In conjunction with our partners CLA Consulting, SETEL PowerLineand ECDIS Ltd, Abatis is pleased to launch a Cyber Malware Protection System created specifically to meet the needs of the Maritime sector.  In particular, it can protect the following vulnerable systems on board ship as well as shore-based systems:

• Communication Systems
• Bridge Systems including ECDIS
• Propulsion & Power Control
• Access Control Systems
• Cargo Management Systems
• Passenger Servicing & Mgt.
• Passenger-facing Networks
• Core Infrastructure Systems
• Admin & Crew Welfare Systems

Protect Your Fleet from External and Internal Threats

• Proactive Protection
• No Updates Required
• Fast
• Safe
• Efficient
• Low Power Consumption
• Evaluated Extremely Small Footprint (<100KB)
• Fit-and-Forget
• Protects Legacy and New Operating Systems Can Identify and Isolate Existing Malware Infections
• Works with Existing Security Tools
• Easy to Use Reduces Maintenance Burden
• Improve Green Credentials through Energy Saving
• Ship & Shore Capability

Ampex Data Systems is a legendary supplier of ruggedized airborne recording and network data acquisition systems used in flight test, ISR, and tactical mission applications. By using innovative hardware and software designed specifically to meet the performance needs of the marketplace, Ampex provides its customers with product solutions for their most demanding applications across the entire pricing spectrum - TuffServ 282, TuffServ 480GE, TuffServ 480v2, TuffServ 540, TuffServ 640, TuffServ 641, TuffServ® 481, TuffServ® TS 485. TuffServ®Series. Employing a common architecture found throughout the TuffServ offerings all products advance performance and scalability to an entirely new level. With blazing read/write speeds of up 1GB/sec, 12.8TB of removable solid-statememory, and dual 10Gbit optical Ethernet ports, TuffServ offers unparalleled performance for a wide variety of airborne and mobile applications. They addresses key issues encountered when attempting to take products designed for data center use into aerospace environments: cooling, removable storage and the management of internal cables in high-vibration environments.7

The Arbit Data Diode moves data from an insecure network to a secure network ensuring that no data is able to flow back. This is handles by the physical principle of the data diode. The Arbit Data Diode is a physical data diode that eliminates the threat of remote data stealing by establishing a physically secure one-way connection with a single fiber-optic cable. The transmission is handled by two dedicated servers. The sending server is called a pitcher and the receiving server is called a catcher. No data can be transported from the receiving network to the transmitting network. Therefore, the Arbit Data Diode is just as safe as manual data transfer, but offers the same convenience as a normal network connection.

The Arbit Data Diode has the following features:

• More hardware configurations available

• Maximum file size limited only by available disk space

• Based on gigabit network interfaces

• Transports all file types and emails with full transaction control

• Unlimited number of data channels

• Data channel priority (on transaction basis)

• Supports up to 24 streaming channels (video, radio, etc.)

• Back Pressure in case of critical diskspace

• Safe points in case of increased data flow

• Notifications by email: Required retransmissions, Daily operational statistics, Total count and size of transactions within last 24h.

• Operated by web-interfaces

• No daily maintenance

• Software based on hardened Linux

• Support Supervisory Control and Data Acquisition (SCADA) networks

• Support Industrial Control Systems (ICS)

SUPPORTED PROTOCOLS

• Mail (SMTP)

• Simple file transfer (FTP, SFTP)

• Windows share mapping (SMB)

• Time synchronization (NTP)

• HTTP/HTTPS forwarding

• Streaming (UDP/TCP) 

With decades of experience in both cyber security and the automotive industry, Argus offers innovative security methods and proven computer networking know-how with a deep understanding of automotive best practices. Built for the automotive industry, Argus Connected ECU protection prevents, detects, and mitigates attacks targeting connected ECUs. Six easy to deploy independent modules work individually, or together, to protect the car’s most vulnerable attack surfaces, such as in-vehicle infotainment units (ivis), telematics units (tcus), and adas units.

KEY BENEFITS

AUTONOMOUS. Prevents attacks in real-time without connectivity to the outside world or human intervention MULTI-LAYERED. Provides multiple independent protection layers, to defend against all types of attacks. AUTOMOTIVE-GRADE. Built for the automotive industry and addresses unique automotive security challenges. CONTROL FLOW INTEGRITY (CFI). Prevents exploitation of vulnerabilities, by ensuring that the ECU program does not deviate from its expected execution flow.    SYSTEM LIMITER. Prevents unauthorized commands and resource access with an automotive-grade mandatory access control. PLATFORM INTEGRITY. Prevents and blocks unauthorized software from running on the ECU by validating the software at boot and during runtime. SECURITY LOGGER. Collects and securely stores security events from each module, and from other data sources in the ECU, for further analysis by the OEM. THREAT DETECTION. Prevents attacks in real-time, by identifying and responding to suspicious behavior across the ECU that may indicate an unknown attack. ECU FIREWALL. Prevents attacks from spreading to the in-vehicle network by blocking malicious communications using Deep Packet Inspection.

KEY FEATURES   

• Supports Linux, QNX, and Android operating systems
• Saves time with seamless Integration and easy configuration
• Designed for easy reuse across ECUs
• Consumes minimal system resources
• Supports future module activation

 

 

Threat Deception Technology to Detect Threats Early, Accurately & Efficiently The ThreatDefend Deception Platform is a modular solution comprised of Attivo BOTsink® engagement servers, decoys, and deceptions, the ThreatStrikeTM endpoint deception suite, ThreatPathTM for attack path visibility, ThreatOpsTM incident response orchestration playbooks, and the Attivo Central Manager (ACM), which together create a comprehensive early detection and active defense against cyber threats.

 

 

WHY CUSTOMERS CHOOSE THREAT DECEPTION

• EARLY WARNING SYSTEM
• ACTIONABLE ALERTS
• EASY TO DEPLOY
• LOW MAINTENANCE
• STRENGTHENS DEFENSES

DETECT KNOW & UNKNOWN ATTACKS Not reliant on signatures or pattern matching, the Attivo ThreatDefend solution accurately detects in-network reconnaissance, credential theft, Man-in-the-Middle attacks, and lateral movement of threats that other security controls miss. EARLY & ACCURATE DETECTION Threat deception provides early detection of external, insider, and 3rd party attacks. Achieve real-time threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves. NO ALERT FATIGUE FROM FALSE POSITIVES High-fidelity alerts are raised based upon attacker decoy engagement or deception credential reuse. Each alert is substantiated with rich threat intelligence and is actionable, removing false positive and noisy alerts that distract from the prompt incident response of real threats. NOT RESOURCE INTENSIVE Easy to deploy and operate, the Attivo solution is design to be low maintenance. Deployment is in hours and doesn’t require highly skilled employees or in-depth resources for ongoing operations. Machine learning, automated analysis, and incident response empower quick remediation. CAMOUFLAGE Realistic deception is key to deceiving attackers into engaging. Dynamic deception provides authenticity and deception campaigns for self-learning deployment and refresh.

 

 

Authenticity

• Customized using real OS and services to production assets
• Credential validation with Active Directory
• High-interaction engagement

Machine-Learning

• Self-learning of the environment generates deception campaigns
• Campaigns can be deployed on demand for environment refresh
• Allows automated refresh to spin up deception or avoid fingerprinting

Easy Operations

• Simplify deployment with automated campaign proposals
• Easy operations with automated refresh
• Choice of on demand or automated campaign deployment

FEATURES

 

 

ThreatDefend is a comprehensive, scalable detection platform designed for the early detection of external threat actors and insiders (employees, suppliers, contractors) and for accelerating incident response. IN-NETWORK THREAT DETECTION Early endpoint, network, application, and data post-compromise threat detection. ATTACK SURFACE SCALABILITY Deception for evolving attack surface: data centers, cloud, user networks, remote office, specialty networks. EASY DEPLOYMENT & OPERATIONS Flexible deployment options and machine-learning for ongoing campaign authenticity and refresh. SUBSTANTIATED ALERTS & FORENSICS Actionable alerts from attacker engagement or credential reuse. Full forensics for actionable response. ATTACK ANALYSIS Automated attack analysis and correlation improves time-to-remediation. THREAT INTELLIGENCE High interaction attacker engagement and DecoyDocs produce threat, adversary, and counterintelligence. ACCELERATED INCIDENT RESPONSE Extensive 3rd party automations accelerate incident response to block, isolate, and threat hunt. ATTACK PATH VULNERABILITY ASSESSMENT Understand attack path vulnerabilities based on exposed credentials and misconfigurations. VISIBILITY & ATTACK MAPS Topographical maps for network visualization and time-lapsed attack replay.

Enjoy the cost and flexibility of open technology knowing you’re protected by military-grade cyber security. Rest even easier knowing that the security comes at no additional cost because it is designed to be secure from the silicon on up.

Features: Performance

• Ultra fast PLC, SCADA RTU, PAC and DCS capabilities
• Soft-selectable I/O on each channel: DI / DO / AI / AO / Pulse / HART 7
• Secure OPC UA / MQTT / Ethernet IP / Modbus TCP / Modbus RTU / PROFINET / BSAP
• Fixed 1 millisecond scan times regardless of load
• 512MB RAM with options for 8GB, 32GB or 64GB Flash memory

Reliability

• – 40°C to +80°C operating range
• Advanced built-in cyber security
• Sealed all-metal enclosure
• EMP hardened (MIL-STD 461 certified)
• Pin-less backplane
• Made in USA with a cyber secure supply chain
• 5 Year Warranty

Economy

• FREE software – IEC 61131-3 IDE
• FREE embedded simulator
• FREE maintenance / No annual license fee
• Simplified enclosure
• Reduce bolt-on cyber security costs
• Reduce lifecycle costs

BKC - FloodMonitoring разработана специалистами Департамента систем технологического мониторинга для предсказания наводнения и своевременного реагирования. Данная сеть направляет информацию с постов в аналитическую систему прогнозирования наводнения. BKC - FloodMonitoring способна:

• Заблаговременно выявлять атмосферные фронты, которые могут сформировать наводнение.

• Прогнозировать количество осадков и уровня воды в реках.

• Оценивать и анализировать риски наводнения.

• Быстро рассчитывать зоны затопления и глубины по данным прогноза гидрометеорологической ситуации.

• Получать данные спутникового метеорологического мониторинга.

• Моделировать сценарии подтопления и оценивать эффективность гидрологического защиты.

• Отслеживать уровень воды в реках и количество осадков на прилегающих территориях.

The Cisco Firepower® 9300 is a scalable (beyond 1 Tbps when clustered), carrier-grade, modular platform designed for service providers, high-performance computing centers, large data centers, campuses, high-frequency trading environments, and other environments that require low (less than 5-microsecond offload) latency and exceptional throughput. Cisco Firepower 9300 supports flow-offloading, programmatic orchestration, and the management of security services with RESTful APIs. It is also available in Network Equipment Building Standards (NEBS)-compliant configurations. The 9300 Series platforms can run either the Cisco® Adaptive Security Appliance (ASA) Firewall or Cisco Firepower Threat Defense (FTD).

Features:

Scalable multiservice security Eliminate security gaps. Integrate and provision multiple Cisco and Cisco partner security services dynamically across the network fabric. See and correlate policy, traffic, and events across multiple services. Expandable security modules Flexibly scale your security performance. Meet business agility needs and enable rapid provisioning. Carrier-grade performance NEBS-compliant configurations available. Elevate threat defense and network performance with low-latency, large flow handling, and orchestration of security services. Protect Evolved Programmable Network, Evolved Services Platform, and Application Centric Infrastructure architectures. Benefits:

• Designed for service provider and data center deployments
• Threat inspection up to 90 Gbps
• Includes AVC, with AMP and URL options
• Fail-to-wire interfaces available

Continuous Threat Detection extracts precise details about each asset on the industrial network, profiles all communications and protocols, generates a fine-grain behavioral baseline that characterizes legitimate traffic, and alerts you to network changes, new vulnerabilities and threats. The alerts the system generates provides the contextual information you need to investigate and respond quickly. Continuous Threat Detection delivers immediate value enabling customers to:

• Rapidly detect industrial operations risk, enhance cyber resiliency, and minimize unplanned downtime
• Prevent impact to physical processes, expensive industrial equipment or injuries to people
• Quickly deploy and scale across multiple sites and reduce overall management costs

Extreme Visibility Continuous Threat Detection deeply understands ICS network communications, protocols and behaviors – providing detailed, accurate information that remains up-to-date. The system automatically discovers asset details across the entire industrial network – IP assigned, nested assets and assets that communicate over serial connections. Security and Operational Alerts Continuous Threat Detection creates a very fine-grain “baseline” model of the ICS environment.  Leveraging a “known good” baseline, and knowledge about how ICS systems work, Continuous Threat Detection employs advanced pattern matching techniques; generating rich alerts when anomalous activity or critical changes occur. Continuous Vulnerability Monitoring With deep insights into the ICS environment, CTD enables users to proactively identify and fix configuration and other network hygiene issues that can leave your network vulnerable to attacks. Leveraging proprietary intelligence, the system continuously monitors the network for new known vulnerabilities – providing precise CVE matching down to the firmware versions for industrial devices.

Claroty’s integrated ICS suite protects the safety of people, assets, and critical processes from  cyber-attacks. The platform provides security teams with extreme visibility into industrial control networks, real-time monitoring, network segmentation, control over employee and 3rd party remote access, and integration with existing SOC, cybersecurity and network infrastructure. Claroty Platform

• Provides extreme visibility into ICS Networks
• Identifies security gaps – including known and emerging threats and vulnerabilities
• Automatically generates current state of OT process-level communications and presents  an ideal network segmentation strategy
• Detects security posture changes
• Enables proactive threat hunting with actionable threat information
• Secures, monitors, and records remote connections to ICS assets

Protect. Proactively discover and eliminate vulnerabilities, misconfigurations and unsecure connections. Respond. Receive context rich alerts for  rapid triage and investigation,  and automate response using  existing network infrastructure. Detect. Continuously monitor and detect malicious activity and high-risk changes throughout the  attack “kill-chain”. Control. Implement network segmentation  and manage remote access by  enforcing granular access policies  and recording sessions. The Claroty Platform support the following levels of cyber security: Passive:

• Continuous, real-time monitoring of OT Networks
• Rapidly discover network communications and asset details down to the I/O level
• Field Proven and 100% safe for OT networks

Active:

• Precise, periodic queries of OT and IT Assets
• Safely query ICS and non-ICS assets for enhanced visibility into asset configurations
• Enhanced context for alerts and vulnerabilities

It’s challenging enough to secure cloud software from attacks over the internet. But securing a device is orders of magnitude harder when it is deployed into the hands of a hacker. A determined hacker with physical access to a device can do many things to gain root access and compromise system security: extract firmware images, reverse-engineer software, reactivate debug software and so on. History is littered with examples of successfully hacked devices – from network routers through medical devices to credit card systems and automobiles. That’s why Irdeto has created Cloakware Secure Environment with the assumption that a hacker already has root access — the highest of all system privileges. Unique to the industry, Secure Environment forces hackers to expend an improbable amount of effort to break into devices, making them move on to softer targets that aren’t as well protected. Its mutually reinforcing technologies offer unparalleled protection:

• Disables execution of anything except OEM authorized software.

• Removes debugging capability and memory examination.

• Encrypts binaries and file content.

• Hides decryption keys.

• Makes reverse engineering virtually impossible.

• Monitors hacking attempts and supports a range of OEM responses.

• Collects security incident data for post-mortem analysis.

Secure Environment uniquely assumes perimeter security has been compromised and focuses instead on protecting everything else. It safeguards critical files, protects application data, and prevents hackers from adding malicious code, modifying executables and scripts, and reverse engineering. What’s more, it uses renewable security to frustrate hacking attempts by continually resetting hacker knowledge to ground zero. And, while a full cybersecurity audit is recommended, Secure Environment can be dropped into a system still under development.

MagiCtwin consists of one device with two compartments, which are completely separated from each other. Both compartments are designed to work independently from one another and have their own motherboard, power and network connections. The MagiCtwin can be delivered in two different models: MagiCtwin Diode or MagiCtwin Firewall2.

Features:

Secure is really secure MagiCtwin protects the most critical networks and data. With only one-way traffic and regulated two traffic, these networks and data are not accessible from the internet. Special protocols MagiCtwin are compatible with the common protocols used in the critical infrastructure and smart industry. F.e. Modbus, DNP3 and IEC 60870-5-104. Additional protocols could be implemented on request. Security principle Misconfiguration with as result security leaks is excluded because MagiCtwin in default modus applies the principle. ”Everything not explicitly allowed is strictly forbidden.” Central Management The control of MagiCtwin is very easy. The physical Diode doesn’t need to be configured and works from the moment when it is connected to two networks. Both firewalls can easily be managed via the web management. Inexpensive solution Comparing to other Diode vendors, MagiCtwin is inexpensive. Thanks to the efficiënt management the cost of ownership are very affordable. Push | Pull method With the push method, data from the TX side will be directly send to the right server/user. With the pull method, the user is required to retrieve the data from the TX side. Certified firewalls The MagiCtwin consist of two Compuwall’s (Next Generation Layer-7 Firewall), which is the only Dutch certified firewall for ‘restricted’ usage. Separation of networks Thanks to the physical one-way, MagiCtwin Diode is an excellent solution to divide a confidential network from the office network. Traffic from the confidential network to the office network is fully blocked. Also known as the red/black separation. Designed for industrial environments MagiCtwin is very suitable for industrial environments because it is shockproof, works at temperatures between -20° and +55° Celsius, doesn’t contain any fans and has a long life time.

Unique features:

• Compatible for cloud
• Special protocols
• Inexpensive solution

The Industrial Internet of Things (IIoT) is unlocking new levels of productivity, helping organizations improve safety, increase output, and maximize revenue. At the same time, digitalization is driving deployment of billions of IIoT devices and increased connectivity between IT and Operational Technology (OT) networks, increasing the attack surface andrisk of cyberattacks on industrial control systems. The CyberX platform is the simplest, most mature, and most interoperable solution for auto-discovering assets, identifying critical vulnerabilities and attack vectors, and continuously monitoring ICS networks for malware and targeted attacks. What’s more, CyberX provides seamless integration with existing SOC workflows for unified IT/OT security governance. The CyberX platform delivers continuous ICS threat monitoring and asset discovery, combining a deep embedded understanding of industrial protocols, devices, and applications with ICS-specific behavioral anomaly detection, threat intelligence, risk analytics, and automated threat modeling.The fact is, CyberX is the only company that addresses all four requirements of Gartner’s Adaptive Security Architecture — with a practical, appliance-based system that can be deployed in less than an hour.

The CyOPs Platform utilizes CyberSponse’s patented technological process to fill the gap between automation-only and human dependent security organizations, while also facilitating cross-functional collaboration. Integrate your SOCs entire security stack behind a single pane of glass with unlimited daily actions, fortifying your data and maximizing ROI.

Incident Management

Distinguishing Real Threats From Endless Alerts

Real threats are often overlooked, largely as a result of the copious amount of alert notifications that accumulate daily. CyOPs Automated Intelligent Triaging enables Security Analysts to efficiently uncover these important alerts, prioritizing them based on severity, asset, intelligence, and frequency. To investigate alerts more efficiently, it’s very important to be able to understand and review data in a consumable manner. CyOPs Case Management solution understands the need to manage data effectively and provides options to:

• Manage Alert and Incident Listings in a filter-able grid view
• Ability to add mini-dashboards on each grid to gain visibility into the bigger picture and understand trends
• Ability to define new modules, unlike any other SOAR offering- with customization of modules such as fields, views, and permissions
• Visual layout editor to define custom views, data models, fields, and grids

CyOPs for MSSPs

Integrate All Your Security Tools

Enterprise-level SOCs leverage a multitude of products and tools to effectively resolve incidents and fulfill compliance requirements.  CyOPs caters to our clients’ specific environment needs due to the customizability of product, which results in greater efficiency, eliminated alert fatigue, and maximizes their ROI. The CyOPs Integrations Repository has over 280 available integrations, enabling users to automate their entire security stack behind a single pane of glass.
A unified console built on the only enterprise multi-tenancy architecture.

• Obtain a complete overview of all your customers (tenants) in a single unified CyOPs master console.
• Filter views by customers, to understand the customer’s current state
• Assign and adhere to the Roles and Permissions assigned to each tenant
• Create customer specific alert and incident views
• Robust and scalable architecture for load-balancing usage

Role Based Custom Dashboards

Insight From Multiple Perspectives

CyOPs offers customers enterprise dashboards enabling better decision making.

• Choose from multiple canned dashboards from multiple perspectives
• Export and import dashboard templates
• Export dashboard views as PDFs

Full Role-Based Access Control

• Assign multiple roles to each dashboard to control visibility across the team.
• Ability to assign roles and permissions to dashboard templates
• Ability to make selected dashboards as default for all system users
• Ability to create user-specific dashboards and reports

Reporting

Library of Out-of-the-box Reports

• Leverage the CyOPs Report Library for a quick start with many commonly used reports
• Use ready-made reports like Incident Closures, Alert Closures, IOC Summaries etc.
• CyOPs Support Portal using Report Import functionality
• Customize out-of-the-box reports for organization-specific metrics
• Export Reports in CSV & PDF Formats

Queue Management

Create Dedicated Queues

Leverage the built-in CyOPs Queue Management to handle automatic work assignments across multiple queues and teams

• Create multiple queues across multiple teams
• Add multiple team members to each Queue
• Define logical rules for auto assignments to a specific member or team
• Option to add work tasks manually to any queue

Manage SOC Shift Change With Ease

Streamline SOC Team Onboarding & Management

CyOPs™ enables new SOC team members to start making an impact right away due to its ease of use and ability to retain information from previous employees. Standardized trackable and repeatable processes result in a more efficient onboarding plan for new SOC team members. Create standard automated response processes using the most versatile enterprise drag-and-drop CyOPs Playbook builder that not only retains team knowledge but also shortens incident response times. Maximize your team and security stack with CyOPs™ automation.

• SOCs that work in multiple shifts perfects shift changeovers with ease
• Create multiple queues for different shifts
• Define rules for assigning alerts and incidents based on the timezone
• Obtain snapshots of a shift’s queue to better understand task status
• Option to add manual tasks to any queue or team member

Powered by Darktrace’s multi-award-winning AI, Darktrace Antigena is an autonomous response solution that takes action against in-progress cyber-attacks, limiting damage and stopping their spread in real time. The technology works like a digital antibody, intelligently generating measured and proportionate responses when a threatening incident arises. This ability to contain threats using proven AI is a game-changer for security teams, who benefit from the critical time needed to catch up and avoid major damage. Bridging the gap between automated threat detection and a security team’s response, Darktrace Antigena represents a new era of cyber defense that autonomously fights back.

The Enterprise Immune System is the world’s most advanced machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology has enabled a fundamental shift in the way organizations defend themselves, amid a new era of sophisticated and pervasive cyber-threats. The human immune system is incredibly complex and continually adapts to new forms of threats, such as viral DNA that constantly mutates. It works by learning about what is normal for the body, identifying and neutralizing outliers that do not fit that evolving pattern of normality. Darktrace applies the same logic to enterprise and industrial environments. Powered by machine learning and AI algorithms, Enterprise Immune System technology iteratively learns a unique ‘pattern of life’ (‘self’) for every device and user on a network, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed. Like the human immune system, the Enterprise Immune System does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. It works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network — in real time. The Enterprise Immune System is the service that uses self-learning technology to detect threats and anomalous behaviours. It is compatible with all major Cloud providers (including AWS, Google Cloud Platform and Microsoft Azure). Fully configurable, it allows organisations to monitor all or selected Cloud traffic, with minimal performance impact. Features:

• Market-leading AI cyber-threat detection in the Cloud;
• Detects, classifies and visualises cyber-threats that evade other defences;
• Self-learning technology - world-leading machine learning and AI;
• Not reliant on historical attacks to predict new threats;
• Models understanding of what 'normal' enterprise behaviour looks like;
• Detects threats emerging in real-time;
• Detects insider threat, low-and-slow attacks, automated viruses;
• Self-adapting as the organisation changes: no tuning or reconfiguration;
• New threat identification, irrespective of threat type or attacker;
• Rapid identification of anomalous activity providing early threat warning.

Benefits:

• Adaptive - evolves with your organisation;
• Self-learning - system constantly refines its understanding of 'normal';
• Probabilistic - works out the likelihood of serious threat;
• Realtime - spots cyber threats as they emerge;
• Works from day one - delivers instant value;
• Low false positives - correlation of weak indicators;
• Data agnostic - ingests all data sources;
• Highly accurate - models humans, device and enterprise behaviour;
• Installs in 1 hour - minimal configuration required;
• Passive monitoring to model 'pattern of life' usage (non-disruptive).

Industrial data diode designed to deliver the highest level of security to OT networks like industrial control systems (ICS) and safety critical infrastructure via physical isolation when there’s a need to connect them to a lower security network (IT Networks or Internet) for replication or analytics.

 

The DCU is designed and manufactured in Germany, its chip design forces data to flow one-way only using a unique electromagnetic induction design, to collect data and guarantee that there’s no physical path for remote access to the OT Network.

 

The DCU has a software complement called, OWG (One-way gateway) software, its two agents, a OWG sender capable of data collection of several protocols (FTP, OPC UA, Syslog), filtering and aggregating data in the OT network (Edge) to then push it thru the DCU and a OWG receiver, which receives data from the DCU and can be configured to send it directly to the cloud (AWS or MindSphere) or to another computer in the IT network.

 

The DCU and OWG are vendor neutral and support Windows or Linux systems.

The Dragos Platform contains all the necessary capabilities to monitor and defend ICS environments. It combines the functionality of an OT security incident and event management system (SIEM), network detection and anomaly system, and incident response platform with the experience and intelligence of the Dragos team.

IDENTIFY ASSETS

Deep packet inspection (DPI) of ICS protocols, traffic, and asset characterizations, ability to consume host logs and controller events, and integrations with ICS assets such as data historians provide a complete view of ICS environments.

DETECT THREATS

Complex characterizations of adversary tactics, techniques, and procedures through threat behavior analytics pinpoint malicious activityon ICS networks and provide in-depth context to alerts.

RESPOND

Expert-authored investigation playbooks and case management guide defenders step-by-step through the investigation process to enable independence and transfer knowledge from our team to ICS defenders. Benefits:

• Significantly reduce time to identify and inventory all assets and traffic on your network
• System-generated asset maps and reports provide consistent, time-driven views that are accurate, up-to-date, and thorough
• Automatic classification of assets based on behavior
• Set one or more baselines and get notifications when specific changes or anomalies occur in the environment over time
• Recognize new or rogue assets as they appear; identify assets that have disappeared from the network
• Powered by human-based intelligence that identifies adversary tradecraft and campaigns
• No bake-in or tuning period required; threat behavior analytics work immediately upon deployment
• Detect threats not simply as anomalies to investigate, but with context that guides effective response
• Notification filtering provides a risk-based approach to management
• Playbooks codify incident response and best-practice workflows developed by Dragos experts
• Manage incidents and cases from the same console cross-team
• Clear Indicator of Compromise reports guide attention to vulnerable assets
• Easily monitor case, notification, and analyst activity, as well as system-level health and statusT
• Splunk, QRadar, Pi Historian, LogRythym, Syslog, Windows Host Logs

Dragos WorldView is the industrial cybersecurity industry’s only product exclusively focused on ICS threat intelligence. Prepared by Dragos’ expert ICS/OT threat intelligence analysts, it is the essential supplement to any IT-focused intelligence product used by IT or OT professionals with responsibility for an ICS network. Dragos WorldView calls out and cuts through the hype and speculation surrounding ICS cybersecurity, providing an effective antidote to the fear, uncertainty and doubt it sows.

WorldView threat intelligence feeds, alerts, reports, and briefings provide deep, context-rich insight, illuminating the malicious actors and activity targeting industrial control networks globally. This knowledge enables ICS defenders to make both tactical decisions and strategic recommendations on ICS cybersecurity quickly, and with confidence.

Dragos Worldview provides National Grid with clearly articulated intelligence, backed by evidence and specific information to help us mitigate threats. The clear understanding Dragos has of the environment in which we operate, allows us to cut through the hype around many potential industry vulnerabilities, so we can focus on the ones that matter most as we look after vital infrastructure and ensure supply to our customers.

National Grid

Dragos WorldView Content

• ICS-themed malware identification and analysis ICS vulnerability disclosures and analysis
• ICS adversary behavior trends
• ICS threat/incident media report analysis and commentary
• Cybersecurity conference presentations and researcher discoveries with Dragos’ expert perspective
• Key indicators of compromise (IOCs) for defenders to utilize

Dragos WorldView Benefits

Immediacy: critical threat alerts inform you of rapidly escalating ICS threat situations
Efficiency: expert threat identification and analysis combats alert fatigue
Effectiveness: reduce adversary dwell time and mean time to recovery (MTTR)
Insight: ICS vulnerability, threat and incident assessments promote informed, timely, and confident decision making

Know when you need to act. Delivering meaningful insight into your network data.

EventSentry is a powerful monitoring solution that provides your IT team with actionable network data that drives intelligent IT decisions—in real-time. Reliable, secure, scalable, and easily-deployed, EventSentry will enhance the performance, compliance and security of your network. Save time, prevent disasters and reduce TCO with one of the most cost-effective monitoring solutions on the market. New users are up and running in minutes and can easily adapt the solution to suit their needs—with award-winning customer service at their fingertips

KEY FEATURES:

• Correlate and monitor event logs and log files in real time as well as monitor performance, disk space, services, processes and much more on both physical and virtual (cloud) servers and workstations.
• Track Active Directory of any object down to the attribute level effortlessly. Also monitors group policy changes and includes user status reports.  Track processes, console and network logons, file access, account management events and even policy change events for compliance with PCI, SOX, HIPAA, CJIS and others.
• Visualize data with insightful dashboards and a powerful job & reporting feature. Reporting supports granular authentication and sophisticated log searching.
• Extend core functionality with the application scheduler feature, which integrates existing or new scripts into the monitoring environment.

Single Pane of Glass. EventSentry looks beyond events and log files - by monitoring multiple aspects of Windows-based systems to give you a complete picture - and not just a few pieces of the puzzle. Disk space, performance, inventory and more monitoring features are all included.

Real-Time Event Log Monitoring. Our state-of-art agents monitor all Windows servers, workstations & laptops securely, efficiently and in real-time - with native 64-bit support. Data is encrypted & compressed, and collected metrics are cached and re-transmitted during temporary network outages.

Descriptive Email Alerts. EventSentry's email alerts go the extra mile to make troubleshooting faster and more effective by providing additional context. Footers provide a status of the monitored host, security codes are automatically explained and performance alerts include embedded visual charts. IP addresses contained in emails are supplemented with reverse DNS lookup and geolocation data.

Security Event Correlation. Since Windows security events are notoriously difficult to decipher and correlate, EventSentry transforms raw security events into easy-to-read reports that immediately make sense. Who ran which application, when did a user logon and from which workstation and which files were changed by whom are only some of the questions you will be able to answer with EventSentry. Web-Based Reporting & API. A modern, sleek reporting engine that works across all major browsers and mobile devices provides easy access to all logs and metrics. Beautiful & illustrative dashboards can present data from different vantage points, an extensive API provides easy access to third party applications.

Features Overview

Event Log Monitoring & Correlation
Real-Time event log monitoring and correlation which supports advanced features such as thresholds, recurring events, timers, insertion strings and more.

Compliance Tracking
Track file/registry access activity, processes and console logons, successful or failed network logons, account management and more to help with PCI, HIPAA, CJIS, SOX and other compliance requirements.

Log File Monitoring & Correlation
Monitors and correlates any log file (e.g. IIS, DHCP, Backup, Firewall) in real-time and sends alerts upon matching text. Create custom views for structured log files.

NetFlow
Visuzalizes NetFlow and sFlow data and provides detailed reporting like bandwidth usage. Sysmon integration correlates process network activit with NetFlow data.

Central Collector Service
Supports data collection over insecure mediums (e.g. Internet) through strong TLS encryption. Also supports local caching and compression.

Extensive Inventory
Inventories installed software, patches as well as hardware information, including VM inventory (VMWare© and Hyper-V©). Shows physical switch port mappings and managed hardware info when available.

Web Reporting
Modern web-reporting with dashboards, granular access control, flexible reporting, jobs engine and visualization tools. Extensive API to access data from 3rd party software. Works with all major browsers and mobile devices.

Comprehensive System Health Monitoring
Keeps track of all important system metrics like disk & folder usage, performance metrics, reboots, critical OS files and more.

Heartbeat Monitoring
Centrally monitors the uptime of hosts and TCP services and provides availability stats.

Process, Services & Scheduled Tasks
Pro-actively monitors services, scheduled tasks and stand-alone processes. Failed processes and services can be restarted automatically.

Syslog/SNMP/ARP Daemon
Collects Syslog messages and SNMP traps (v1-v3) centrally from Unix/Linux hosts and/or network devices. Alerts matching configured rulesets can be dispatched in real-time.