PROTECT YOUR BUSINESS WITH ARENA INSIDER THREAT IDENTIFICATION (ITI)

Traditionally, organizations believe that network monitoring tools were sufficient to detect an insider threat. But network monitoring only captures the individuals’ virtual data or digital trail – what systems an individual accesses, when they view and download files, send emails, access the web, and log on and off the corporate network. Many times these activities are not found early enough or simply not identified at all.

WHY INVEST IN AN INSIDER RISK SOLUTION?

• Protect critical assets and prevent loss of intellectual and proprietary property, confidential data or customer information
• Ensure regulatory compliance, specifically for those in the defense industrial base, financial, and healthcare industries
• Avoid immediate or future loss of revenue
• Maintain customer and shareholder confidence
• Avert critical system or service availability disruption
• Prevent overall harm to an organization’s brand image and reputation
• Deter potential insiders

The Arena ITI solution provides organizations of any size with proactive identification of potential insider threat activity, built on industry-leading experience in counterintelligence. This award-winning solution takes a holistic approach to detecting insider threats, seamlessly integrating structured and unstructured contextual information, such as performance reviews or employee information access, as well as data from cyber monitoring applications to provide a highly robust and effective insider threat detection solution.Arena ITI analyzes individuals’ anomalous IT activities with their non-IT behaviors in a single platform to produce faster, highly accurate, insider threat detection by:

• Continuously ingesting intelligence from disparate company data sources
• Aggregating data through predefined models and scoring
• Drilling down for advanced analysis and further investigation

THE ARENA ITI ADVANTAGE

• Integrates existing enterprise data with behavioral models, and continually analyzes the data for indicators that an individual may be putting the company at risk
• Proactively alerts your team of at-risk individuals to protect the organization
• Combines an individual’s cyber footprint with non-cyber behavioral data for an accurate risk profile
• Gives analysts the ability to evaluate relationships between all data sets through a built-in link analysis tool
• Provides an easy-to-use interface and threat modeling capability customized to your specific industry, organization, and employee demographics
  Delivers multi-dimensional views of data, in a variety of graphical and statistical outputs, easily assessed in minutes

As the workplace becomes more complex and insider risks increase, organizations must ensure they can detect anomalies and prevent incidents before they happen. This requires continuous monitoring, continuous evaluation of both human and IT-centric behavioral indicators and evaluation of individual attributes. Leidos is your trusted partner to ensure the protection of your company’s critical assets and help you prevent an insider incident before it occurs.

INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping requirements of cybersecurity, compliance, and change management for Industrial Control Systems (ICS). A “single pane of glass”  that provides asset visibility, tracking, configuration, policy control, and reporting for industrial endpoints from multiple vendors. APPLICATION FEATURES Industrial Defender ASM includes an active dashboard and application feature sets. The Industrial Defender ASM active dashboard provides a tabbed interface for easy access to key information about assets, security, operations, and compliance. These tabs provide visibility to top level asset data, security event trends, operational controls, and system-wide compliance. INDUSTRIAL DEFENDER ASM BENEFITS

• Gain a consolidated view into your ICS asset base at a single site and across your fleet to monitor trends, manage events and investigate anomalies
• Improve accuracy and efficiency of compliance reporting with automated data collection and archival of artifacts relevant to regulatory requirements
• Reduce cybersecurity risks with automated asset configuration collection, enabling you to perform on-demand vulnerability management
• Increase visibility into systems performance including application and process failures, registry and file changes
• Improve situational awareness and reduce total cost of ownership with multiple application feature sets on a single platform

These work together with built-in feature sets for:
Asset Management
Asset management features provide a fully automated solution to discover, track and report on hundreds and thousands of assets across your ICS footprint. Configuration & Change Management
Configuration and change management features provide a robust set of tools and reports that leverage asset management baselines to search, alert, manage, and control asset configurations.
Security Event Monitoring
Security event monitoring features provide actionable intelligence from your control system. These features consolidate, track, triage, and trend events in your ICS base using user-selectable time periods including hourly, daily, weekly, and monthly.
Policy Management
Policy management features automate the enforcement of compliance across your control systems asset base. As a vendor-agnostic solution, policies can be easily created and applied to multiple asset types, saving time, cost, and reducing duplication of effort. In addition to user-created policies, Industrial Defender ASM includes standard policies for NERC-CIP v3 and v5, Nuclear Energy Institute (NEI) 08-09 cybersecurity standards, and NIST SP 800-82. Report Management Report management features (Figure 7) eliminate the laborious manual task of data collection and report generation, providing a suite of standard reports, including NERC-CIP V3 and V5 reporting packages and a wide range of reports encompassing assets, configuration, firewalls, policy, software and patches, and users. Report subscriptions can be configured for non-privileged users, allowing them to receive reports via many alternative methods, ensuring the delivery of the most current information to those who need it most. Workflow Automation Work Automation Suite (Figure 8) is an optional feature set that integrates document management and reporting as part of a structured workflow enabling ICS professionals to streamline and eliminate the manual processes associated with change management.

Palisade is a knowledge management and analyst workflow platform that provides the technical foundation for an integrated, intelligence-driven approach to cybersecurity. The platform enables cyber analysts to collect intelligence about their adversaries’ activities and correlate trends that help to identify motives and tactics. Armed with such intelligence, analysts are better able to defend their network. Intelligence is organized within the analytic framework of the Cyber Kill Chain, a seven step cyber threat model used to detect a persistent adversary, analyze their attack progress and develop actionable intelligence. The framework provides an analyst with the needed context to proactively mitigate threats before an incident occurs. Built by analysts for analysts – Palisade offers advanced cyber intelligence management capabilities:

• Correlation and alerting
• Flexible intelligence ingest and export
• Incident and investigation tracking
• Indicator and mitigation management
• Analyst collaboration
• Campaign and adversary profiling
• Intelligence Driven Defense workflow and reporting