Scroll Top


EPP is the most common and effective malware prevention approach and accepted as a basic security hygiene for all organizations. Mass spread threats (such as WannaCry and NotPetya) may cause great damage to business operations and infrastructure. A properly configured and maintained EPP product can significantly reduce the attack surface, ransomware, and other threat risks.

3rd gen:

  • A centrally managed EPP with audited and optimized settings
  • Standard hardware, secure OS, and apps
  • Minimum authorization management
  • Removable media management
  • Reduction of security abuses with reporting and central management for vulnerabilities and patches
4th gen:
  • Using EDR with EPP, which uses modern inspection methods such as ML
  • Using behavioral analysis which inspects and prevents malware
  • Memory protection capabilities
  • Automatic integration with Sandbox
  • Using server-side HIPS, FIM, virtual patch management and micro-segmentation
5th gen:
  • Application control and inspection
  • Isolation of risky processes and prevention of affecting other processes by encapsulation
  • Using deception technologies
  • Advanced endpoint behavioral analysis, breach detection and intervention
  • Endpoint forensic tools


Symantec firmasına ait logo
Trend Micro firmasına ait logo

Endpoint Detection and Response

Endpoint detection is not just a bad file against a good file decision, and it is widely accepted that in order to detect a number of attacks that exceeds the preventive controls, it is needed to monitor and analyze continuously. EDR solutions that collects detailed endpoint incidents and events can detect these attacks and, in some cases, they prevent them to automatically spread.
  • Detects local events that can’t be seen through the network
  • Provides detailed telemetry related to the attacker’s actions on each system
  • Covers remote systems that are not on the company network
  • Is not dependent on log activation
  • Is not affected by network encryption technologies
  • Can be applied to virtualized environments


Fortinet firmasına ait logo
Symantec firmasına ait logo
Trend Micro firmasına ait logo

Network Sandbox

Network Sandboxes are based on sensors on monitoring network traffic. They send suspicious objects (i.e. executable files, Microsoft Office files, PDF files and JavaScript codes) to a virtual domain environment where they will be automatically analyzed for detecting if they contain malware. Sensors may be private devices (or virtual devices) and can be placed in other security products (i.e. firewalls, secure web gateways and secure e-mail gateways can all function as sensors). Sandbox in a nutshell, produces a signature (vaccine) that makes detection easier for other security products, analysis, and detection of a harmful APT file by executing downloaded files on virtual machines.
The acceptance of cloud based virtual domain services enables easier integration of virtual domain as a feature of a main security product (i.e. firewall, secure web gateway and other products), for this reason it has a more common implementation. According to the regulations in Turkey, on-premise solutions are preferred to cloud solutions.

The Sandbox evolution

  • (1G Sandbox), are independent physical devices that are used to identify advanced threats.
  • (2G Sandbox), integrates with other devices with wider security architecture to detect advanced threats in an organization.
  • (3G Sandbox) contains robust AI capabilities that can analyze both static and behavior.


Lastline firmasına ait logo
Fortinet firmasına ait logo
Trend Micro firmasına ait logo


Targeted attacks and broad base malicious software infections that cause breaches and data loss, makes the threat detection to buy SIEM technologies primary reason. Manufacturers are developing security analytics capabilities that range from basic features (including statistical fundamentals or trends which are part of basic product functionality) to advanced identification based on UEBA, machine learning that are provided by third parties or developed internally. SIEM technologies are adopting incident response capabilities (through naturally, acquisition or integrations) by adding functions that provide security orchestration, automation, and response (SOAR) capabilities.
  • Can be used to monitor local and out-of-network events within
  • Provides more secure user profile creation data compared to approaches intended for the network or the endpoint
  • Some SIEMs can receive streams or traffic
  • Comprehensive threat detection
  • Immunity against encrypted traffic


Splun firmasına ait logo
Fortinet firmasına ait logo
Logsign firmasına ait logo
May Cyber Technology firmasına ait logo


Network traffic analysis (NTA) technology uses combinations of advanced analytics, rule-based detection, machine learning (ML) to detect suspicious activity on corporate networks. NTA tools analyzes raw traffic and / or stream records (i.e. NetFlow) to create models that reflect normal network behavior. NTA tools raise warnings when they detect abnormal traffic formations. In addition to monitoring North/South traffic, most of the NTA solutions, provided that the sensors are placed on the network strategically, can monitor East/West traffic as well. It is important that the recommended solution has Supervised, Unsupervised and Rare (Supervised in the field) learning capabilities. Another hardship that network security analysts report is that they often struggle to receive enough SPAN / TAP connection points to NTA sensors required to monitor network traffic sufficiently. It is also considered as a plus that NTA tools can analyze encrypted SSL / TLS traffic.
  • Doesn’t trust logging infrastructure
  • Can work without user context data
  • Uses type of data (traffic) that makes models basic and predictable
  • Is good for detecting malware’s lateral movements in the intranet and leaks
  • No need for sensors if flow data can be provided through network
  • Some of them can detect the malicious software (without Sandbox) in the transmitted file for extra analysis
  • Can analyze the networks with devices that can’t be managed or don’t generate logs (such as IoT devices)
  • Generates less false positives with advanced AI/ML capabilities


Trend Micro firmasına ait logo
Lastline firmasına ait logo
Cisco firmasına ait logo


SOAR represents technologies that helps to collect the inputs that are monitored by security operations teams of the organizations. For example, warnings that help incident analysis and triage can be created by using a combination of human and machine power in order to help identify, prioritize and direct the incident intervention activities standardized per standard workflow from SIEM and other security technologies. SOAR tools allow an organization to identify incident analysis and response procedures as digital workflow.
SOAR Advantages
  • Can respond to more incidents
  • Faster response with available playbooks (45 mins manually, 1.5 mins with SOAR)
  • Makes time for analysts to spend on complex events
  • Helps responding to different brands’ products with less product information with the help of present manufacturer connectors
  • Detailed reporting and compatibility checks
  • Automatic detection and analysis of network weaknesses with VA tools
  • Visible incident correlation


Paloalto firmasına ait logo
Fortinet firmasına ait logo