Home   /   Our Competencies  /   Cyber Security


Cyber Security

ORION - Data Security Platform

ORION Data Security Platform is a data leakage prevention system that provides solutions against possible unauthorized access, use or sharing scenarios of sensitive data with common management panel, network and endpoint environments.

Identifying policy and rule: Identifying exceptions, identifying customized conditions, determining impact and actions.

Identifying content classifier: Identifying the content to be protected. Classifiying by features such as dictionary terms, regular expressions or file properties, classifying file with one-to-one or fragmented summary, classifying capabilities with machine learning methods.

Identifying institution entity: Identifying the sources and destinations of the data to be protected, the endpoint devices or applications that can be used. Creating app black and white list, setting app screenshot permission.

Analyzing and reporting record:

  • Ability to track records of events taking place in the Management Center,
  • Events that occur in the Management Center network agents,
  • Data leakage records and operating system events occurring on endpoints,
  • Data breaches detected as a result of network scanning.

Identifying user role Creating Admin Center roles (Event Manager, Policy Manager, System Admin, Super Admin, Customized)

Others: SIEM and active directory server integration. Secure file storage and review (forensic). Responding to temporary stop requests, interoperability with 3rd party file tagging products. Backing up database with advanced, editing central endpoint settings, setting up mail notification server, receiving system updates remotely, automatic end-user time synchronization with scalable architecture.

Data analysis in use:

  • File system check (cut, copy and paste)
  • Browser eklentisi ile uç nokta “http/https” kanal güvenliği
  • External media channel security
  • Printer channel security
  • Preventing taking screenshots of unauthorized applications
  • Application control (trusted and untrusted application)
  • Endpoint e-mail channel security with the Outlook ORION add-in

Static data analysis:

  • File and directory indexing and tagging
  • Veri tabanı indeksleme (PostgreSQL, MS SQL, Oracle, MySQL…)
  • Manual file tagging
  • Automatic file tagging at certain periods with time synchronization

Operating system event tracking:

  • Events related to system usage (New process start, process stop, service start, service stop, new program installation, program removal)
  • User related events (Adding and logging new admin user, deleting and logging admin user, password changing and logging of admin user, adding and logging domain user, deleting and logging domain user).
  • File and directory related events (File creation, file deletion, file name change, file content modification, file security settings change)

Policy check:

E-mail content and attachment control. Sender and receiver domain inquiries. Taking policy-based actions. Policy-based action (blocking, encryption, quarantine, logging).

Encrypted e-mail check:

TLS is a third-party encryption application.

Policy check: 

Content and file control (http/https). URL category and IP based blocking. Taking policy-based actions.

Harmful Content control:

Integration with third-party malware services.


DERBENT - Secure Remote Access System

Client Side

  • Compressed image
  • Installation of security tools (Antivirus, Logging Agents etc.),
  • Limitation of user environment authorizations,
  • Only install agent software suitable for this environment.

Server Side

  • Keeping the certificate of the server in the HSM,
  • Server hardening,
  • Remote access management (VPN authorization definitions, instant client monitoring, etc.).

End User Side

  • The user must be registered with the authority that manages the corporate working directories.
  • The user must have the password for his own account.
  • The user should only have a self-owned and authenticated certificate running on other hardware.

This design achieves 3 important goals:

Zero Trust

  • Client
  • Presenter

Policy Check / Connection Blocking

  • Operating System Security Policies
  • Security Applications Control

2 Factor Authentication

  • LDAP Integration
  • Identity Card/Token Certificate Inquiry (OSCP)

Client settings are normally kept in a readable file. VPN session is started according to the settings in this file.

In Secure Remote Access:

  • The user is encrypted with the public key.
  • When necessary, it is opened only with the user secret key.
  • It will be blocked from working in another domain.

The client installation package is prepared to be run only on the environments belonging to the corporate domain. In this way:

  • Client software, certificate usage infrastructure and encrypted settings file can only be run on a corporate environment.
  • During installation, the user's certificate must also be connected to the system.
  • The settings file is edited and encrypted according to the user's certificate during installation.

The Server Zero Trust Certificate is stored by the HSM and the client's authentication is handled by the HSM.

In this way:

  • Clients are prevented from being forwarded to a cloned server.
  • HSM only fulfills requests of a VPN server serving from a specific IP that it needs to respond to.


Domain Control: Ajan sadece belirli domain’e dâhil bilgisayarlara kurulabilmektedir.

Encryption: Configuration files are encrypted with the certificate that the person has.

Bypass blocking: The user is prevented from making a VPN connection by bypassing the controls.

Anti-Clone: Server cloning is prevented by keeping the server certificate on the HSM.

Audit: With policy control, the agent is assured of endpoint security.

External Certification Authority: The external user certificate authority controls the generation of unnecessary certificates as well as reliable certificate management.

Group VPN: With the grouping feature, ISOLE VPN tunnels will be created for different units or roles.

Restricted Internet Access: By providing internet access only with VPN, user internet access is restricted. In case of limited internet access, Remediation Network is activated to meet the update needs.

Remediation Network: If the user computer fails to pass the policies, it is directed to a different VPN and network for needs such as updates.

Client-Server Authentication: “Sıfır güven” mekanizması için sunucu ve istemci oturum başlamadan önce birbirini doğrulamaktadır.

CYBERLAB - Virtual Cyber Security Laboratory

Developing cyber security technologies direct users to virtual environments that can be designed quickly and easily for application-oriented trainings, exercises and analysis laboratories. With the Virtual Cyber Security Laboratory Infrastructure, topologies including network devices and computers can be designed, and it is ensured that the user can access the designed environments quickly (without any resource requirement) via the browser.

Virtual Cyber Security Laboratory and Practice Infrastructure can create activities such as cyber security training, testing, exercises and cyber security analysis on virtual environments created on the cloud quickly, easily and at low cost.


  • Server virtualization infrastructure
  • Fast, secure and isolated lab access
  • Visual lab design interface
  • Ready-to-use lab environment templates
  • Virtual machine images prepared by experts
  • Creating a new image
  • Quota management by user groups
  • Drill interface
  • Ansible powered scoring interface
  • Cyber security analysis lab
  • Malware analysis lab
  • Forensic analysis laboratory
  • Hands-on learning environment
  • Cyber security competitions and exercises
  • Users can access virtual machines created on Cyberlab via web browsers with SSH, VNC or RDP protocols.



  • Virtual machines launched on Cyberlab can be customized with the software library created using Ansible.
  • Thanks to this feature, which works integrated with Cyberlab, it is possible to automatically evaluate user activities on virtual machines.



BOT-SEGEN - Information and Automation Technologies Penetration Testing and Security Audit Platform

  • BOT-SEGEN is based and used in different projects and proves its functionality and performance.
  • By automating penetration tests and security audits on a single platform without the need for deep expertise, it is ensured that individuals/institutions provide advantages in terms of time and cost in their current processes, and that individuals/institutions who do not currently operate these processes can operate these activities.
  • While minimizing the need for experience in related processes, it automates the steps that experienced cyber security researchers operate, minimizing manually operated processes and providing convenience and speed to the relevant personnel.
  • Enables the operation of end-to-end penetration testing and security audit activities:
    • Obtaining a topology
    • Security scan
    • Risk rating
    • Scenario based activity planning
    • Possibility to configure plug-ins for before, after and parallel operation
    • Monitoring the active process
    • Reporting in accordance with the format determined by the user
    • Editing of existing reports through the system
  • In addition to all these, it also includes features such as statistical information presentation, daily audit logs, and scalability.
  • It can minimize the need for extra media by offering services such as Manual Operation Interface and the use of Kali and similar operating systems directly through the browser.
  • It is a product whose features can be increased with add-ons.
      • Attack plugins
      • Security Audit Plugins
      • Meaningful Data Extraction Plugins
      • Others
  • Institutions/individuals can develop plug-ins that can be run on the platform and can be used on the frontend / backend.
    can run without the need for modification or development.
  • Some alternative tools operate these processes through simulators and do not provide plug-in integration.


A3 - Forensic Analysis Infrastructure

  • A3 Image Analysis Software (A3Analyzer): Analysis software that allows automatic examination and reporting of devices such as phones and digital media of various types.
  • A3 Image Capture Software (A3Imager): Software that will allow images of various types of devices to be taken for analysis.


  • Developing the software infrastructure needed for the examination and comprehensible reporting of digital evidence in the form of mobile phones, hard disks, portable disks etc. in accordance with legal norms.


  • Achieving high-level competence in the field of digital evidence examination and training expert personnel, developing domestic digital forensic analysis tools, reducing license costs and reducing foreign dependency on a strategic product.
  • Windows variants, Linux variants, BSD variants, Android, iOS, Windows Mobile
  • Communication and Social Media Applications
  • Operating System Relics
  • Cloud Programs
  • Web Remains
  • Support for Standard Forensic Analysis Image Formats
  • Encase (E01), Vmware Virtual Machine Disk (VMDK), Virtual Hard Disk (VHD), QEMU Copyon Write (QCOW), Raw(.dd/.raw/.001), Binary (Restricted), AFF2, archive formats (. tar/.tar.gz/.zip/.iso)
  • Standard File Systems Support
  • NTFS, FAT32, FAT16, EXT2, EXT3, EXT4, FS 1, UFS 2, HFS , ISO 9660, YAFFS2


  • EXIF metadata (location, time, device, etc.)
  • Detection of deleted files
  • File scraping
  • Encrypted file detection
  • Detection of files with incompatible extension and content
  • Preview by file type
  • File hash calculation, list management, search
  • Signature-based file categories [such as media (audio-video), documents, archive]
  • Original report design suitable for corporate needs
  • OpenXML, Word compatible reporting
  • Reporting in portable HTML format
  • Report format in PDF format

MERGE-N Integrated Edge Unit Security Platform

MERGE-n is a web application that aims to promote domestic cyber security products effectively and safely and to expand the use of products.


  • Establishing a promotion platform that will enable the promotion of domestic terminal security products
  • Ensuring the integration of domestic edge unit security products into the promotion platform
  • Creating a platform where domestic terminal security products can be distributed and inventory management by public institutions
  • Expanding the use of the created platforms in public institutions
  • Developing the MERGE-n product promotion platform, where Domestic Cyber Security Product Developers can promote their products and integrate with the determined standards
  • Developing the MERGE-n product distribution and inventory management platform, which will be able to install, uninstall, update and track license information of Cyber Security products in public institutions and organizations, and track software and hardware inventories.
  • Dissemination of platforms in 10 public institutions and organizations prioritized by the Presidency Digital Transformation Office
  • It is a web application that aims to promote domestic cyber security products effectively and safely and to expand the use of products.
  • On the platform, local cyber security product developers will be able to create special promotional pages for their products and companies and publish them on the platform.
  • All users will be able to examine the published products and companies effectively.
  • MERGE-n Product Distribution and Inventory Management Platform is a system management tool with the following capabilities:
    • Monitoring desktop computers, laptops and servers connected to the in-house network,
    • Ability to remotely install, update and license software,
    • Ability to follow in-house hardware and software inventory,
    • Ability to dynamically report.

(SGE) Cyber Security Institute

The Cyber Security Institute, which was established to carry out studies to increase the national cyber security capacity, carries out research and development activities in the field of cyber security; carries out solutions-oriented projects for military institutions, public institutions and organizations and the private sector.

The main fields of activity of our institute, which has made a significant contribution to the creation of cyber security knowledge and tactical infrastructure in our country with many successful projects to date, are secure software development, penetration tests and vulnerability analysis.

6-yze card logo

(IZE) Artificial Intelligence Institute

Artificial Intelligence Institute is the first institute established within the scope of TUBITAK centers and institutes, which cuts the sectors and research fields horizontally and focuses directly on the emerging technology field. For this reason, it constitutes an innovative model in terms of both the open innovation and co-development approach of the institute and its focus on emerging technology.

Artificial Intelligence Institute aims to develop core technologies in the field of artificial intelligence and bring these innovations from the forefront of science to the use of the industry as soon as possible. Focusing on the transformative potential of artificial intelligence, it will continue to play its part in pioneering efforts to create and sustain artificial intelligence-based innovation, growth and productivity in Turkey. Working with industry and public institutions in Turkey, together with other organizations within the artificial intelligence ecosystem, spreading the use of artificial intelligence and increasing the workforce specialized in this field are among its primary goals.



By joining TÜBİTAK BİLGEM as a Researcher, you can contribute to developments in the fields of information technology, information security, and advanced electronics. You'll have the opportunity to make your mark on innovations, closely follow advancements, enhance your skills, and shape your future by advancing in your career.

You can apply to our currently open positions through the TÜBİTAK Job Application System .

Application Conditions

Conditions for Job Application:

  • Foreign language proficiency: Attaining appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Fulfilling specific requirements stated in the announcement (such as undergraduate department, years of experience, expertise, etc.).
  • Satisfying the formula score:

For Candidates with Less than 3 Years of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + Additional Score* >= 3.20


For Candidates with 3 Years and More of Experience:

Weighted Graduation Average + (10,000 / University Placement Exam Ranking) + 5*[1 / (1 + e^(5 - years of experience) ) ] + Additional Score* >= 3.20

*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.


Competence Centers

Candidate Researcher

Students in the 3rd and 4th years of relevant engineering departments at universities can apply to our Part-Time Candidate Researcher positions through our Job Application System at kariyer.tubitak.gov.tr. By doing so, they can gain work experience at TÜBİTAK BİLGEM during their university years.

This program does not have an end date. Candidate Researcher personnel working part-time during their university period can seamlessly transition to full-time employment as Researcher personnel at TÜBİTAK BİLGEM without interrupting their career journey after graduating from the undergraduate program.

Application Conditions

Conditions for the Candidate Researcher Program:

  • Being a 3rd or 4th-year student in the relevant departments specified in the announcements at universities.
  • Foreign language proficiency: Achieving appropriate scores in the exam types specified in the announcement or studying in a program that is 100% in English for undergraduate education.
  • Satisfying the formula score:

Weighted Graduation Average + (10,000/University Placement Exam Ranking) + Additional Score* >= 3.20

*Candidates who have achieved rankings and awards in national and international competitions will receive an additional score of 0.3.


Discover institutes laboratories technologies products projects of BİLGEM.


TÜBİTAK BİLGEM builds its basic strategy for the future on qualified knowledge and qualified people focused on national targets in the research, technology development and innovation ecosystem.

Starting from the understanding that "the most important resource of a country is generally people, specifically scientists," TÜBİTAK encourages and supports our youth from an early age. In this context, providing young minds with early exposure to technology production is crucial for the success of our National Technology Move. Accordingly, TÜBİTAK BİLGEM offers internship opportunities to undergraduate students from universities every year.

You can follow internship announcements and submit your applications through the Career Gateway at https://kariyerkapisi.cbiko.gov.tr.

You can access frequently asked questions about internships at TÜBİTAK BİLGEM from here. 

Application Conditions
  • Students enrolled in undergraduate (2nd year and above) and associate degree programs in departments offering education in universities and conducting insurance procedures through the higher education institution to which they are affiliated can benefit from the internship opportunity.
  • For undergraduate and associate degree students, a minimum Weighted Grade Point Average (GPA) of 2.50 out of 4 is required. The GPA of candidates with a 100-point system is converted to a 4-point system based on the "Conversion Table of Grades from the 4-Point System to the 100-Point System" published by the Higher Education Council.
  • There is no requirement for a foreign language certificate during the internship application process.
  • Students enrolled in departments such as Forensic Computing Engineering, Computer Sciences, Computer Science and Engineering, Computer Engineering, Computer and Informatics, Computer and Software Engineering, Information Systems Engineering, Electrical and Electronics Engineering, Control Engineering, Control and Computer Engineering, Control and Automation Engineering, Mechanical Engineering, Mechatronics Engineering, Telecommunication Engineering, or Software Engineering in universities can apply for internships.

Internship applications are accepted between December and January, and the internship period covers June, July, and August.



Scholar assignments are made for research and development activities for undergraduate, master's, doctoral students, and post-doctoral researchers. In our center, scholars are appointed for practical purposes in externally funded, TARAL, or European Union projects.

You can contact us via the email address bilgem.yetenekkazanimi@tubitak.gov.tr to apply to be a scholar.
Application Conditions

(1) The conditions for undergraduate scholars in externally funded projects conducted by the institution are specified below:

  •  Being a student continuing undergraduate education at higher education institutions established in Turkey (excluding foreign language preparatory students).
  • Having a weighted cumulative GPA for previous years, excluding preparatory years, based on the university's grading system, which satisfies the formula score and foreign language requirements in the recruitment criteria.
  • Completing at least the first semester of the first year of undergraduate education.
  • Having a GPA of "+3.00" and a University Placement Exam Ranking of "10,000 ≥" for undergraduate general average.
  • For foreign students placed in Turkish universities without taking the ÖSYM exam or for those who completed undergraduate education through exams such as Vertical Transfer Exam, the lowest university placement ranking of the department from the year the candidate started the undergraduate program is considered in the ranking formula.

(2) The conditions for master's degree scholars in externally funded projects conducted by the institution are specified below:

  • Being a student continuing master's degree education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a master's degree in the project's field of responsibility.

(3) The conditions for doctoral students in externally funded projects conducted by the institution are specified below:

  • Being a student continuing doctoral education at higher education institutions established in Turkey (excluding special students and foreign language preparatory students).
  • Currently pursuing a doctorate in the project's field of responsibility or conducting a doctorate in areas determined within the framework of the YÖK-TÜBİTAK Doctoral Program Project Collaboration Protocol. (Students in medical specialization and artistic proficiency are accepted as doctoral students.)

MILSEC 4 - Secure IP Terminal


While the MİLSEC-4 terminal offers an up-to-date solution for next-generation secure communication (voice, data and video) in IP networks, it provides an uninterrupted communication service by maintaining the compatibility of secure voice communication in PSTN networks with PSTN secure phones in use.

Configuration, surveillance and software update processes of MILSEC-4 terminals are carried out securely remotely using the Security Management Center (GYM). MİLSEC-4 terminal is capable of IP Network Key Loading (IPAAY) through secure communication with GYM without the need for an additional device.

MİLSEC-4 terminals are interoperable with MİLSEC-1A and MİLSEC-2 phones and offer the opportunity to replace MİLSEC-1A and MİLSEC-2 phones without interruption in the gradual transformation of PSTN networks to next generation IP networks.


  • End-to-end secure voice communication in PSTN networks
  • End-to-end secure voice, image and data transmission in IP networks
  • NATO SCIP compliance on IP networks
  • Compatibility with commercial SIP products
  • Interoperability with MILSEC1A and MILSEC2 secure phones
  • National and AES crypto algorithms
  • Remote software update
  • Easy operation with touch screen

It is subject to the sales license to be given by the Ministry of National Defense.