Today we have the pleasure of introducing Stefan Umit Uygur, CEO of DECTAR. Uygur is an evangelist for Free Open Source Software and is committed to changing the public perception of hackers, promoting the values of ethics and freedom that characterize them. He boasts considerable experience in Linux system administration, penetration testing, system security, vulnerability management, and the development of data centers and technological infrastructures, both cloud and on-premise.
During his career, Uygur has served in prestigious companies such as Sun Microsystems, Oracle, Amaya, Amazon AWS, and First Derivatives. He has contributed his technical expertise to the Italian Ministry of Justice and served as a government advisor during the XIV Legislature led by Romano Prodi. Among his most influential initiatives is the co-authorship of the law "Free Software in Public Administration and Government Structures", drafted for the chairman of the culture committee of the Chamber of Deputies, Hon. Pietro Folena. Uygur is also the author of "Penetration Testing with BackBox."
In 2017, he founded DECTAR in Dublin, a cybersecurity company that brought to life ACSIA SOS™, which we will discuss today. It is an advanced cybersecurity system with a detection engine that anticipates, blocks, and neutralizes up to 98% of threats. It utilizes customized Sigma Rules for constant monitoring of known and unknown cyber threats, ensuring security and compliance. In 2022, he launched - together with three partners with whom he shares the vision, development model, and approach to cybersecurity - Muscope Cybersecurity Srl in Milan, which developed CYSR, a risk assessment and rating platform for businesses.
In addition to leading these two innovative entities, Uygur plays a significant role on the National Advisory Board for Cybersecurity of the Irish government and works as a consultant with national cybersecurity agencies of various countries, including Israel, the United States, and the United Kingdom, confirming his role as a leader in the field of cybersecurity.
Origin and Incubation
What is your background, and how did the idea for Dectar come about?
I have had a passion for technology and cybersecurity since I was a teenager when I dabbled in hacking and intercepting the earliest cell phones in circulation. I have always been a strong supporter and evangelist of Free Open Source Software, firmly believing in the sharing of knowledge.
I have always been very actively engaged in this evangelization project, bringing my skills around the world, traveling to over 90 countries, and working for various multinationals. Over the years, I then specialized in the field of cybersecurity.
My commitment to promoting open source also led me to collaborate at the institutional level with the Ministry of Justice and to contribute to the drafting of the law "Free Software in Public Administration and governmental structures."
The idea of Dectar stems from my conviction that cybersecurity is not an optional subject, as the future is technology-based and, therefore, its security becomes crucial for the stability of the ecosystem in which we live. It is therefore essential to make cybersecurity accessible to all, to provide companies with a correct perception of cybersecurity and increase the level of awareness. Our technologies are based on the fundamental principle of prevention: effective prevention greatly simplifies all subsequent phases, avoiding them in most cases.
Since my teenage years, I've harbored a fervent passion for technology and cybersecurity, sparked by my early explorations in hacking and intercepting the nascent cell phones of that time. Throughout my journey, I've remained a staunch advocate and evangelist of Free Open Source Software, firmly advocating for the dissemination of knowledge.
My dedication to this evangelization project has taken me across the globe, spanning over 90 countries, where I've lent my expertise to various multinational endeavors. Along the way, I honed my specialization in cybersecurity, culminating in collaborative efforts at the institutional level, including contributions to the drafting of legislation such as the "Free Software in Public Administration and Governmental Structures" law in collaboration with the Ministry of Justice.
The genesis of Dectar emanates from my unwavering belief that cybersecurity is no longer a matter of choice; rather, it is an imperative as our future becomes increasingly reliant on technology. As such, ensuring its security is paramount for the stability of our ecosystem. It is imperative to “democratize” cybersecurity, providing companies with a comprehensive understanding of its importance and elevating awareness levels. Our technologies are underpinned by the core tenet of prevention: robust prevention significantly streamlines subsequent phases, mitigating risks preemptively in the majority of cases.
From what vision was Dectar born and how did the incubator contribute to its foundation and initial growth?
Dectar was established in Dublin to develop innovative solutions in the cybersecurity sector. During my extensive professional experience over the decades, I have increasingly noticed the lack of security solutions that effectively address the emerging issue of cyber attacks. In particular, I noticed a shortage of cyber solutions accessible to all, "democratic," that could be easily adopted by SMEs, considering that the problem of cybersecurity involves all companies, regardless of their size.
All businesses can suffer attacks, but many small and medium-sized enterprises have difficulty finding suitable solutions, also because they perceive the problem as complex to solve and potentially costly. For this reason, together with my team, I created ACSIA SOS (Security Operation Solution): a scalable product, easy to use, and suitable for the needs of all businesses. Integration is possible in various ways based on the specific needs of our clients, after analyzing their IT infrastructure.
From the incubators and the Enterprise Ireland entrepreneurship development program, we received fundamental support both financially and strategically in the various phases of growth and consolidation.
Enterprise Ireland - the Irish government agency for the development of innovative ideas - played a key role not only financially, but also in guiding and developing entrepreneurial activities, including participation in an accelerator. Currently, it continues to actively support our company and our idea, offering assistance also in expanding into new markets by providing about 40 offices distributed in 40 different countries and markets.
The funding obtained from Cysero – a venture capital fund specialized in the field of cybersecurity and robotics – allowed us to further expand, opening an Italian headquarters in the Kilometro Rosso science park in Bergamo and hiring highly qualified personnel in our country. Thanks to this opportunity, we were able to develop entirely European technology, thus contributing to local economic and technological growth (90% of our employees and collaborators are Italian).
Our growth was also made possible thanks to the full remote company model, which allows employees to work from anywhere, ensuring a better balance between private and professional life and reducing the environmental impact related to travel.
Dectar was founded in Dublin to pioneer innovative solutions in the cybersecurity sector. Throughout my extensive professional journey spanning decades, I have observed a growing need for security solutions that effectively tackle the evolving threat landscape of cyber attacks. Particularly, I identified a scarcity of accessible and 'democratic' cybersecurity solutions that could be easily embraced by SMEs, recognizing that cybersecurity concerns are pertinent to businesses of all sizes.
While all businesses are susceptible to attacks, many small and medium-sized enterprises encounter challenges in finding suitable solutions, often perceiving the issue as complex and potentially costly. In response, my team and I developed ACSIA SOS (Security Operation Solution): a scalable, user-friendly product tailored to the diverse needs of businesses. Integration options are flexible and tailored to our clients' specific requirements, following an analysis of their IT infrastructure.
Our journey has been significantly supported by incubators and the Enterprise Ireland entrepreneurship development program, providing crucial financial and strategic assistance throughout various stages of growth and consolidation.
Enterprise Ireland, the Irish government agency dedicated to fostering innovative ideas, has played a pivotal role, offering not only financial support but also invaluable guidance in nurturing entrepreneurial ventures, including participation in an accelerator program. Presently, the agency continues to actively champion our company and vision, extending support for expansion into new markets through its extensive network of offices spanning 40 countries and markets.
The funding obtained from Cysero, a venture capital fund specializing in the fields of cybersecurity and robotics, enabled us to expand further. This expansion included the establishment of an Italian headquarters in the Kilometro Rosso Science Park in Bergamo and the recruitment of highly qualified personnel within our country. Thanks to this opportunity, we were able to develop European technology entirely, thereby contributing to local economic and technological growth. It is noteworthy that 90% of our employees and collaborators are Italian.
Our growth has also been facilitated by the implementation of a fully remote company model, enabling employees to work from anywhere. This approach ensures a better balance between personal and professional life while concurrently reducing the environmental impact associated with travel.
Inspiration and Solution
What was the inspiration behind the development of ACSIA SOS and how does it align with the general mission of Dectar?
The inspiration behind the development of ACSIA SOS was to create an advanced and proactive solution in the field of cybersecurity, a product entirely made in Europe, focusing on the real-time correlation of events across all domains to prevent cyber attacks before they happen. Indeed, I believe it is essential to create products with open-source technology, accessible to everyone, to ensure digital sovereignty for Europe, guaranteeing autonomy and independence even in situations of political and economic uncertainty, like the current one.
The inspiration behind the development of ACSIA SOS was to create an advanced and proactive solution in the field of cybersecurity—a product entirely made in Europe—emphasizing real-time event correlation across all domains to preempt cyber attacks. I firmly believe in the importance of crafting products using open-source technology, making them accessible to all, thereby safeguarding digital sovereignty for Europe. This ensures autonomy and independence, even in times of political and economic uncertainty, such as the present
Solution
What are the distinctive features of ACSIA SOS compared to other cyber risk assessment solutions on the market?
The main features of ACSIA SOS are the Detection Engine and the Workflow Engine.
The Detection Engine operates in three phases:
The first phase is to instantly detect and block all types of standard attacks, without the need for in-depth analysis, because the solution has been specifically designed to recognize and neutralize them without complex efforts.
The second phase allows the addition of customized rules, known as Sigma Rules, for threat detection, enabling action at the moment they are associated with the response rule, thus defining the actions to be taken after detection. This feature is revolutionary because it gives full autonomy to the user to instantly insert any rule to identify any type of anomaly and threat, especially emerging ones, and to intervene without having to wait for the product manufacturer's update to address non-standard or unknown threats. Adding rules does not require specific technical skills because they are written in a meta-language, so practically anyone can write rules and upload them to their own instance in use. This feature makes the Detection Engine unique in the market, as there are no currently available solutions with these capabilities.
The third phase, also a distinctive feature of ACSIA SOS, is its ability to conduct in-depth analysis to identify the entire attack chain, particularly unconventional and difficult-to-detect attacks. This level of detail in the analysis allows the identification and neutralization of threats that usually escape currently available solutions or, if detected, are considered low severity and therefore ignored.
In summary, ACSIA SOS stands out for its ability to provide complete and reliable protection against a wide range of cyber threats, combining advanced detection and analysis technologies with real-time event correlation across all domains.
The cornerstone features of ACSIA SOS include the Detection Engine and the Workflow Engine, each designed to deliver robust cybersecurity measures.
The Detection Engine operates in three phases:
Firstly, it rapidly identifies and neutralizes standard attacks without requiring extensive analysis. Engineered to recognize and counteract such threats effortlessly, this phase ensures immediate protection against common cyber threats.
Secondly, it empowers users to add custom rules, known as Sigma Rules, for threat detection. These rules enable prompt action upon detection, allowing users to define response protocols tailored to their specific requirements. This groundbreaking capability grants users full autonomy to promptly address any anomaly or emerging threat without waiting for manufacturer updates. Moreover, the intuitive nature of rule creation, facilitated by a meta-language, ensures accessibility to all users, regardless of their technical expertise. This unique functionality sets the Detection Engine apart in the cybersecurity market, as no other solution offers such comprehensive customization capabilities.
Lastly, ACSIA SOS excels in conducting thorough analyses to uncover the entire attack chain, including unconventional and evasive threats. This meticulous level of scrutiny enables the detection and mitigation of threats that often evade detection by conventional solutions or are disregarded due to their perceived low severity.
In essence, ACSIA SOS distinguishes itself by offering comprehensive and reliable protection against a broad spectrum of cyber threats. By integrating advanced detection and analysis technologies with real-time event correlation across all domains, ACSIA SOS ensures the highest level of cybersecurity defense
Principal Benefits
What are the main benefits that ACSIA SOS offers to businesses in terms of cybersecurity and compliance?
ACSIA SOS is a robust resource for companies in terms of cybersecurity and compliance. Among its main advantages, we can highlight several crucial aspects to ensure adequate digital protection and regulatory compliance.
The solution offers a significant reduction in false positives and the so-called “alert fatigue”; by leveraging SIGMA rules, each client can implement tailor-made filters, with a consequent notable reduction of 98% in security alerts. This translates into a faster response to incidents, ensuring timely risk mitigation and greater business resilience in the face of emerging cyber threats. Perhaps the greatest benefit lies in providing full autonomy and personalized management capacity based on individual needs.
ACSIA SOS adapts to the specific needs of each client, offering complete customization of the detection and correction rules. This allows companies to develop tailor-made security strategies, in line with their policies and regulatory compliance objectives.
The solution is characterized by its ease of use and configuration, making cybersecurity management accessible even to less experienced teams. This aspect is fundamental to allow any organization to effectively implement best security practices and ensure complete protection of their digital ecosystem. ACSIA SOS also provides additional protection to traditional security solutions, offering an extra level of cyber defense and greater peace of mind for companies.
Finally, the solution stands out for its customer-oriented approach, offering ongoing training and support to ensure that users fully exploit the platform's potential. This promotes effective and lasting collaboration, allowing companies to achieve the highest level of cybersecurity.
ACSIA SOS represents a robust cybersecurity and compliance resource for companies. Among its primary advantages, several critical aspects ensure comprehensive digital protection and regulatory adherence.
The solution significantly reduces false positives and alleviates "alert fatigue" by employing SIGMA rules, enabling clients to implement tailored filters. This results in a noteworthy 98% reduction in security alerts, facilitating faster incident response, timely risk mitigation, and bolstered business resilience against emerging cyber threats. Notably, ACSIA SOS offers full autonomy and personalized management capacity, catering to individual organizational requirements.
ACSIA SOS is highly adaptable, catering to the specific needs of each client through comprehensive customization of detection and correction rules. This flexibility empowers companies to devise bespoke security strategies aligned with their policies and regulatory compliance objectives.
Ease of use and configuration are hallmark features of the solution, making cybersecurity management accessible even to less experienced teams. This accessibility is pivotal for organizations to effectively implement optimal security practices and safeguard their digital ecosystems comprehensively. Additionally, ACSIA SOS augments traditional security solutions, providing an additional layer of cyber defense and instilling greater confidence in companies.
Lastly, the solution's customer-oriented approach is evident through continuous training and support, ensuring users fully harness the platform's potential. This commitment fosters effective and enduring collaboration, enabling companies to attain the pinnacle of cybersecurity prowess.
Applicability and Regulations
How does ACSIA SOS integrate with the operations of a Security Operations Center (SOC) or a Computer Emergency Response Team (CERT)?
ACSIA SOS is a comprehensive platform and is perfect for environments such as SOCs. The platform does not position itself as a substitute for in-house SOC solutions but rather as an add-on, thanks to its ability to interact with a wide range of frameworks and automate a large amount of work processes, anomaly detections, minimizing the time spent by analysts.
The solution integrates easily with the toolset used by SOC platforms. ACSIA SOS, combined/integrated with a traditional EDR, constitutes a fully-fledged SOC platform, making it the perfect solution to set up a SOC from scratch.
Various integrations are possible in different ways based on the specific needs of our clients, after analyzing their IT infrastructure. The integration of ACSIA SOS in already established and implemented environments is quite straightforward as the solution's architecture has been designed and predisposed in plugin mode.
ACSIA SOS stands as a formidable asset for companies seeking robust cybersecurity measures and regulatory compliance. It boasts several key advantages pivotal for ensuring comprehensive digital protection and adherence to regulatory standards.
One of its standout features is its ability to significantly reduce false positives and alleviate "alert fatigue" through the utilization of SIGMA rules. By leveraging these rules, clients can implement tailored filters, resulting in an impressive 98% reduction in security alerts. This not only accelerates incident response but also ensures timely risk mitigation, thereby fortifying business resilience against emerging cyber threats. Additionally, ACSIA SOS offers unparalleled autonomy and personalized management capacity, catering to the unique needs of each organization.
Flexibility is another cornerstone of ACSIA SOS. It adapts seamlessly to the specific requirements of each client by offering complete customization of detection and correction rules. This empowers companies to craft bespoke security strategies aligned with their internal policies and regulatory compliance objectives.
Ease of use and configuration are fundamental aspects of ACSIA SOS, ensuring that even less experienced teams can effectively manage cybersecurity. This accessibility is vital for organizations aiming to implement best-in-class security practices and safeguard their digital environments comprehensively. Moreover, ACSIA SOS complements traditional security solutions, providing an additional layer of cyber defense and instilling confidence in companies.
Lastly, ACSIA SOS prides itself on its customer-centric approach. Continuous training and support initiatives are in place to ensure that users maximize the platform's potential. This commitment fosters enduring collaboration, enabling companies to achieve the highest levels of cybersecurity excellence.
ACSIA SOS is a robust platform ideally suited for environments such as Security Operations Centers (SOCs). Rather than positioning itself as a replacement for in-house SOC solutions, ACSIA SOS serves as a valuable addition, thanks to its seamless integration capabilities with a wide array of frameworks and its capacity to automate numerous workflow processes and anomaly detections, thereby minimizing analyst workload.
The platform seamlessly integrates with existing SOC toolsets, offering enhanced capabilities when combined with traditional Endpoint Detection and Response (EDR) solutions. This integration transforms ACSIA SOS into a comprehensive SOC platform, making it an ideal choice for establishing a SOC from scratch.
Various integration options are available to meet the specific needs of our clients, following an in-depth analysis of their IT infrastructure. Integrating ACSIA SOS into established environments is straightforward, facilitated by the solution's plugin-based architecture.
In summary, ACSIA SOS is a powerful asset for companies seeking robust cybersecurity measures and regulatory compliance. Its ability to significantly reduce false positives and alleviate alert fatigue through SIGMA rules is particularly noteworthy, resulting in accelerated incident response and enhanced resilience against emerging cyber threats. The platform's flexibility enables customization of detection and correction rules, empowering organizations to tailor security strategies to their unique requirements. With its user-friendly interface and seamless integration capabilities, ACSIA SOS ensures effective cybersecurity management, complementing traditional security solutions and fostering confidence in organizations. Continuous training and support initiatives further reinforce ACSIA SOS's commitment to customer success, enabling companies to achieve cybersecurity excellence.
How does ACSIA SOS help organizations navigate and comply with regulatory requirements, such as DORA and GDPR, in the context of cybersecurity?
In an era of increasing geopolitical instability and sophisticated cyber threats, organizations face unprecedented challenges, amplified by stringent regulatory compliance demands such as DORA and NIS 2. ACSIA SOS stands out as an innovative solution, enabling companies to quickly adapt and ensure effective regulatory compliance.
In particular, the detection engine that allows for the customization of rules makes the solution ideal for compliance with regulations and various compliance frameworks.
In an era marked by rising geopolitical tensions and ever-evolving cyber threats, organizations encounter unparalleled challenges, further intensified by stringent regulatory requirements like DORA and NIS 2. In this dynamic landscape, ACSIA SOS emerges as a pioneering solution, empowering companies to swiftly adapt and uphold robust regulatory compliance standards.
Of particular note is ACSIA SOS's detection engine, which offers customizable rule configurations, making it exceptionally well-suited for aligning with diverse regulatory mandates and compliance frameworks. This capability enables organizations to tailor the solution to meet specific regulatory requirements, thereby enhancing their capacity to navigate the intricate terrain of regulatory compliance with efficacy and confidence.
What are the next steps for ACSIA SOS in terms of product development and how do you plan to evolve to meet increasingly sophisticated cyber threats?
The goal is to make our detection mechanisms ever more accurate and at the same time easy to use, to surgically intercept threats, reducing the number of false positives, without the need for a team of experts. We also intend to extend the range of protection by including cloud systems in the analysis, which are increasingly present among client assets. Finally, we will increasingly consider the security posture and the status of monitored devices, in order to assess threats based not only on known and unknown vulnerabilities but also on the environment in which the solution is inserted. The majority of our future developments are oriented in this direction.
Our objective is to enhance the precision of our detection mechanisms while ensuring ease of use, enabling precise interception of threats with minimal false positives, and eliminating the necessity for expert intervention. Furthermore, we aim to expand our protective coverage to encompass cloud systems, which constitute an ever-growing component of our clients' assets. Additionally, we will prioritize evaluating threats based not only on known and unknown vulnerabilities but also on the security posture and status of monitored devices, thus considering the broader environment in which our solution operates. The majority of our forthcoming developments are aligned with these strategic objectives.