MENDEL 2.5 RELEASED

GREYCORTEX has just released MENDEL 2.5. In this most recent version, we have made several additions to further improve performance, including a new detection method for forbidden services, faster pattern processing for IDS rules (requires Intel architecture), and HTTPS traffic decryption capabilities (with imported private key). The full changelog for MENDEL 2.5 is provided below.

Additional Features

  • Added a new detection method for forbidden services
  • Added faster pattern processing for IDS rules (requires Intel architecture)
  • Added new traffic direction types for better filtering
  • Added system self-reporting for additional functionality support
  • Added HTTPS traffic decryption capabilities (with imported private key)

Improvements

  • System components have been upgraded to their newest versions
  • VoIP protocol parsers have been included for better performance
  • Improved system hardening
  • Improved query performance in the Flows tab

Bugs Fixed

  • Fixed IDS stability problems
  • Fixed IP address settings for new interfaces
  • Fixed disabling parsing IDS rules and DPI
  • Fixed issues with system log rotation, maintenance, and removal
  • Fixed truncated application requests within flow data
  • Fixed ICMP codes reporting in flow records
  • Fixed the reporting service type in outlier analysis methods
  • Fixed upgrade log downloading via the GUI
  • Fixed false positive matching for countries
  • Fixed issues in Incident Management
  • Fixed displaying colored, blacklisted IP addresses on the Peers tab
  • Fixed support for IPv6 filtering
  • Fixed computation functionality in the Peers graph
  • Fixed the computation of severity in the Toplists dashboard
  • Fixed invalid filter value handling
  • Fixed an issue with user rights in the reporting module
  • Fixed autocomplete in Host filtering
  • Fixed time limit for false positive application
  • Fixed status monitor event information
  • Fixed filtering by timestamp in event lightboxes
  • Fixed filtering false positives in “Table by Service or Port”

User Note

To further improve performance, it is strongly suggested that users turn off unused ports.

 

 

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

GREYCORTEX IN CYBER DEFENSE MAGAZINE

Martin Korec’s article “Integration May Answer Questions in Machine Intelligence” has been published in the most recent edition of Cyber Defense Magazine’s “Cyberwarnings Newsletter.” A .pdf of the issue is available here. We have included the full article below.

Integration May Answer Questions in Machine Intelligence

 

Introduction

You are probably familiar with terms “Artificial Intelligence” and “Machine Learning,” i.e. the idea that computers can be taught to learn, and then make predictions based on the data they are given. Artificial Intelligence/Machine learning tools present huge opportunities in many areas, especially in cyber security. The UK government considers it technology which is the engine of the digital revolution. But, some are skeptical. Gartner put Machine Learning (a subset of Artificial Intelligence) at the “Peak of Inflated Expectations” in its 2015 Hype Cycle. Simon Crosby of Bromium considers these tools to be a “pipe dream.”

What Are Artificial Intelligence and Machine Learning?

Machine Learning is a subset of Artificial Intelligence, and both address the capability of machines to be taught to make predictions based on “learned” data. Both are popular terms in marketing materials, and are often confused. Deloitte has decided that a better term is “Machine Intelligence” – describing it as “an umbrella term for a collection of advances representing a new cognitive era. We are talking here about a number of cognitive tools that have evolved rapidly in recent years: machine learning, deep learning, advanced cognitive analytics, robotics process automation, and bots, to name a few.” We’ll use Machine Intelligence here (partly because “Artificial Learning” didn’t work as well) to mean the use of data analytic/predictive tools in the network security context.

The Benefits of Machine Intelligence

The essential benefit in Machine Intelligence is that it can take truly massive amounts of data, analyze it in real time, and identify anomalous or malicious behaviors invisible to manual review, or which would not be accurately identified through static detection rulesets (which are also a hassle to set up). Of course, the more data a Machine Intelligence solution has, the more effectively it can do its job. Some have claimed prediction can be improved by over 90%. If the solution has limited data from only Netflow, it is limited in its effectiveness. If input data comes from the every layer of the network, then it can identify anomalies at each layer, and each device within each layer. This means the Machine Intelligence solution identifies behavior – like advanced persistent threats or insider attacks – that may be limited or very well hidden among massive volumes of network traffic, and which would be missed by a security team pre-programming logic in SIEM systems, even well thought-out ones (a limitation of SIEM systems), or working with an IDS ruleset alone.

Some Claim Machine Intelligence has Drawbacks

Advanced analytics have been around for 20 years or more, there must be something wrong with them, or we’d all be using them. Right? Naturally, as with anything created by humans, Machine Intelligence solutions can be defeated by other humans. However, there are several existing approaches, including classification algorithms, proven to successfully mimic security analyst behavior which can be used in design and testing to avoid defeat by new threat samples. A second criticism of Machine Intelligence solutions is that they are not “plug and play,” e.g. that they need analyst time to filter out false positives/e.g teach the system what is a threat and what isn’t. Failure to do so leads to excessive false positives and alert fatigue. Alert fatigue is a problem. A recent article suggests that over half of security professionals are missing alerts they should address. However, MIT research indicates that human/Machine Intelligence collaboration is actually beneficial and can reduce false positives by close to 85%. Furthermore, while Machine Intelligence solutions may not be “plug and play,” their implementation time is much lower as compared to SIEM systems (hours vs. months) and training the machine on false positives requires a very small actual time commitment (minutes a day).

Bringing Solutions Together

Is it possible to have the benefits of Machine Intelligence technology, but minimize the hassles? Is it possible to use Machine Intelligence in such a way that this technology is used for truly advanced analysis, reducing false positives and saving the security team’s time? Integrating several features/technology types into one solution mitigates several issues with Machine Intelligence technology, and creates a more efficient system. Specifically, integrating with IDS rules and network performance monitoring is an efficient means of improving network security by joining complimentary features and data sets.

Advantages

In such an integration, detection is more effective and false positives are reduced. Less time training the system is required, and information that is “trained” starts from a more accurate position.

Integration with an IDS ruleset specifically brings two benefits: The first is that the IDS, a list of existing rules and known signatures, helps the Machine Intelligence tools function more efficiently, by determining early in the data analysis that certain traffic matches known malicious code or patterns, creating a deeper chance for analysis of events that do not trigger an IDS alert. Secondly, this type of integration has the added benefit of identifying for the Machine Intelligence tools what particular viruses/malware/trojans, etc, look like. This means that the predictive analysis tools have more, and more accurate data upon which to build their analysis. This data is also available much more quickly than if the solution was completely self-educating, or assisted only by the security team.
This also applies to adding a performance monitoring capability. A more informed and more efficient Machine Intelligence solution exists because traffic data is integrated to help it spot things like too many communication partners, services which haven’t been used before, exceptional netw
ork application delays, changed MAC addresses, or new devices or services in the network.
Integration also benefits the security team, because integrated IDS data increases efficiency. Not only does the team spend less time training the system (see above) but it also means more accurate results, resulting in less risk of alert fatigue. Alerts that actually matter are less likely to be missed as a result of the process.
In summary, Machine Intelligence technology, despite what its detractors suggest, is here to stay. Though all providers may not be using its full capabilities, its potential is too great, and its benefits in terms of detection of advanced threats too tangible for it to be given up. But, it can be improved. An integrated approach; featuring several different types of input and analysis helps to streamline Machine Intelligence data analysis, making it more effective and improves the functionality of the integrated tools. This means more effective and more efficient network security, and more family time for security analysts.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

PowerDVD 17 免費升級公告

服務對象:

凡於2017-04-01至2017-04-30(以發票時間為準)期間購買「PowerDVD16」版本(盒裝版)之用戶。
 

活動適用區域:香港
 

免費升級辦法:

凡於上述期間購買「PowerDVD16」任一零售版本(含極致藍光版),可享免費升級至PowerDVD17新版本服務(升級至對應版本)。若經銷商/門市人員及消費者有升級需求及問題諮詢,請若經銷商/門市人員及消費者有升級需求及問題諮詢,請逕行洽詢訊連科技香港代理 – VERSION 2 LTD 技術支援部((852) 2893 8186)或email至 support@version-2.com.hk客戶服務人員針對符合升級資格並主動提出申請之消費者,進行個別免費升級服務。

免費升級流程

1. 消費者主動洽詢訊連科技香港代理 – VERSION 2 LTD技術支援部((852) 2893 8186)提出升級服務,且透過e-mail收到申請單。

2. 消費者詳填申請單後e-mail至VERSION 2 LTD技術支援部 support@version-2.com.hk

3. 經審核通過後,訊連科技客服部將於二週內透過e-mail提供PowerDVD17升級版下載連結與安裝序號。 

 

PowerDVD 17 免費升級公告

企業及教育授權用戶免費升級服務服務對象:服務對象:凡於2017-04-01至2017-04-30(以發票時間為準)期間透過經銷商購「PowerDVD16」授權版本之企業、政府及教育單位
 活動適用區域:香港
 免費升級辦法:凡符合本活動免費升級資格之採購單位,請貴單位或由經銷商備妥訂單影本及授權書影本,並填妥申請表各欄位資訊,掃描電子檔e-mail至support@version-2.com.hk 即可。收到本申請表後經訊連科技查驗資格無誤,將於申請日起兩週內寄發新授權書、升級版下載連結及安裝序號至貴單位。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於CyberLink
訊連科技創立於1996年,擁有頂尖視訊與音訊技術的影音軟體公司,專精於數位影音軟體及多媒體串流應用解決方案產品研發,並以「抓準技術板塊,擴大全球行銷布局」的策略,深根台灣、佈局全球,展現亮麗的成績。訊連科技以先進的技術提供完美的高解析影音播放效果、以尖端的科技提供完整的高解析度擷取、編輯、製片及燒錄功能且完整支援各種高解析度影片及音訊格式。產品包括:「威力導演」、「PowerDVD」、「威力製片」、「威力酷燒」等。

MS VULNERABILITIES EXPOSED BY GOOGLE

Google has disclosed the latest of several unpatched flaws in Microsoft software. GREYCORTEX MENDEL’s advanced machine learning and predictive analysis can identify these attacks.

Google’s “Project Zero” team recently disclosed a second unpatched Microsoft Windows security flaw, after Microsoft failed to fix the bug within Google’s set 90 day window. The vulnerability is identified as CVE-2017-0037, and is classed as a “type confusion flaw” in a module of Microsoft Edge and Internet Explorer. This flaw can lead to arbitrary code execution, and be used to crash IE or Edge, and allow hackers to execute code and gain administrator privileges on infected systems.

Advanced hackers may have either already exploited this flaw or they may soon exploit it. Network security solutions like GREYCORTEX that identify anomalous behaviour within your network are especially important in this situation. These solutions mean your IT team can identify malware by its anomalous movement within the network, and identify it as it replicates. GREYCORTEX MENDEL identifies such anomalous behavior, offers deep network visibility, and differentiates between human and machine behavior, meaning you can find infected devices within your network and secure your company’s data and reputation even without relying on Microsoft to fix vulnerabilities in its browsers.

You can read more about the vulnerability here: http://thehackernews.com/2017/02/google-microsoft-edge-bug.html

ESET NOD32 第十代新產品發佈會

今日(3月24日)本港獨家代理ESET NOD32的代理商Version 2於旺角Cordis Hotel舉行第十代新品發佈會。首先我們邀請到高級產品及銷售經理盧惠光(Kenneth)為大家講解第十代全新產品的強大功能︰勒索軟件防護功能、腳本攻擊防護、網絡攝影機防護、家庭網絡保護、密碼管理、資料加密防護。

1. 勒索軟件防護功能︰2016年是勒索病毒災難年,個人或企業無不倖免,ESET全新系列產品則新增此一功能,針對暗藏在電子郵件及網頁中的語法指令進行有效攔阻,避免電腦遭此類木馬病毒的感染。

2. 腳本攻擊防護︰防止被動態的語法指令或非傳統型態來源的惡意軟件攻擊。

3. 網絡攝攝影機防護︰可管理網絡攝影機的使用,包括可設定各程式的使用權限(允許或阻擋)。此功能會在攔截到非授權使用時,自動跳出警告視窗。

4. 家庭網絡保護︰防止在住家的網絡環境中,遭受來自內部的威脅(Wi-Fi)。包含:路由器(Router)及連線的裝置。

5. 密碼管理︰協助使用者保存及管理各式密碼,並具自動填入功能,也可協助創建複雜的密碼及快速輸入信用卡卡號。使用最高層級AES-256加密技術,讓您輕鬆管理保存及自動填入各網站的使用帳號及密碼,避免因記憶過多的惱人密碼及設定簡漏所造成的破解危害

6. 資料加密防護︰針對檔案及流動儲存裝置(USB)進行加密,避免遺失遭竊時資料外洩的風險。

接著,我們邀得國際中華小姐冠軍及最近打機打最出晒名的張曦雯(Kelly)及旅遊達人、《三日兩夜》主持梁彥宗(Chris)為我們分享星級用家心得。Kelly說︰「我安裝了ESET Multi-Device Security,它有function是可以管理webcam,包括可以設定不同程式的使用權限,可以阻止或者接受webcam使用,當有非授權使用時,電腦就會自動彈出警告視窗去攔截。」另外,Kelly亦表示安裝防毒軟件後,不會拖慢打機的速度,她說︰「暫時都無出現過搶RAM的情況,可能ESET本身需要電腦資源都不太高。再加上打機時ESET會自己進入遊戲模式,隱藏通知同開放更多資源,所以我不用擔心因為裝咗防毒而影響打機。」


Chris經常出Trip,最近又去了澳洲,有沒有在外地用wifi而中毒?「安裝了ESET Multi-Device Security,暫時都沒有中過任何病毒,因為安裝之後電腦會有一個病毒的白名單,就算有病毒想入侵,都已經幫我block了。」而Chris更表示,ESET Smart Security Premium新增「資料加密」功能,可以針對一些檔案同USB進行加密,縱使身處外地使用,都可以避免遺失時資料外洩的風險。

最後,Kelly更喜歡ESET Smart Security Premium新增的「銀行付款防護功能」,「每次我用ebanking服務的時候,不是用原本個browser,而是用ESET個安全瀏覽器,它會暫時停了所有使用者安裝的額外插件,因為這個插件有機會截取用戶個人資料。更有個「密碼管理」功能,可以幫我保存及管理不同密碼,即係我在A、B舖頭online shopping,它都會幫我設定兩個不同的複雜密碼,更可以快速輸入Credit card number,密碼更有自動填入功能,適合大頭蝦的我!」

產品查詢︰www.eset.hk (2893 8860)



Version 2 高級產品及銷售經理盧惠光(Kenneth)為大家講解第十代全新產品的強大功能。



最近打機打最出晒名的張曦雯(Kelly)分享星級用家心得。



Kelly亦表示安裝防毒軟件後,不會拖慢打機的速度。



旅遊達人、《三日兩夜》主持梁彥宗表示︰安裝了ESET Multi-Device Security,暫時都沒有中過任何病毒。

ESET NOD32第十代全新產品:「ESET NOD32 ANTIVIRUS 2017 多功能高效防毒軟件 」、「ESET MULTIDEVICE SECURITY 跨平台安全組合 」及「ESET SMART SECURITY PREMIUM 網絡安全旗艦版」經已全新上市。

關於Version 2 Limited
Version 2 Limited是亞洲最有活力的IT公司之一,公司發展及代理各種不同的互聯網、資訊科技、多媒體產品,其中包括通訊系統、安全、網絡、多媒體及消費市場產品。透過公司龐大的網絡、銷售點、分銷商及合作夥伴,Version 2 Limited 提供廣被市場讚賞的產品及服務。Version 2 Limited 的銷售網絡包括中國大陸、香港、澳門、台灣、新加坡等地區,客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟件提供商,其獲獎產品 — NOD32防病毒軟件系統,能夠針對各種已知或未知病毒、間諜軟件 (spyware)、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事處,代理機構覆蓋全球超過100個國家。