CYBER FUSION CENTER
Cyber Fusion Center
The Cyber Fusion Center (CFC) consists of proactive and preventive actions which protects critical technology and data assets. It orchestrates and coordinates the security functions and information flow from threat intelligence, through security and IT operations. Thus, it increases operational effectiveness, improves security readiness by preventing or neutralizing attacks through the timely delivery of tactical cyber threat intelligence with relevant indicators of compromise.
CFC comprises of three main components:
Cyber Operations Center (COC)
CSOC is the center where the measures are taken from collecting logs from different security nodes, examining the collected incidents and analyzing whether there is a threat or anomaly, monitoring the network traffic and determining the threats and analyzing them. Creation of correlation rules for taking measures in the internal system against a possible threat with information feeds from the Cyber Threat Intelligence Center and real-time alarm generation for the rules. This center is optimized and visualized so that the incoming logs can be easily understood, making it easy to recognize the threats being investigated.
Cyber Threat Intelligence Center (CTIC)
CTIC is the center where cyber attacker, potential cyber-attack preparation, current vulnerability and cyber-attack analysis are conducted with the incidents obtained from open sources, dark and deep web. As a result of these analyzes, it is ensured that measures are taken against the current attacks by means of the cyber threat intelligence.
It is the process of examining suspicious software from Cyber Threat Intelligence and Cyber Operation Centers in controlled environments within the Malware Analysis Laboratory. The software is considered malicious if the software works outside of what it should be, for purposes of stealing private and sensitive user information or for profit-making purposes. The analysis of suspicious software running on different operating systems and mobile platforms is examined as static (by running, reverse engineering) and dynamic (running in a controlled environment). The results of the static and dynamic analysis are presented as a report.