CyDecSys Decision Support System: STM’s New Trump Card in Cybersecurity

17 Ocak 2019
Resim4 - C - STM

STM introduced its newly-developed CyDecSys Cybersecurity Decision Support System at a press conference held in Ankara on October 31. As a system that can be tasked with important roles in the protection of large-scale organisations against cyber attacks, the CyDecSys is a clear demonstration of the level STM has reached in the cybersecurity field.


The software-based CyDecSys product, the launch meeting of which was held as part of the STM Capture the Flag (CTF)’18 cybersecurity competition, can carry out the following functions:

  • Rapidly identifying cybersecurity gaps within organisations,
  • Prioritizing these gaps in terms of importance, as first step,
  • Fully eliminating these gaps in an effective and efficient manner.

CyDecSys assists system administrators by largely automating such processes as network topology formation, vulnerability identification, risk classification and attack tree formation. Leaving the final decision step to the system administrator, the system facilitates the decision-making process by presenting the necessary information to support critical decisions.

CyDecSys also presents various advantages in the management of network-connected devices, one of which is the ability to manage locations. Institutions and organisations with multiple facilities in different locations, in particular, tend to have numerous network devices. When these devices operate without malfunctioning for long periods of time, network administrators may lose track of their physical locations, even though their IP addresses are known. Through its location management ability, CyDecSys makes it easier to identify the location of devices whose physical location has been forgotten, despite having been operational in the network for years.

Offering Cyber Threat Intelligence, Cyber Operation and Malware Analysis services through its Cyber Fusion Centre, STM presents the CyDecSys software as an independent product that complements the company’s cybersecurity portfolio.


Difficult to Manage Thousands of Vulnerabilities

Speaking at the press conference, Ömer Korkut, Deputy General Manager of STM, said that CyDecSys had been developed through indigenous means to render the cybersecurity risks of institutions more manageable. “Under normal circumstances, the number of vulnerabilities in the computer network of an institution can run into the thousands. To manage so many vulnerabilities, the CyDecSys Cybersecurity Decision Support System analyses the cybersecurity risk associated with these vulnerabilities. By simulating the vulnerability risks as well as the measures taken against them, CyDecSys ensures effective risk management. We expect that the capabilities of CyDecSys will enhance significantly the efficiency of information security units.” Korkut said.

CyDecSys_1 - C - STM

CyDecSys features a user-friendly interface.


Artificial Intelligence-Based Products in the Pipeline

Stating that STM’s product family has further expanded with the CyDecSys, Korkut described their strategy as follows: “The main issue in the field of cybersecurity is the shortage of qualified staff, with studies in the United States indicating a shortfall of nearly 1 million people. If you compare the growing size of the threat with the time it takes to raise qualified staff, it is clear that closing this gap is not possible. In such a situation, what recourse do we have? The answer is Artificial Intelligence. Right now, we are working on another product that will be integrated with the CyDecSys … From now on, we want to hit the market with innovative products that utilise artificial intelligence methods. We want to close such gaps, but not only by reinventing products that have been made before, although improving existing products through collaborations may be part of our strategy.”

2_MS2_7488 3_MS2_7461

No Equivalents in Turkey

Dr. Emin İslam Tatlı, Director of Cybersecurity and Big Data at STM, said that the CyDecSys has no equivalents in Turkey, summarising the features of the product that set it apart from its foreign equivalents: “First of all, CyDecSys’ attack tree capability, while being complicated from an engineering standpoint, is something we have managed to resolve [and include in the system]. We don’t quite see this feature in its equivalents. Second is the issue of usability, and the well-known potential conflict for with reliability. It is important to find balance here. We have tried to come up with a product that is highly practical, especially from the end user’s standpoint, when compared to its equivalents. Different sets of eyes have examined the product, and all feedback has been taken into account. The system is able to blindly sort out [network] topology, which is a feature that is lacking in similar products, and as far as I am aware, this feature only exists in one equivalent system.”


Indigenous Software against Indigenous Vulnerabilities

Dr. Tatlı said that as a result of the competitive pricing policy at STM, CyDecSys will be a product of choice in the domestic market, and highlighted the advantages it may offer to domestic users: “The databases of foreign vulnerability scanners do not include the domestic software vulnerabilities we see in Turkey, of which there are many. We will adapt CyDecSys’ vulnerability database for our country, such that it includes the vulnerabilities of the domestic software used in Turkey.”

Dr. Tatlı added that they had also launched studies into the development of a new software for Internet of Things (IoT) security.


247 total views, 1 views today