CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the Israeli Defense & Intelligence Community Two decades of field proven experience A global installed base
One of The Leading companies for Cyber Security in Israel CYBERBIT is the leading company for cyber Security in Israel which provides solutions for the most sophisticated and demanding organization in all sectors and for every technology. CYBERBIT is the Leading Cyber Security solutions provider in Israel today CYBERBIT had purchased the Cyber Know-how and product from Nice Systems at approx. 160 million $ E 100% of the israeli electricity grid 75% of the major Israeli banks CYBERBIT is leading the Cyber research and development in Israel and involved in the most advanced government projects today C B A 100% of the government defense sector 3
There is no such thing as 100% prevention and there never will be Gartner 2014 Companies worldwide spend an estimated $12 billion on basic cyber-crime prevention Assoc of certified fraud examiners
Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers Source: Gartner; Bloomberg Business 13 March 2014 Too Many High Priority Alerts 10,000 Alerts Per Hour With no actionable insight 20 Days Alert went unchecked before breach announcement Those alarms [should] have been impossible to miss, they went off early enough that the hackers hadn t begun transmitting the stolen card data out of target s network
Why traditional prevention doesn t work THE GREY ZONE Green Light Red Light APT they play in the grey Injections Dropper Creating new process Screen shots Close process Driver load 6
Cyber threats expose the organization to cross-functional risks and consequences Financial losses Operational risk Regulatory consequences Legal risk The challenge is to respond quickly and effectively to the most severe threats Reputational risk RESPONSE needs orchestrations across multiple functions and processes 7
HOW DO I PROTECT MY ORGANIZATION FROM ADVANCED THREATS WHILE BEING IN A STATE OF CONTINUOUS ATTACK? 8 All rights reserved CyberBit 2015
Context-aware detection & mitigation for actionable insight TECHNOLOGIES & TOOLS POLICIES, PRACTICES, PROCEDURES TRAINED PERSONNEL COOPERATION, COLLABORATION, INTELLIGENCE Advanced technology for full range of cyber threats Holistic approach to protecting your organization Trained professionals equipped for dynamic threat Leverage wider community for enhanced protection 9
Cyber Shield Security Suite CYBER SHIELD TnS (TRAINING AND SIMULATION) CYBER SHIELD AnD (ANALYSIS and DETECTION) Anomalies detection of behavioral patterns Cross domain CYBER SHIELD SENSORS correlation Detect local anomalies Smart data collection CYBER SHIELD MnR (MITIGATION and RESPONSE) Event management Situational awareness Contextual Impact Engine SOC Manager CS-ICS (SCADA) CS-IT SIEM External Info Prevention Mapping & Assessment CS-Mobiles Firewall Active Directory IT infrastructure IT INFRASTRUCTURE ENRICHMENT 10
AnD For IT Overview A unique, top of technology product for detecting IT APT (advanced persistence threat) attacks Organization wide Host-network-other sources Multi level anomaly analysis over big data Incident analysis application
And for IT Coloring the Gray Zone Apt Incident & Investigation Dashboards Indication For High Priority Cyber Incidents, Suspicious Process, Files, Computers Etc.; Investigation Progress Investigation Management Aggregation Of All Relevant Incidents, Computers, Processes Etc.; Documentation Of Investigation Process And Insights Cyber Incident Analysis Comprehensive Analysis Utilities Such Dedicated Link Analysis For Apt Patterns Detection, Various Views And Aggregation Per Computer, Process Etc. Drilldown And Raw Data Presentation 12
Cyber Shield AnD For SCADA Overview SCADA networks operates most of the nation critical infrastructure Oil & Gas, Electricity, Water, Transportations Etc. AnD for SCADA in a non-intrusive, easy to deploy Product defending any critical infrastructure from SCADA APT s A non-intrusive collection solution networks protocol and hardware agnostic Deep packet analysis based detection at the lowest level of the SCADA network Insight Forensic & Analysis on all SCADA Abnormal events Power Plants Refineries Water Supply Airports Distribution systems
SCADA Non-Intrusive Detection and Protection Network forensic Built-in client application for the network forensics All SCADA network traffic is logged in a relational database for historical analysis and correlation Columns can be selected and advanced filters set in place to perform advanced network forensics Scada alerts investigation Gathers and filter all alerts. Allows to conduct deep analysis procedures of suspicious traffic anomalies White list rule definition Enables the user to manually or automatically define rules on what transmissions are allowed in the network, a relatively simple definition in SCADA networks. Monitors on all layers from physical to application-specific data 14
CyberShield MnR Overview Manage all Cyber Attack Events and shorten cyber events handling time by improving the response process, best practices throughout all teams, across all sites, around the clock. Cyber Shield MnR Impact Analysis & Recommendation Event Management Information sharing, Collaboration Reports & post analysis Tasking and work flows Policies and Knowledge management
Real Time SOC Operation Incidents & events management Comprehensive workflow for centralized incident management on top of CS AnD and SIEM systems. Support structured work flow, Task Management, Escalation, Documentation, Incident enrichment and tracking. Cyber events analysis and situational awareness Operational reports as well as Events and Incidents impact reports; Flexible Information Query and Retrieval SOC Management & Audit Manage users, permissions, roles and meta data; Comprehensive audit of user actions 16
Cyber Training Center A Full Scale APT Training environment enabling any organization to train it s Cyber Defenders and simulate complex scenarios on the specific IT and SCADA networks Training managers and operators as a team illustrating real-life situations A Fundamental Solution for national cyber security centers Suitable for every Need and for all infrastructures (IT, SCADA)
CYBERBIT References
CYBERBIT Secures the Top-Secret IT Networks from Advanced Cyber Attacks Product: Cyber Shield AnD for IT Controlled from national cyber command center, facilitating the work of multiple hierarchies, various roles and dozens of cyber defenders Supporting wide variety of operating systems, HW and network elements; working in harmony with other security products The solution will serve many dozens of highly sensitive networks (operational and Administrative) in a centralized manner Holds many dozens of predefined patterns and combine it with various profiling techniques of process, network activity and users
CYBERBIT Secures the Israeli Power Grid from Cyber Attacks Product: Cyber Shield AnD for SCADA Cyber Shield monitors the entire transmission network to detect SCADA APTs The solution is operational in the field for more than 3 years (Main and DR network) Analyze more than 10,000 transmissions a second Recently got a PO for cyber response blocking capabilities
CYBERBIT Implements SOC Management in the one of the Largest Israeli Banks Product: Cyber Shield MnR The leading Cyber SOC in Israel; Design partner of Elbit One of the most complex deployments of Arcsight; Moved to next level of Cyber Mitigation Large scale system, supporting more than 5000 incidents a day Currently supporting more than 300 cyber recommendation rules
CYBERBIT is Founding Cyber Training Centers Around the World Product: Cyber Shield TnS Training for Cyber Security Professionals at ALL LEVEL Enabling the organization to train the Cyber Defenders and simulate complex cyber security scenarios Allowing users to locate, respond and prevent cyberattacks, while experiencing simulated network protection conditions Track and record users performance, conducts follow-up debriefing and evaluate the results
Why CYBERBIT?
Experience and Technologies Proven track record with highly sensitive infrastructure Defensive solutions incorporate holistic cyber expertise Protect crossinfrastructure and multiple touch points Deep intelligence and cybercrime expertise Holistic protection with integrated Detection, Mitigation and Training tools 24
Thank You!