Building a World Class

Cybersecurity Appliance
with MikroTik

Presenter: Troy Wilkinson, CISSP, EnCE, MTCTCE

CEO – Axiom Cyber Solutions
Axiom is Exclusively a Cybersecurity
Company
• Intrusion Detection & Prevention
• Distributed Denial of Service Mitigation
• Ransomware, Malware, Spam, Virus Detection and Prevention
• Full Management, Configuration, Monitoring, and Reporting
• Vulnerability Scanning, Penetration Testing
• Security Architecture Design and Implementation
• Continuous Updates
• Polymorphic Threat Intelligence Platform
Axiom is Exclusively a MikroTik Shop
• Why MikroTik?
• Capabilities
• Price
• Flexibility of Deployment
• Ability to Run Scripts
• Ability to Update Protections with no Degradation
• Ability to Connect MikroTik to Our Platform

• hEX – Micro Business / SoHo

• RB3011 – Small Business
• CCR-1009/1036 – Medium Business
• CCR-1072 – Large Business / Data Center
Polymorphic Threat Defense Platform
• Core to our offering.
• Polymorphic because it is continuously changing protections
• Cloud based platform that takes in over 100 open and closed sources of threat intelligence
and CVE data
• Parses the relevant threat data points such as IP Addresses, Hosts, URLs, Indicators of
Compromise, and others
• Deploys those data points in real-time to our network of clients via the MikroTik hardware
• Updates address lists, block lists, regular expression matching, Layer 7 rules, and firewall
rules
• Updates 350,000 data points per day to keep ahead of the latest attack vectors
• Averages one update approximately every 10 minutes
• No memory impact or degradation of throughput to the device, to date. (another good
reason to use MikroTik)
 Sources
• Spamhaus
• Abuse.CH
• C&C Tracker
• Forkbomb Labs
• Botnet Tracker
• HoneyDB
• MalShare.com
• PhishTank
• SANS.org / SANS ICS
• Verizon
• + many more paid subscription and open source
Data Points
• IP Addresses – Botnet, Ransomware, Malware, etc.
• URLs
• TOR Nodes
• Malicious Domains
• Layer 7 filter rules for
Ransomware
Torrent
Malware
Indicators of Compromise
Risk Factor
From the time a vulnerability is disclosed to the world, until you patch against is
your risk factor of a breach due to that vulnerability. As time increases so does
your risk of a breach.

Updates are crucial. Not just the threat intelligence feeds, but all firewall rules
must be dynamic and updated on a frequent basis.

With MikroTik, dynamic firewall rules allow us to add offenders to a custom

address list and then take a secondary action such as block for a period of time,
tarpit, drop, etc
How It Works
 Benefits
• Allows cybersecurity without having to purchase other products or hardware
• Allows full layer 7 filtering of threats
• Not a UTM – Leave virus and spam filters to the endpoint
• Network receives over 75% of attacks, not endpoint
• Protects the IoT devices
• Based on MikroTik’s firewall best practices and improved in house and through
the MikroTik community
• Perfect for Edge/Perimeter or segmentation to Managed Clients
• Protections must by dynamic, static rules and address lists are quickly out of date
Axiom Reporting Portal
Axiom Dashboard –
General Statistics
Axiom Dashboard –
Firewall Stats
Axiom Dashboard –
Advanced Packet Level Diagnostics
Axiom Dashboard –
IP Services Menu
Axiom Shield
• Works with MikroTik RouterOS
• Compatible to 6.2x versions … but you really need to update to
the latest available version!
• Contact – Troy Wilkinson, CEO – [email protected]
• www.axiomcyber.com/shield
• First month free code: SHIELD1M

PRIVILEGED AND CONFIDENTIAL