What a person encrypts, a person can also decrypt. This was true a couple of years ago. Nowadays, cyber-criminals use advanced technologies and their attacks are much more sophisticated and targeted, and consequences are much worse. “Not only the good guys (i.e. cyber protection companies) but also the bad guys are evolving. Attacks are aimed at weak points and human errors,“ says Petr Chaloupka, CEO of GREYCORTEX, a company that focuses on IT and industrial network security. The story of this company that succeeded among the fastest growing tech companies began long before its foundation. It is a story about passion, vision, skills and a ton of humour. And, in a way, it is connected to the beginning of computerisation in Czechoslovakia.

Maybe you too still have a vivid memory of this history chapter and maybe you remember 8-bit computers – or maybe you don’t. Luckily, there is Petr Chaloupka, the founder and CEO of GREYCORTEX, and his memories of a contest from the ’90s, a text game passed around on cassettes and floppy disks that were created very long ago for 8-bit computers. Cassettes and floppy disks were… well, just google it, kids! “This game was protected by a password that was announced on a certain day in the newspaper, on the radio and on TV to give everyone the same fair start. However, my friend and I didn´t feel like waiting and so, after several hours of reverse engineering, we identified the password and came to the conclusion that what a person encrypts, a person can also decrypt. And that is maybe where my lifelong passion for cybersecurity started and this seemingly innocent story signalled my future professional career“.

A STORY OF A COMPANY STANDING ON THE FRONT LINE IN THE BATTLE AGAINST HACKER ATTACKS

The first chapter of the GREYCORTEX story began around 2005. “I was working on an antivirus for Linux, which was a completely insignificant platform for cybercriminals back then and for which there was no malware. There were only a few lab experiments for proving that there could be one. My colleague Michal Drozd used to hack banking systems using social engineering and customised malware“, reminisces Petr Chaloupka about the beginnings with a smile. The group includes another Petr – Petr Chmelař. “Back then, he was working on machine learning principles that would be capable of finding video signal anomalies. A strong technology for which there may have been another use. What about transferring it from the video world into a computer network“? asks Petr Chaloupka rhetorically with a good portion of irony.

However, you are probably more curious about the ending of the first plotline, about Michal Drozd and his bank story. There was no shocker – Michal Drozd stood on the right side and banks paid him to do what he did. We would say today that he was an ethical hacker. “However, if he had decided to become a cybercriminal, he would be very rich by now,“ adds Petr Chaloupka.

But let’s be more serious now. Fast forward fifteen years later. Petr Chaloupka sums up that Linux is a common and widespread platform, interesting enough for cybercriminals to attack. GREYCORTEX is now a well-established company focusing on the development of security products for network protection, machine learning and AI research, and the second fastest growing tech company in the Rising Stars category of the Deloitte Technology Fast 50 competition.

“Were we visionaries back then? I don’t know. Maybe we were just the three right people at the right place, and if we had never met, nothing would have happened. Literally. But we did meet, a couple of good questions were asked and we started to look for answers together.“

THOROUGH AND COMPLETE SECURITY

The second chapter of the GREYCORTEX story was about visionary questions in the end; for example, how can someone manage to break into a bank or any other company without having to leave their home? And how come they don’t get caught? Then the right answers came and with them the first specific solution.

“Somewhere around 2014, things blended really well and when five more friends and colleagues joined us at the end of 2015, everything was ready to establish a company and start our business. It needs to be said that all founders are still with us in different roles in the company, helping it grow.“

Four years later, the company became five times as big. “Our product ‘Mendel’, which can uncover hidden threats in the network, from unknown devices to advanced attacks, has matured. After overcoming some childhood diseases and puberty, it is becoming a model for others – we helped introduce another branch of cyber security into the world! It used to be called NTA (Network Traffic Analysis) in the past; now it is called NDR (Network Detection and Response),“ says Petr Chaloupka.

Don’t worry if you are getting a little lost in all the information, you have a right to that and you deserve an explanation: NDR combines deep visibility into infrastructure with the capability to detect known and unknown attack and malware types and to react to them in real time. So, it is clearer now, isn’t it? Same as the fact that “the world is changing, technologies are changing and we are changing with them. It is important that we have done our bit and continue to give cybercriminals a hard time and ruin their filthy and immoral business,“ remarks Petr Chaloupka.

What was the worst in the beginning? “Even in our case, it holds true that all theory is grey, but the golden tree of life springs ever green, so we do everything in a completely different manner than we used to. However, the most important thing is that we learned to understand what it means not only to have a good product but also to sell it and persuade clients that they need it. You could say that we are selling insurance or that we are like Eastern medicine – we ensure that the client does not become infected and he pays us for not getting ill.“

To sum it up, Petr Chaloupka views success and failure as communicating vessels. “A functioning and growing company is a success, even though it arose from humble financial background and was basically only a dream of a few founders some 6 years ago. From the beginning, we had a vision of building a global company and so our plans now are clear – to strengthen our position in the territories in which we already operate and gradually add other locations to reach our goal. It is definitely important to find balance between this dream goal and the need to have both feet on the ground (or at least one foot).“

This article was originally published here. 

Brno, November 19, 2020

GREYCORTEX has won second place in the Rising Stars category in the prestigious ratings organized by Deloitte, where many Czech tech companies strove to be nominated as the fastest-growing tech company in the Deloitte Technology Fast 50 CE. The Tech Stars, Rising Stars, and Impact Stars categories present both the maturest and newest fast-growing companies in the Central European region as well as those companies that have had a revolutionary social or environmental impact on the market.

Petr Chaloupka, CEO at GREYCORTEX, said: “I am very pleased to have achieved international success in the 21st year of the Deloitte Technology Fast 50 CE competition and to have won second place in the Rising Stars category. In this category, seven out of 10 places were occupied by Czech companies, showing that the Czech Republic is still a cradle of technological innovation and that we have a good standing in this international competition. I wish to congratulate all the other companies and wish them success in further building their internationally competitive status”.

In the header of your blog there’s written “In the head of a Network Administrator: Thoughts, ideas, insights” – that brings up a question: what have you been dealing with in terms of security at your clients in the past few months?

That’s a pretty good question. I’ve been thinking about changing the header recently into something in the sense of “IT security lies in thorough and honest work”, which corresponds the most with what we come across during audits in companies.
IT departments often try to do “rocket science”. They consider advanced and expensive technologies, such as sandboxing and SIEM, skipping basic and simple concepts. For instance, they update servers twice a year, they use just a few passwords (as they haven’t adopted a password manager), they administer everything under the domain admin account and they haven’t performed a test disaster recovery from backup yet.
Don’t get me wrong. Sandboxing and SIEM are really useful technologies. It’s just that they belong to “add-on” technologies, and it’s necessary to get the network tidy first – get to know it inside out, be aware of all devices, setup the firewall and antivirus correctly. Basically, it’s important to focus first on activities that will contribute to security the most with the least effort.

You mention sophisticated attacks and chaotic arrangement of the infrastructure – what kind of impact might they have on organizations and companies? And what risks do you as an expert link with them?

When investigating attacks, I’m often taken aback by how fast the attackers manage to perform a “lateral movement”. It’s the stage of attacks in which attackers have a device under control, and they attempt to extend it to as much of the network as possible. In many cases they manage within a few hours. For example, in one case they managed to get a backdoor to a Director’s PA’s computer using spear-phishing. On Friday night they connected to it and within three hours they took over the domain administrator account and took control of the whole network. That’s a very short time and it’s really difficult for a company without 24/7 network security monitoring to react in time.
It’s critical to invest more time in securing the internal network to make “lateral movement” harder for the attackers and get time to detect and stop them.
Most administrators I meet put all their effort into protecting the “perimeter”. They see the security black and white – the Internet’s full of the bad, while the internal network seems safe to them. That’s a pity as the perimeter’s usually very well secured and the extra time invested has little effect. On the other hand, the internal network tends to be neglected security-wise, so every single day spent securing it is noticeable.

I understand there’s not a single correct approach that would protect all users. In your opinion, though, is there a “must” for the companies to protect their data nowadays? Something that’s changed in this respect in the past 10 years, e.g. new technologies or tools?

The thing is that security will probably never be 100 %. There will always be some zero-day vulnerabilities, human errors, and it won’t be possible to apply all security technologies (e.g. they won’t be compatible with business requirements). That’s why every company should have an efficient back-up system, resistant to hacker attacks. Thanks to that they’ll be able to get their data back without having to pay a ransom.
The development of the cloud and fast Internet has helped a lot in this area. It’s possible to make off-site backups in the cloud for a reasonable price, where the backups are protected against deleting (thanks to snapshotting, i.e. preserving a state of the storage where backups are located to a particular point in time) and natural disasters.
That doesn’t mean, though, that it isn’t necessary to deal with security anymore. A successful attack still means a downtime for days or weeks for companies as well as the risk of making their private data public.

So, it’s not just about eliminating the causes, but prevention – it’s clear that as an expert on IT security you often face misunderstanding from budget holders. What arguments or real-life cases do you use at such moments?

Exactly, the prevention is paramount. It’s cheaper to prevent problems than to deal with their consequences. Thanks to the media attention paid to the recent cyber attacks (on hospitals) the budget holders now realize the need to deal with security. The money is there. The issue is its effective allocation. Almost every IT company now “does” security. There’re also a lot of vendors of security SW / HW solutions. Security’s not a commodity, though, and the quality of individual solutions differs diametrically. The price isn’t a reliable indicator, either. Our strategy is to educate the public in the area of security. And we want Czech companies and institutions to have good security.

So far, the year 2020 seems to be a year full of changes and the need to be prepared even for the most unbelievable moments, which applies to cyberattacks, too. After all, some may be considered more likely a target than others. For example, in the USA there’ll be the presidential election, the Olympics in Tokyo (postponed to 2021), the world economics has shaken due to the coronavirus, and a lot of companies “go online”, which poses enormous risk in itself. Are there any other events or circumstances this year that, in your opinion, may carry a higher risk of attack?

Talking about the Olympics, I’ve read an article about a cyberattack on the 2018 Winter Olympics in PyeongChang, South Korea. It was a very interesting and sophisticated attack which didn’t turn into a fiasco only thanks to a coincidence and a bit of luck. I definitely recommend reading “The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History”.
It’s hard to say whether companies “going online” will have any influence on cybercrime. Most companies were already ready for home office and remote work. On the other hand, there are still a lot of companies on the market that are only about to modernize and digitize their processes. Due to the lack of IT people on the market, it’s possible that some implementations of changes won’t be done very thoroughly.

Given the direction hacker attacks have taken recently – where do you see the future of security tools?

Good question. Apart from imposing restrictions, it’s also crucial to have an overview of your network. That’s the only way how to recognize that the “restrictions” have been overcome and there’s an intruder in the network. Systems such as IDS / IPS will help you with that, as well as honeypots, network traffic analyzers, or SIEM systems. The choice of the system depends on the needs and possibilities of each company, though.


Apart from an early warning about a network issue, the systems are also necessary for backward incident investigation. With their help, it’s possible to find out how far the attackers got, which accounts and devices were compromised, which techniques and programs they used during the attack, which data they took out, how long the network was compromised, or the intrusion vector (the route of the attack). Without such systems the investigation of attacks is strenuous and inaccurate. Especially nowadays, when ransomware groups not only encrypt the data, but also steal parts of it and subsequently publish it (unless paid), such systems are needed more than ever before. Without them it’s almost impossible to find out whether any of your data got stolen during the attack, or not. 


Due to the decreasing price of network analyzers, their constant debugging, and the increasing importance of IT, I expect their adoption to grow. These technologies have a very good price / performance ratio. 

Martin Haller is a co-owner of PATRON-IT and a technician with all his heart. He specializes in cyber security and has experience as an ethical hacker. He believes it’s necessary to be able to break the network first in order to secure it well. On his blog martinhaller.cz he shares updates from the field of IT security as well as his own real-life insights. He also runs his own YouTube channel – you’ll find there e.g. what a webcam attack looks like.

August 5, 2020: Brno, Czech Republic – GREYCORTEX, advanced network security solutions provider, is pleased to announce that they have partnered with CLICO, a specialized, value-added distributor, based in Krakow, Poland. 

GREYCORTEX and CLICO are building a stronger market position to offer enterprises, SMBs, and governments the GREYCORTEX Mendel advanced network monitoring solution, to protect their networks from existing and emerging threats.
GREYCORTEX Mendel is now available via CLICO’s partners in Poland and many other countries in Central and Eastern Europe, including Romania, Bulgaria, Hungary, Croatia, Serbia, Slovenia, Montenegro, Kosovo, Albania, Macedonia, Bosnia & Herzegovina, Latvia, Lithuania, Estonia, and Moldova.

“We are glad to welcome CLICO, a leading player in the CEE cybersecurity market, as a new channel partner of our advanced network security solution” said Petr Chaloupka, GREYCORTEX CEO. “We are confident that CLICO`s deep technical expertise and strong sales channel will strengthen our market position in Poland and open new markets in Central and Eastern Europe.”

„What’s in my network? Is my network secure? These are the questions that business very often asks itself or its IT employees. In order to answer these questions with certainty, it is necessary to implement a professional network security monitoring solution, combining advanced network traffic analysis (NTA – Network Traffic Analysis) techniques with a unique environment visualization in order to visualize communication, detect security risks and threats. The solution should also enable a quick and effective response to threats resulting from misconfiguration, network performance problems, or advanced threats. That is why we are very pleased to announce that this kind of solution delivered by GREYCORTEX is now available in CLICO distribution portfolio.” – says Artur Holeczek, Security Product Manager at CLICO.

GREYCORTEX has released the latest version of its MENDEL network traffic analysis solution. Version 3.6.1 brings important  improvements and bug fixes.

ENHANCEMENTS

Improved Incident management

• Added incident label management (custom labels)
• Excluded false positive incidents by default
• Possibility to add watchers from incident page form
• Ability to change incident state
• Changed PDF report title
• Added time range into PDF report title page
• Added new items into incident overview header in PDF report

Faster representation of event queries in the lightbox
Removed user information from managerial/security reports and emails
Reworked firewall plugins compatibility with PaloAlto
Added ability for no-reinstall recovery after motherboard replacement on DELL server

FIXED ISSUES

In general, our development team focused on improving user experience and reporting, as well as more improvements to user experience, system stability, and performance.

OFFICIAL MENDEL PRODUCT SUPPORT

Full-service support is provided for the versions 3.6.x and 3.5.x. Limited service support is provided for previous version 3.4.x. Versions 3.3.x and older are no longer supported, end-users with valid support and maintenance or active SW subscription can upgrade to the supported version(s).