Use of situational analysis to detect potential attacks
The paper focuses on the usage of new non-traditional detection tools based on Erlang language (multi-paradigmatic programming language specializing in generating distributed, highly available, fail-safe applications). Describes their use in detecting time and incident-related events and creating dynamic security models within large infrastructures. It explains the principles of these models and also shows integration with SIEM systems, supplementary detection mechanisms and further sources of additional information and knowledge (ElasticSearch, Splunk). The paper also focuses on integration with existing infrastructure within O2 through these new tools.
In our post, O2 describes their case-by-case cyber atack detection based on monitoring of long-term changes in user behavior and workstyle, stations, and other components of the environment. The paper at the same time shows why and especially where modern Big Data Indexing and search-based technologies for these tasks are not designed for this purpose, but where they are very valid information sources and although no the final solvers.
Ing. Michal Novák, O2 Czech Republic
Ing. Michal Novák has had more than 20 years of experience in computer security. After graduating from CTU Prague in 1989, he worked in the field of military research focusing on information systems and applications of artificial intelligence. Since 1996, he has been operating in the field of information security, first in Český Telekom, as and subsequently in the successor companies Telefonica Czech Republic, a.s., now O2 Czech Republic, a.s. Here he currently holds the position of Head of Information Security and at the same time acts as the Security Director under Act No. 412/2005 Coll. It successfully certifies ISMS according to ISO 27001 and builds and develops an information security management system. Recently, he has been focusing on detecting new types of attacks, and building and developing new detection systems with his team.
Ing. Pavel Kubín, Altworx
Pavel Kubín founded the company Olympo in 1991, as a hybrid distribution company focused on the import of electronic security systems and finally other sensor, building, RFID technologies and their system integration. Olympo has become the largest company in the region. In 2004, the company sells it, becoming a part of the American Honeywell Corporation. In 2009, he founded the Altworx project and development, based on the original R D and engineering team together with a group of young talented programmers and data scientists, etc. This combination reflects the intention of developing a product that does not compete with classical Big Data technologies or system integration in sensor technology, but it usestheir interoperability power where these approaches are not suitable. At present, major clients are large companies in Energetics, Telco, Banking and Cargo industries.
Phone: +420 737 215 220
E-mail: