STM’s Critical Solution for Vulnerability Detection: “Bugshield”

Tarih: Issue 96 - December 2019

Handling cyber security products with an integrated approach, STM has introduced its latest product Bugshield. The product detects exploitable cyber security vulnerabilities and creates instant reporting with its continuous penetration test methodology and offers a critical solution for the protection of corporate resources which enables security teams to take quick action before cyber attackers do.

STM Deputy General Manager Ömer KORKUT stated that by bringing together expert cyber security researchers and institutions with a “hacker” point view, Bugshield enables the detection of vulnerabilities in systems.  “Through Bugshield, we provide a proactive service to protect organizations from current cyber threats and increase security levels. With a web-based system, Bugshield provides a platform for a continuous test of the inventory that organizations require to be tested by various, reliable and competent researchers. These researchers that can be referred to as ‘ethical hackers’ consist of cyber security experts, who have become members of the system by being subjected to a series of interviews and security criteria. When the researchers report the vulnerability they have detected in the system, the STM experts are involved and the findings go through a predefined approval process. Immediately informing the institutions on the confirmed vulnerabilities gives significant opportunity to the institutions in order to detect the security gaps before the attackers and to close exposure gaps as soon as possible.”

Following STM Deputy General Manager Ömer KORKUT’s speech, STM Cyber Security Specialist Şeref Can ÖZKAYA made a presentation to participants about the features of the product and the services they offer.

Proactive Solution in Cyber Security: Bugshield Platform

The Bugshield platform, the latest cyber security product that STM provides in an integrated approach is a critical solution for the protection of corporate resources and enables the taking of quick action upon the detection of exploitable cyber security vulnerabilities through continuous penetration testing methodology and instant reporting services.

Detection of Vulnerabilities through the “Hacker” Point of View

By bringing together expert and competent cyber security researchers and institutions, Bugshield enables the detection of vulnerabilities in the systems with a “hacker” point view.  It operates as a web platform with three different interfaces connected to a central system, including customer, analyst and researcher profiles. Organizations using Bugshield are able to request vulnerability checks in their inventory lists according to the conditions set as per their policies. STM sends this request to the platform and initiates the penetration test process to be carried out by member researchers.

Instant Reporting, Quick Action

The vulnerabilities detected are recorded in the Bugshield system by the researchers and the findings are subjected to a two-stage approval process by STM experts. Confirmed vulnerabilities are delivered to the customer in instant notifications via e-mail and SMS, regardless of their importance. By this way, the vulnerability is detected before the attackers and the time between detection and remedy is shortened. Organizations are able to generate reports on vulnerability analysis results in a variety of formats and by applying the requested filtering.

Reliable and Competent Team

The researchers in the STM Bugshield system that are also referred to as “ethical hackers” consist of cyber security experts, who are included in the platform as a result of technical interviews and assessments according to their competency profiles.  A confidentiality agreement is also signed with the researchers. Upon request, the institutions are able to view the profile information of the researchers, vulnerabilities they have detected, effort they have made and the confidentiality agreements they have signed on the platform. Researchers work based on a reward system and their scores are recorded on their cards as they detect vulnerabilities. STM experts, on the other hand, undertake the verification and reporting tasks within the platform.

Critical Information Systems under Protection

The STM Bugshield platform can be used by all public and private sector organizations having web or mobile applications. It offers a significant cyber security solution, especially for organizations with potentially critical information systems across the world. The continuous penetration test service provides superior advantages for ministries with sub-websites and large commercial enterprises compared to the conventional penetration test conducted periodically.

Bugshield will serve within the Cyber Fusion Center (SFM) established in Ankara by STM providing reliable and high quality cyber security solutions for critical infrastructures of all institutions both in Turkey and in the international arena.