April 16, 2019

GREYCORTEX has released the latest version of our MENDEL network traffic analysis solution. Version 3.3 has several important new features which improve detection and response for the network security team.

The biggest is that MENDEL’s detection and visibility capabilities are now available for SCADA/ICS environments. This new capability goes beyond support for several protocols found in earlier versions of MENDEL, and extends it to a whole new module, including the ability to visualize not just devices, but time series in IEC 61850 Goose, SNMP, and IEC104 protocols.

Not content with just SCADA features, we have added new reporting for managers and security analysts, detection and logging of TLS 1.3, and fingerprinting of encrypted traffic on the JA3 framework, as well as increasing the capabilities of the multi-sensor configurations.

New features

  • New managerial and security analyst reports summarize network data and security threats
  • New module for processing and visualization of SCADA protocols, including new dashboards for visualizing time series in IEC 61850 Goose, SNMP, and IEC 104 protocols
  • Added support for parsing CC-link protocol
  • Added support for parsing Enip/CIP protocol
  • Added support for parsing Kerberos protocol
  • Added support for parsing TFTP protocol
  • Added support for parsing IKEv2 protocol
  • Added support for parsing FTP protocol including parsing FTP data streams
  • Added detection engine for SSL/TLS client fingerprints JA3
  • Added multi-disc installation of MENDEL
  • Added GUI localization into Polish and Korean
  • Introduced new light color scheme
  • Integration with firewalls from Check Point

Please note New system of reports will replace in the near future the old type of reports. If you use them don’t forget to configure new reports.

Enhancements

  • Improved installer with enhanced user interface and new features
  • Improved dark color scheme
  • Redesigned severity color scheme
  • Reorganized main menu for better accessibility
  • Redesigned user dashboards for better user experience
  • Improved network capture module for better performance and less resource consumption
  • Improved network models for faster detection and reduced storage demands
  • Improved task planner and optimization of parallelized processing in the service for better resource consumption and management creating faster processing for multiple sensors on one collector
  • Improved detection and reparation of unusual, incomplete, or swapped flows
  • Improved parsing of incomplete or unidirectional flows
  • Improved network capture default configuration for better capture on all configurations
  • Improved processing of Active Directory events for better calculation of logged users
  • Improved Mikrotik plugin
  • Added button to restore user dashboards to default
  • Improved creation of complex firewall rules in plugin
  • Improved HTTP proxy pairing for incomplete or invalid communication

Bug Fixes

In general, our development team focused on improving the user experience and reporting.

Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.3 to work for you.