on which websites are hosted; After predicting values such as number of users, line capacity, number of instant requests, it is put into service in a way that can handle a load slightly higher than these values. In this type of attack, instant requests are sent far above the load that the system can handle and the server becomes unresponsive. In other words, you usually do not access that website or service until the attack ends, or it gets very slow.
In this context, to explain the DDoS attack in its simplest form: imagine a smoothly flowing traffic on the highway. You will have to reduce your speed due to the fact that there is a more than expected vehicle entrance from the side roads, and at some points you will not be able to move at all due to traffic.

Web Access Security

A web application firewall (or WAF) filters, inspects, and blocks all HTTP traffic to and from a web application. The difference between a WAF product and a normal firewall is that while ordinary firewalls serve as a security gateway between servers, the WAF product can filter the content of any web application it wants. By inspecting HTTP traffic, it can prevent attacks caused by security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and security misconfigurations.

E-Mail Access Security

Using deceptive messages to hijack recipients' sensitive information and install malware on their devices, hackers view email as a popular tool for the spread of spam and phishing attacks. On the other hand, e-mail security aims to provide security with various techniques to keep sensitive information safe in e-mail communication.