Yes, as soon as you send us your corporate contact information, we will contact you to start a POC.
The trial period license for CyDecSys is 1 month without any restrictions on the product features.
CyDecSys requires a virtual or physical linux server (preferably Ubuntu 16 Server). 4 cores, 8 GB RAM and 100 GB disk space to install is recommended for base version. For the Enterprise version with parallel scanning capabilities, 16 cores and 32GB’s of ram is recommended.
For vulnerability scanners, each endpoint on the network is same, meaning the same vulnerability on a laptop in the client network and on a server in DMZ is identified by the same score. Prioritizing thousands of vulnerabilities often is not possible. CyDecSys as a decision support system, allows you to prioritize vulnerabilities with unique risk analysis methods. It provides an attack tree simulation of where you can see infiltration of the corporate network from the threat points you define, taking your firewall rules into account in the most realistic way. As a result, you can instantly see the most dangerous vulnerabilities that really threaten you among thousands of vulnerabilities and manage the vulnerability closure process from a single screen with integrated workflow management.
CyDecSys does not need another with its integrated vulnerability scanner and up-to-date vulnerability detection scripts generated by STM. However, it is also compatible with the vulnerability results exported from Nessus and Nexpose scanners if you want to use these ones.
The risk score is in the range of 0-100, assigned to the assets, subnets, software, business units and locations in your system. Two papers, including CyDecSys risk analysis methods and attack tree algorithms, have been published in international peer-reviewed conferences and accepted by the academic community. You can find them in the resources section.
You can independently calculate the risk of different locations and departments with the business unit and location screens. If segmentation has been well made for different departments in your network structure, you can see and prioritize risks on the basis of department and location if you define the relevant business units and locations from CyDecSys screens.
Active scanning is the scanning that is performed by connecting to the endpoints from the CyDecSys server. Passive scanning is made by communicating with the SCCM server you use within the organization without endpoints. Passive scanning results in much faster speeds and does not generate traffic on the network. On the other hand, active scanning sometimes becomes more accurate although it takes longer. Our suggestion is to carry out two scanning methods together at regular intervals.
Although it depends on the size of the network, we generally recommend active scanning be performed once a week. Passive scanning can be done every day as it is faster and does not generate large traffic on the network.
The attack tree is a simulation of which devices can be infiltrated within the organization from the threat points you define on your organization network. CyDecSys calculates this simulation by using unique algorithms, vulnerability and exploit code information, and firewall rules to calculate real-life attack paths. Threat points can be selected among suspicious devices that generates alarms using SIEM alerts, antivirus warnings, firewall alerts, etc. But CyDecSys does not impose any restrictions on the choice of the threat points.
The attack paths calculated as a result of the attack tree provide detailed paths to exploit vulnerabilities. CyDecSys will offer you the most appropriate preventive action when you are on these attack paths. These measures include closing the related vulnerability, closing the port on the firewall, removing service and so on. It is also simulated to show which attack paths are prevented when actions are taken and how it will reduce the overall risk of the system.
CyDecSys uses dynamic intelligence data in addition to static vulnerability data. Vulnerability scores change very rarely over the years, and the occurrence of an exploit code of the relevant vulnerability will change all risks in your system, which many vulnerability scanners will not see. CyDecSys is powered by the STM Cyber Intelligence Center (CyThreat) and generates dynamic intelligence scores for such situations.
CyDecSys recommends the most appropriate patch for closing the corresponding vulnerability. In addition, workflow screens are integrated in CyDecSys where you can assign the closure of the vulnerability to related people and groups and follow the process from start to finish.
CyDecSys offers a comprehensive reporting and notification management screen that you can customize . It is possible to receive reports at all levels, from how a single vulnerability affects you to the whole risks posed by all vulnerabilities in your system. When a specific vulnerability encountered in specific assets, subnet or even in a business unit a mail notification is sent, in a very detailed level, such as creating an automated workflow management.