MER Group CYBER Division

Transcription

1 MER Group CYBER Division

2 Founded 1948 Publicly traded since (TASE: CMER) 1992 HQ Israel Employees 1,200 Global offices 24 Others Security, Intelligence & Cyber Revenue (2016) NIS 800 Mil.

3 Global Presence

4 Defense Communications & Technology Communication Infrastructure SmartMER Smart City, Campus and HLS Our Core Businesses Intelligence Cyber

5 Communication Infrastructure Radar Elevator Pillbox Towers Hourglass Micro-trenching

6 Past Experience HLS Athens Olympics 5 th Summit of the Americas Prisons Mexico Meteorology Kazakhstan Jerusalem Buenos Aires Rishon LeZion 911 Panama

7 Past Experience Cyber & Intelligence NFIB City of London Israel Tax Authority Intelligence Agencies Telecom Operator Enterprise

8 MER S LEADERSHIP Chaim Mer The Founder of C. Mer Industries Ltd and has been its Chairman since He serves as Director at Xenia Venture Capital Ltd, Oplon Ltd. and Space-Communication Ltd. Mr. Mer holds a B.Sc. degree in Mathematics and Science from the Technion Institute of Technology, in Haifa. Nir Lempert CEO of C. MER Industries. Retired IDF colonel. Served 22 years at the Israeli Intelligence unit 8200, in various roles, including Head of Planning, Head of the Intelligence Center and Unit Deputy Commander. Shabtai Shavit Former Head of the Israeli Mossad ( ). Served as advisor to the Special Sub-Committee of the Israeli Parliament's Foreign Affairs and Defense Committee. Chairman of the International Policy Institute for Counter Terrorism. Rotem Yoeli CEO of Mer Group Security Division. Has a degree in Computer Science. Held various management positions in high-tech companies specializing in data processing solutions. A Lieutenant Colonel (ret.) in the Israeli Special Forces.

9 WHO WE ARE? For over a decade, we have been developing and delivering intelligence and investigation solutions. Bringing together the knowhow of top analysts and technologists with the vast experience of intelligence and data mining experts from the security and intelligence sectors, we have created a product line that is based on the most advanced and up-to-date knowledge in the field. WE KNOW THE POWER OF INFORMATION IN PREDICTING AND PREVENTING CRIME AND TERROR INCIDENTS. WE VE BEEN THERE, SO YOU CAN BELIEVE US WHEN WE SAY WE UNDERSTAND THE ISSUES YOU FACE.

10 CYBER CATI Threat Intelligence Services

11 Cyber & Intelligence

12 Solutions Segment CATI Threat Intelligence Services

13 Solutions Segment What CATI Cyber Analysis Threat Intelligence Platform Threat Intelligence Services Periodical Reports Targeted Reports Training Risk Assessment Master Cyber Plan Incident Response Team SOC

14 Solutions Segment What Who CATI Cyber Actionable Threat Intelligence Platform CISO Cyber Analysts Management Threat Intelligence Services Periodical Reports Targeted Reports Training Risk Assessment Master Cyber Plan Incident Response SOC Telco Financial Sector Private/ Gov Sector Every company that is connected to the internet, who wants to protect it s assets and data

15 Cyber Solutions Segment What Who Solutions CATI Cyber Analysis Threat Intelligence Platform SICO Cyber Analysts Top Level Management Contextual Collection Internal External DarkNet (Oscar Lite) Alert System according to risk level Analysis tools Threat Intelligence Services Periodical Reports Targeted Reports Training Risk Assessment Master Cyber Plan Incident Response Team SOC Telco Financial Sector Private/Gov Sector Every company that is connected to the internet, who wants to protect it s assets and data Subscription to Cyber Threat Intelligence Reports Contextual Collection Open Sources, Forums, DarkNet Cyber Training PT & Risk Assessment Recommendation for mitigation Establishment of SOC MSSP

16 CATI

17 The Challenge Abundant quantity of data Un-contextualized Data Insufficient manpower Risks Prioritization Access to DeepWeb and DarkNet

18 The solution - Cyber Actionable Threat Intelligence - The CATI Solution Contextual - Direct attention to the relevant threats and reduce false alarms Open - A robust platform with access to a wealth of data Actionable - Integrated task management to empower threat mitigation Analysis tools - cross reference the data collected into meaningful insights Training and support on using the platform and intelligence collection best practices Top-Level Management Risk Exposure Overview A New Standard in Cyber Threat Alert Management

19 Potential Customers Financial Sector Telco Sector Private/ Gov Sector

20 Information about a threat

21 Tasks To-Do related to a threat

22 DarkNet Search OSCAR LITE

23 OSCAR LITE Search

24 Search Operators passport AND mexico passport AND id AND mexico (passport OR ID) AND mexico credit cards AND mexico cards OR bank account -credit

25 Query results

26 Actor Information Frequency of activity

27 Our CYBER Expertise & recommendation Establish Intelligence Driven CSOC Ensuring that Experts are always watching. Smart risk assessment Be aware of the CYBER gap CYBER Threat Intelligence (CTI) Have insight, not hindsight. Cyber Simulation Training Simulation of a real CYBER attacks scenario Cyber Strategy Roadmap multi-annual security roadmap Elite Incident response team First Aid Remediation & mitigation

28 MER Group CSOC July 2017

29

30 SLA - Management Incident Alerting Suggesting Update Frequency Communication Priority Mitigation post incident channel reporting Critical (P1) 30 minutes 120 minutes Every 60 minutes until closure Registered SMS/Phone + High 60 minutes 120 minutes Every 240 minutes Non-urgent issues 12 hours 12 hours Once a week

31 Managed SIEM services SOC structure Tier 1 First line which review and monitor security events review events from SIEM system, APT solution, customer inquiries, or any other source. Check product availability. Notify any abnormal health status. Escalate critical cases to the next tier. Cross-checks events with other security products. Document every event as clean/investigate/transfer to next tier. Tier 2 Proactively search for suspicious events Perform backup of current running configuration + licensing check. Cross-check events with other security products Document every event clean/investigate/transfer to next tier Tier 3 Responsible for managing major and complex security events Team leader will handle major security events coming from tier 2 Document every event as clean/investigate/transfer to next tier. The team leader will manage the SOC team Weekly/monthly configuration review

32 CSOC main Components To build the SOC with simple acceptance and execution model Maximize the use of technology. To build security intelligence and visibility that was previously unknown; build effective coordination and response unit and to introduce automation of security process. Develop SOC processes that are inline to industry best practices and regulations REAL-TIME MONITORING DATA AGGREGATION DATA CORRELATION AGGREGATE LOGS CORDINATE RESPONSE AUTOMATED REMEDIATION REPORTING EXECUTIVE SUMMARY AUDIT AND ASSESSMENT SECURITY METRIC REPORTING KPI COMPLIANCE SLA REPORTING SECURITY INCIDENT MANAGEMENT PRE AND POST INCIDENT ANALYSIS FORENSICS ANALYSIS ROOT CAUSE ANALYSIS INCIDENT HANDLING aecert INTEGRATION

33 Key Success Factors

34 Core Components Core Components for the CSOC OSS Operational Support System SIEM Security Information and Event Management Proactive Monitoring - Network and Security and Server Infrastructure Alert and Notification Security Incident Reporting Events Correlation and Heuristics / Behavioral / Anomaly

35 Training Recognize when you are under attack! Identify threats in real-time Enact first-response and counteraction activities Contain the threats and inhibit their spread.and EXPECT THE UNEXPECTED

36 Training & awareness program Level Basic & Advanced Title Security Awareness Cloud Module Network Module Security Module Cryptography & Encryption

37 Training & awareness program Level Title Linux Course Phyton for Security professionals Post exploration hacking Experts Social Engineering & Manipulation Forensic Course Ethical hacking Course

38 Thank You