Key features

SecuriCDS Data Diode guarantees unidirectional separation between network interfaces. It contains optical fibre with a transmitter on one side and a receiver on the other side, with no chance of a two-way transfer.

Network separation The separation between the two data interfaces on a data diode is vital. In the SecuriCDS Data Diodes, the separation and diode functionality are based on an optical transmitter and receiver. The design guarantees that no data passes in the opposite direction. The SecuriCDS Data Diodes even includes the possibility to use dual power supplies to eliminate potential covert channels in the reverse direction. Integrated proxy servers Integrated proxy servers to enable handling of common communication protocols, e.g. data, file or network time transfers, are included in SecuriCDS Data Diode model D1000i. This data diode handles application level protocols and is easily integrated into any system. High assurance data diodes Advenica’s data diodes meets the highest demands on both security and assurance. Internal separation of functions, multi-stage unidirectional security and deep security analysis provides trust and high assurance. Special attention has been given to eliminate the risk of covert channels in the reverse direction. Component assurance level N3 Advenica’s data diodes SecuriCDS DD1000A and SecuriCDS DD1000i are approved by the Swedish Armed Forces with the component assurance level N3 according to Swedish national security requirements. The component assurance level N3 can be used in systems with high impact level (e.g. handling secret information up to SECRET/TOP SECRET) but where the component level of exposure is somewhat limited. Create your own proxy services In the SecuriCDS Data Diode, model DD1000i, is the opportunity to use your own staff, consultants or Advenica’s Professional Services. The data diode’s Software Development Kit (SDK) makes it possible to use SecuriCDS Data Diode security platform and develop unique and custom proxy services.

Aegify RSC Suite

• Reduced risk
• Unified/integrated approach
• Lower total cost of ownership
• Oversight ease
• Maximum security
• No compliance tradeoffs

The NEED

RISK management is not optional for healthcare, retail and financial organizations.
When SECURITY breaches happen, critical data is compromised, jobs are lost and profits disappear. Managing the regulatory maze is challenging. PCI, ISO and SANS 20 COMPLIANCE is best practice. HIPAA, GLBA and FISMA COMPLIANCE is the law. Risk, security and compliance (RSC) protection is complex and cumbersome. Until now. Discover the effective simplicity of a unified RSC solution. Discover Aegify.

• Aegify RSC Suite includes:
• Aegify Risk Manager
• Aegify Security Manager
• Aegify Compliance Manager
• Aegify Integrity Manager

UNIFIED APPROACH

For management ease and cost reduction, most healthcare providers and business associates prefer a unified Risk, Security and Compliance solution. Consider these diagnostic questions:

• Are you confident your vendors and business associates are compliant with all regulations?
• Are burdens of compliance forcing you to take calculated risks due to resource constraints?
• Do you have multiple siloed solutions that cause integration, management and financial headaches?
• If your answers are mostly “yes,” consider Aegify RSC Suite

Diagnose

Within hours, you will know:

• Your total organizational risk including your risk from each of your vendors and business associates
• Where your security threats lie
• What curative measures need to be undertaken
• Your compliance status with HIPAA, Meaningful Use, HITECH, PCI, ISO, SANS 20 and all other regulations and standards

Cure

Follow Aegify instructions to:

• Minimize organizational risk
• Close your risk, security and compliance gaps
• Comply with all applicable regulations and standards

Protect

24/7 continuous monitoring program will:

• Reduce all risk… today and tomorrow
• Diagnose and cure future security threats in real time
• Comply with all applicable current and future regulations

WHY AEGIFY?

Aegify was founded on a simple set of guiding principles:

• RSC services are too siloed, complicated and expensive
• The market needs a holistic RSC solution that diagnoses, cures and prevents future catastrophic events from occurring

Today, the Aegify Suite is a unique unified solution that operates at the intersection of security, compliance and risk management for healthcare, retail and financial organizations.

For those that don’t need a unified RSC Solution, each individual Aegify Manager product is a robust standalone solution.

360° SAP Security powered by SIEM

agileSI is an award winning, industry-grade solution for continuous monitoring of SAP security events, parameter checks, change detection of critical settings, transaction manipulation and automated response. agileSI is much more than just another tool or SAP plugin. It brings with it a whole new way to manage and monitor SAP® in all of its aspects, while taking care of security. Continuously monitoring basically any stats you desire, it’s a one-for-all solution to give you insight into what’s going on in your engine room, without digging through tons of data and interfaces yourself. And it makes audit preparation and reporting a breeze. agileSI is based on a three-tier architecture model with a collection, administration and analysis layer, respectively. Analyzing the data is achieved by using the agileSI content package for SIEM. This contains an extended Security Analytics Pack which provides the categorization of events and a large set of predefined SAP-specific event correlations for different security domains. It also handles the evaluation of criticality, as well as the visualization & notification and delivers alerting rules and reports.

The added value is a SAP-specific Security Intelligence Package for SIEM. The product approach does not fall back to another isolated solution, but pursues the holistic strategy of establishing security event management at a central point in the company: in the SOC, on the basis of next generation SIEM & Log Management solutions that are planned or already being used in all security-conscious organizations.

Solution offers:

• The SAP-SIEM-integration. agileSI provides a broad set of SAP Extractors, feeding different kind of SAP data, such as database  data,  system  settings,  logs  and  events  from  various SAP security sources into SIEM. The framework and its extractors are highly flexible and  configurable,  to  meet  exactly  the  customers‘ needs. The integration of SAP data into SIEM provides transparency to many stakeholders.

• Domain. agileSI is used for supervision of security-critical activity & events, access control checks and monitoring of audit-relevant information, compliance of system settings and authorizations, as well as SAP Operations support and the monitoring of dedicated SAP business application data & transactions.

• SAP Operations. Integration of SAP Basis near information and events will facilitate SAP Basis processes  and  remediation  cycles,  raising  efficiency at work and providing ad-hoc reports of system metrics data.

• Any SAP Data. Get  any  SAP  data  with  the  help  of  flexible   and   configurable   agileSI data  extractors,  create  any  customer  use  case  and  integrate  any  customer’s  SAP-based applications.

• SAP Security Log Management & Monitoring. agileSI  Extractors  retrieve  all  kinds  of  security-relevant  information  of  SAP NW ABAP based SAP systems.The  included  content  package  adds  SAP Security Intelligence to SIEM.

• Ready-to-use. Ready-to-use with a predefined set of use cases – the agileSI configuration frontend is developed in Web Dynpro ABAP. The key benefit is the powerful and ready-to-use content of predefined uses cases, that makes agileSI a real product, rather than a tool only with high customer site implementation and customization effort. The use cases can be maintained, customized or created newly using the agileSI configuration frontend.

• Guidelines. Implemented DSAG audit guidelines, SAP Security Guidelines and information, as well as practical-proven SAP Security specialists and auditors know-how are transferred into use cases, implemented in agileSI SAP and SIEM components.

 

A detailed analysis of your security systems and processes can help show you how secure your production environment is, and how mature your company is with respect to OT Security. Product offers efficient customised service to determine the level of protection of critical infrastructure and industrial facilities: the OT Security Maturity Check. OT Security Maturity Check in detail Kick-Off

• Determination of the automation systems to be checked based on their criticality
• Definition of the documents to be analysed
• Identification of key personnel for the on-site visit and interviews
• Scheduling of appointments

Document analysis

• Analysis of the documents provided with regard to architecture as well as technical, organisational and personal security measures
• Preparation of the interviews and visit

Interviews/Visit

• Inventory of the organisational framework, guidelines and processes
• Review of the implementation of documented security measures
• Random control of existing baseline protection measures such as roles and rights assignment, patch management, and backup and restore

Evaluation

• Comparison of the information collected with the documented requirements, best practices and national and international standards

Workshop

• Clarification of outstanding issues with all participants
• Definition of the contents of the final report
• Request for missing information for the final report

Final report/Presentation of the results

• Management summary
• Subject matter, procedure and scope
• Results of the evaluation
• Prioritised recommendations for action

Enterprise Sentry delivers a unified security awareness and situational intelligence suite that provides security intelligence across the domains of cybersecurity, physical access to facilities and assets, and Operational Technology like SCADA and Industrial Control Systems. Consolidated cyber, human and asset intelligence delivers unmatched abilities to correlate threats and empowering Security Operation Center (SOC) personnel to make informed decisions and take appropriate action. Unified security intelligence

• Centralized view of complex threats, events and incidents across cyber, physical and operational domains
• Automated decision support – prioritizes response based on risk and criticality
• Built-in response scripts guide responders on policy-based procedures to follow
• Leverages existing physical security investments like access control and video surveillance

Intelligent cyber-physical solution

• Aggregate information from vulnerability scanners, firewalls, log management and intrusion detection systems
• Turn data into insights and action with AI-Powered Identity Intelligence, rule-based engine and powerful dashboards
• Include non-cyber clues such as human identity, physical location, critical assets, and time of entry to eliminate false positives and validates alerts and events

The AMT Technology Website

The AMT (Agentless anti-Malware Technology) is a new proprietary Minded Security technology for detection and management of malware software. AMT has been developed after years of study for detecting and managing in real time advanced banking malware for our customers online users. The core engine is a JavaScript Analyzer written by renowned JavaScript experts specialized in advanced JavaScript security research. Various innovative analysis technique have been used in AMT such as Trusted JavaScript Modeling combined with optimized WebInject differential analysis.

The product: AMT Banking Malware Detector

The AMT Banking Malware Detector is a sophisticated security platform for detecting and managing advanced malware on your online banking customers in real time. AMT Banking Malware Detector instantly recognizes all new malwares that have been installed on users' computer interacting with your Internet Banking Web Site. The technology is able to detect all types of banking malwares, with a focus on targeted malware specifically designed to attack a particular bank.

Key Features:

• Agentless: does not install anything on user’s computer.
• Transparent: does not alter the user experience.
• Proactive detection: detects malware not known yet.
• Easy Setup: installation and tuning in just a few days.
• Available in both modes cloud and appliance.

Performance

No degradation in the performance of the bank infrastructure: no need to install new infrastructure components.
Light Deployment: for portals with millions of users does not require significant additional infrastructure.

• Fraud Risk Management

The technology reduces risk of infected users preventing frauds.
Can be easily managed by the bank's internal anti-fraud team through the innovative HTML5 interface.

• Easy Management

The product is easy to install with a single JavaScript source for multiple sites. No need to install new infrastructure components (no impact on Business Continuity).
Easy to manage with AMT control panel and AMT daily reports.

• Customization

It is designed to integrate with any anti-fraud systems with the ability to customize the modular components such as GUI, API, and specific components.
Ability to create ad hoc components for malware detection.

Why choosing AMT?

The key point of the AMT Banking Malware Detector is the new proactive approach.

AMT creates a model of Custom Signature Engine (CSE) for each online banking service.

The CSE permits to perform a continuous comparison with the mutations and to identify in real time a new threat.

AMT Banking Malware Detector allows to identify malware victims before they will be defrauded.

Aperio's solution ensures Sensor Data Integrity for critical infrastructures and large-scale Industrial facilities. Using sophisticated machine-learning algorithms that learn the characteristics of each individual sensor signal, Aperio dynamically detects in real-time malicious sensor data manipulation and faulty or misconfigured sensors. Aperio seamlessly integrates into existing systems with minimal setup and works alongside OSIsoft and other industry-standard vendors. Aperio is the only technology with the credible capability of preventing a large scale, destructive cyber-attack after attackers have gained access to the OT network. In recent years, attackers have successfully breached critical infrastructure networks numerous times and it is safe to assume that such incidents will increase dramatically in the coming years. Aperio adds a powerful layer of security to industrial systems. Once deployed, it connects to all the sensors in a SCADA environment and in a short time, is able to detect even the most subtle data anomalies. If these anomalies are not addressed in a timely manner, they have the potential to cause loss of life and catastrophic damage.

Our Approach

Assystem operates at sensitive sites and on critical infrastructures in industrial and urban sectors, with an offer based mainly on the delivery and integration of turnkey system solutions.Thanks to many years of close cooperation with institutional clients, mainly Operators of Vital Importance, the Assystem cybersecurity offer is squarely focused on the industrial sector and more generally on OT (Operational Technology). Assystem is able to help its customers to implement their Information Security Management System (ISMS), and can provide support not only in project upstream phases (consulting, audits), but also with prime contracting, integration and Vulnerability Management.

Our Assets

Expertise in OT fields Historical know-how in automation fields (Instrumentation & Control Systems, SCADA, industrial IT, instrumentation and electronics) Global security" approach Operational security and safety (protection of data, individuals, industrial equipment and the environment) Multiple-sector expertise Industry expertise in sectors such as energy, health, life sciences, transport, etc. Technological independence Independence with respect to publishers and distributors of standard market solutions (COTS)

Our Solutions

• Audits and risk analysis. Assistance with military planning laws, standards, methodology
• Security for industrial architectures. Networks and applications
• Assistance obtaining accreditations. Military planning laws (Operators/Information Systems of Vital Importance)
• Integration and development of industrial architectures. Networks and applications
• Event detection and analysis/SIEM. Security Information Management System
• Vulnerability Management

IndustrialProtect verifies the identity of the individual or system sending information, that the information is received as it was sent (and has not been changed) and also that the content is intended and appropriate for the receiving system. Features:

• Military-grade technology, originated from BAE Systems Applied Intelligence’s national security heritage, specifically designed to be fit for purpose for industrial environments - rather than an off-the-shelf IT solution adapted for operational technology
• Hardware that provides higher performance, reliability and security than solutions based on mainstream software components
• Enablement of true automation, which is a two-way exchange of information between the industrial system and corporate IT
• Network segmentation without breaking critical business processes
• Prevention of unauthorized systems from exchanging information

Benefits:

• Implementation of network segmentation without breaking critical business process
• Prevention of unauthorised systems from exchanging information
• Assurance that the integrity of information is preserved from source to destination
• Transparency to existing systems and a very low attack surface
• Full remote management from the industrial control system and back to the system

Comprehensive, customizable OT asset discovery and monitoring, with full content inspection and policy enforcement flexibility across every monitored OT asset and network flow. Available in a variety of form factors to suit any industrial network, Automation Defender gives you all the flexibility of powerful visibility and threat detection solution along with the only native inline intrusion prevention system in the industry. Automation Defender acts as your eyes, ears, and expert brain, to keep your plant running while you investigate anomalies and malware, by filtering out dangerous or unexpected activities and letting the known, safe content keep operating as expected.

Platform Overview

Bayshore’s purpose is to protect industrial infrastructure – finding and eliminating existing cyber threats and risks, and preparing the organization to achieve its goals for IIoT maturity. Only an integrated, unified platform can provide these capabilities. Bayshore provides visibility to existing assets and risks, detects and eliminates new and persistent threats, and enables secure policy-controlled external interconnections. Bayshore is architected for ease-of-use, scale, and industrial resilience. No other cyber security approach even comes close to Bayshore’s comprehensive, unified Industrial Cyber Protection Platform.

What It Does

Bayshore delivers a comprehensive set of capabilities required to protect and defend against sophisticated, and complex attack systems. Through our technology industrial enterprises are empowered with safe and efficient production, operational insights, and improved business outcomes, while blocking cyber threats to industrial plants, machinery, and people.

How It Works

Identifying and protecting against cyber threats is a mandatory first step before connecting factories, electric grids, and other industrial infrastructure to the Industrial Internet. Bayshore provides visibility to existing assets and risks, detects and eliminates new and persistent threats, and enables policy-controlled external interconnections. Bayshore’s integrated, unified platform is architected for ease-of-use, scale, and industrial resilience.

The advanced security functionality of the Hirschmann Security Operating System (HiSecOS) 3.0 software, paired with these multiport industrial firewalls, creates a solution capable of securing and protecting an entire industrial network. Modular configuration options of up to eight ports eliminate the need for multiple routers, which provides significant savings in installation time and costs, while still offering a customized solution. New features, such as Deep Packet Inspection (DPI) and Firewall Learning Mode (FLM), ensure the integrity of packet data, protect networks from malicious intents, and make it easy to configure the device for individual network needs. Features:

• Customizable design - Interface configuration options include Fast Ethernet, Gigabit Ethernet and Symmetrical High-speed Digital Subscriber Line (SHDSL).
• Easily configurable - Customized network rules can be created in no time with Firewall Learning Mode (FLM) using the advanced Graphical User Interface available with the device.
• Secure operating system - New HiSecOS 3.0 security features, including Deep Packet Inspection (DPI), ensure the highest level of security for your industrial network.

Your Benefits The primary advantage of the EAGLE20/30 firewall is the combination of HiSecOS 3.0’s advanced security features and the flexibility of the firewall. Eight ports are available per device, including four Fast Ethernet, two Gigabit Ethernet and two SHDSL ports. Security features, including Deep Packet Inspection (DPI) and Firewall Learning Mode (FLM), ensure the highest level of security for your industrial network.

Blade Tool Output Integration Framework (TOIF) is a powerful software vulnerability detection platform. It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view with unified reporting. It leverages OMG Software Assurance Ecosystem standards, Software Fault Patterns (SFPs), and Common Weakness Enumerations (CWEs) Composite Vulnerability Analysis & Reporting. Blade TOIF’s  plug-and-play  environment  provides  a  foundation  for  composite  vulnerability  analysis  by  normalizing,  semantically  integrating,  and  collating  findings from existing vulnerability analysis tools. Improves breadth and acccuracy of off-the-shelf vulnerability analysis tools. Provides powerful vulnerability analysis and management environment for analyzing, reporting and fixing discovered weaknesses. Seamless Integration. Out-off-the-box, Blade TOIF seamlessly integrates into the Eclipse Development Environment and with five open-source vulnerability analysis tools:

• CppCheck
• RATS
• Splint
• SpotBugs
• Jlint

It  enables  strategic  use  of  commercial  and  open-source  vulnerability  analysis  tools and, in conjunction with its unified priority reporting, reduces the overall costs of performing a vulnerability assessment by 80%.

Blade TOIF Integration

Integrates into Eclipse development environment:

• Execute Blade TOIF (desktop deployment) from within Eclipse with progress bar
• Automatically see defect findings in Eclipse
• Use the “TOIF Analyze” easy button in the Eclipse toolbar and in the Blade TOIF main menu
• Run it on a sub-set of project files/ directories
• Filter the defect findings listed in the Blade TOIF Findings view, based on the selected project data in the Project Explorer in Eclipse

Blade TOIF Key Capabilities

• Integrates multiple vulnerability detection tools and their findings as “data feeds” into a common repository
• Addresses wider breadth and depth of vulnerability coverage
• Common processing of results
• Normalizes and collates “data feeds” based on discernable patterns described as Software Fault Patterns (SFPs) and CWEs
• Provides one prioritized report with weighted results across tools/vendors
• Uses an RDF repository and provides external Java API for additional analysis capabilities
• Integrates out-of-box with: CppCheck, RATS, Splint, SpotBugs and Jlint
• Defect Description view provides information related to the cluster, SFP, and CWE description of the selected defect instance in the Blade TOIF Findings view
• Defect findings, including citing information, can be exported to *.tsv file and subsequently imported to another Blade TOIF project
• Installation wizard, auto-detection and configuration of open source software (OSS) static code analysis (SCA) tools
• Supports load build integration to import results generated from the server/load build to the desktop

Combining Blade TOIF with our automated risk analysis platform, Blade Risk Manager, provides a comprehensive cybersecurity risk management solution that includes:

• Automated risk analysis
• Automated vulnerability detection and analysis
• Traceability
• Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact

Bottomline’s Cyber Fraud and Risk Management solutions are fueled by a singular, innovative, intelligent, and adaptive platform that is built on a foundation of real-time user behavior analytics and intelligent machine learning, infused with deep risk, compliance and payments security expertise. This market-proven technology delivers real-time cross-channel fraud detection and prevention for even the most complex use cases and powers Bottomline’s comprehensive suite of Secure Payments, Compliance and User Behavioral Analytics solutions. Integrated with rich visualization and forensic tools, Bottomline’s Cyber Fraud and Risk Management platform is trusted by some of the largest corporations and financial institutions in the world.

It empowers security, risk, compliance and investigative teams to:

• Dramatically improve visibility and reduce risk with cross-channel protection that leverages intelligent machine learning, rules based detection, and behavior profiling
• Stay ahead of regulations and protocols through technology infused with deep risk and compliance expertise across industries, payments types and applications
• Easily evolve your payment security program through a highly extensible and flexible platform that advances with your program as needed

Cyber Fraud and Risk Management Solutions Include:
Compliance. Accelerate speed to achieve regulatory compliance requirements, while decreasing complexity.

As part of the Cyber Fraud and Risk Management suite, Bottomline’s Compliance solution provides corporations and financial institutions with a powerful end-to-end offering to accelerate the speed to achieve regulatory compliance requirements while decreasing complexity.

Whether the need is around modernizing an anti-money laundering program, achieving more reliable sanctions screening, improving payments monitoring, highlighting settlement exposure, or automating suspicious activity reporting to meet regulatory requirements, Bottomline’s Compliance solution offers a modular approach to reducing the cost of compliance and increasing productivity.

 

Secure Payments. Protect payments across a variety of applications, channels, and payment types.
Bottomline’s Secure Payments solution protects payments across a variety of applications, channels, and payment types.

Whether it is one business critical application, channel and payment type, or a variety, our highly flexible and extensible platform delivers proven protection against payment fraud through advanced analytics of user behavior and transaction flows layered with intelligent machine learning, reducing risk for some of the largest corporations and financial institutions in the world.

 

User Behavior Analytics. Quickly identify and stop anomalous user activity through rich fraud analytics.
Bottomline’s User Behavior Analytics solution quickly identifies and stops anomalous user activity through intelligent machine learning, rules based detection, and years of experience protecting some of the largest corporations and financial institutions in the world.

The solution captures all user behavior in real-time across all vital systems and provides protection for both external threats in which user credentials have been compromised and internal threats from authorized users.

Powered by an analytics engine, statistical profiling of users and peer groups, alert correlation that includes predictive risk scoring and the ability to visually replay all user activity, the solution is purpose built for today’s threat landscape.

IT SECURITY & COMPLIANCE - PROBLEM SOLVED!

NNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker™ Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps™ is delivered and underpins effective, ongoing security and operational availability.

Change Tracker Features And Benefits

Automates CIS Controls Spot cyber threats, identify any suspicious changes and adjust the secure baseline for all of your systems in real-time with NNT Change Tracker™ Gen7R2. Approve changes to the authorized baseline with a simple point and click. Breach Prevention Ensure all IT assets are secure and breach free at all times by leveraging state of the art, recommended security and configuration hardening settings along with real-time system vulnerability and configuration drift management. Breach Detection Change Tracker™ Gen7 R2 identifies suspicious activity using highly sophisticated contextual change control underpinned by threat intelligence to spot breach activity while reducing change noise. Real-Time Contextual File Integrity Monitoring Change Tracker™ intelligently analyzes all changes in real-time leveraging the world’s largest repository of independently verified whitelisted files combined with intelligent and automated planned change rules to significantly reduce change noise and deliver a true FIM solution. System Hardening & Vulnerability Management Minimize your attack surface with continuous and real-time clear configuration guidance and remediation based on CIS and other industry standard benchmarks for system hardening and vulnerability mitigation guidance. Continuous Compliance Monitoring Across all Industries NNT provides comprehensive tailored or pre-built reports to provide vital evidence to security staff, management and auditors of the ongoing and improving state of your organizations secure and compliant posture.

New Features and Functionality

• All new Dashboard, fully customizable with choice of widgets and multiple tabs for alternative Dashboard layouts

• ‘Single-Page Application’ design gives a contemporary, super-responsive Change Tracker experience

• New universal Query/Report controls, consistently available, enables reports to be built ‘off the page’

• New Reports Center – build and schedule any reports, with graphically-rich content, including all new Executive Report showing overall security of your estate

• ‘Expert Event Analysis’ sections for reports, with events automatically pre-analyzed to show ‘noisiest’ devices, paths, registry settings and any other monitored configuration attributes to aid decision making in your Change Control Program

• Report production now performance optimized, even large volume event reports are generated on a streamed basis to minimize impact on Hub server resources

• Report properties can be tailored – include a hyperlinked Table of Contents, Event Details table and Query Parameters, together with as many/few event attributes as required

• New Group & Device/Date & Time filter and selection control panel, selections persist for any page accessed, panel can be hidden when not in use to give a ‘full screen’ display of the Dashboard

• User-defined auto-refresh settings for all pages

• New componentized Planned Changes, allowing easy re-use of schedules and/or rulesets, driven by a new Planned

• New ‘FAST list’ planned change rule option, ensures only file changes you select as permitted, allows a user-defined list of approved file changes to be operated – like a personal FAST Cloud!

Operating at a forensic level within the IT infrastructure, Change Tracker™ works across all popular platforms such as:

• Windows, all versions including Server 2019, 2016 and Windows 10, XP, 2003/R2, Windows 7, Windows 8/8.1, 2008R2, 2012/R2 (Core and GUI)
• Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat, Oracle, FreeBSD and Apple MAC OS
• Unix, all versions including Solaris, HPUX, AIX, Tandem Non-Stop
• VMWare, all versions including ESXi
• Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL
• Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper, Fortinet and Checkpoint

Industrial Control Systems (ICS) used in critical infrastructure and manufacturing industries are targets of sophisticated cyberattacks. The Check Point 1200R rugged appliance line delivers proven, integrated security for deployment in harsh environments as part of a complete end-to-end ICS security solution.

Features

Wide range of appliances for IT and OT networks The 1200R Rugged Appliance complements our extensive appliance family to support a diverse range of deployment environments and meet specialized requirements in ICS security. The 1200R complies with industrial specifications such as IEEE 1613 and IEC 61850-3 for heat, vibration and immunity to electromagnetic interference (EMI). In addition, the 1200R is certified for maritime operation per IEC-60945 and IACS E10 and complies with DNV 2.4. The 1200R Appliances can also be used in commercial deployments. Inspect Encrypted Connections There is a shift towards more use of HTTPS, SSL and TLS encryption to increase Internet security. At the same time files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data. Next-Generation Firewall Check Point Application Control has broad support for specialized Industrial Control System and SCADA protocols with granularity for over 800 SCADA specific commands. This enables protocol-specific visibility and controls with directional awareness. Integrated threat detection and prevention Detect and prevent targeted attacks against ICS/SCADA components in Operational Technology (OT) environments with specific protections for these highly vulnerable, unpatched, legacy embedded systems. Our threat prevention technologies have the best catch rate in the industry and can be deployed in detect-mode to minimize the disruption of operational processes. Best-in-class management Administrators can define security policy for the entire network — including internal security, main sites, and remote sites — from a single, centrally located Check Point Security Management server. With SmartProvisioning™, a profile-based management approach designed for large- scale deployments, administrators can define a single security and device profile and apply it simultaneously to thousands of appliances — dramatically reducing deployment time and administrative overhead.

Benefits

• Deploy SCADA networking security in harsh environments and remote locations
• Full visibility and granular control of SCADA traffic
• Comprehensive security with SCADA-aware threat detection and prevention

Claroty’s integrated ICS suite protects the safety of people, assets, and critical processes from  cyber-attacks. The platform provides security teams with extreme visibility into industrial control networks, real-time monitoring, network segmentation, control over employee and 3rd party remote access, and integration with existing SOC, cybersecurity and network infrastructure. Claroty Platform

• Provides extreme visibility into ICS Networks
• Identifies security gaps – including known and emerging threats and vulnerabilities
• Automatically generates current state of OT process-level communications and presents  an ideal network segmentation strategy
• Detects security posture changes
• Enables proactive threat hunting with actionable threat information
• Secures, monitors, and records remote connections to ICS assets

Protect. Proactively discover and eliminate vulnerabilities, misconfigurations and unsecure connections. Respond. Receive context rich alerts for  rapid triage and investigation,  and automate response using  existing network infrastructure. Detect. Continuously monitor and detect malicious activity and high-risk changes throughout the  attack “kill-chain”. Control. Implement network segmentation  and manage remote access by  enforcing granular access policies  and recording sessions. The Claroty Platform support the following levels of cyber security: Passive:

• Continuous, real-time monitoring of OT Networks
• Rapidly discover network communications and asset details down to the I/O level
• Field Proven and 100% safe for OT networks

Active:

• Precise, periodic queries of OT and IT Assets
• Safely query ICS and non-ICS assets for enhanced visibility into asset configurations
• Enhanced context for alerts and vulnerabilities

Secure Remote Access

SRA minimizes the risks remote users, including employees and 3rd party vendors, introduce to OT networks. It provides a single, manageable interface that all external users connect through, prior to performing software upgrades, periodic maintenance, and other support activities on assets within industrial control system networks. The system enforces password management, authentication and access control policies for remote connections and monitors and records remote sessions. Network administrators employ SRA to proactively control which users are granted access to industrial control assets, for what purpose, and during what time windows.

Key Benefits

Secure Remote Access delivers organizations the following value:

• Isolate critical industrial systems from unmanaged and insecure VPN plus “jump box” scenarios
• Eliminate one of the most critical attack vectors that threat actors have used to gain access to industrial systems -- pathways that have been leveraged in multiple ICS attacks
• Remove the vulnerability presented by sharing passwords across internal teams or teams working for external contractors
• Enable granular auditing through video-based session recordings and detailed reporting with advanced filtering options

Use Cases

Network administrators Have full visibility and control over 3rd party and employee accesses before, during and after a remote session takes place. OT Plant/Operation Can monitor and review remote sessions and validate that the user’s stated purpose aligns with the actual session activity. Security Teams and Auditors Can validate that remote access control policies are being consistently implemented in industrial environments, watch active sessions, and review recorded sessions based on a risk assessment.

Gain visibility into attacks on your environment

Basic security measures are no longer sufficient to protect your business against today’s rapidly evolving cyber threats; this reality is made glaringly evident by the constant stream of breaches reported in the news. Traditional perimeter security technologies such as firewalls and Intrusion Prevention Systems (IPS)—as well as endpoint security like anti-malware—do not provide the broad and deep visibility across your IT infrastructure needed to detect these threats. Evidence of attacks and incursions within your environment can be found in log records and machine data generated by your networked systems, security devices and applications, but how do you unlock these critical insights? Most businesses struggle with the continuous investment in technology and people required to maintain ongoing monitoring of their security posture. The ControlScan Managed SIEM service combines enterprise-class SIEM technology from the ControlScan Cyphon platform with our deep security expertise and service excellence. Comprehensive service collects, correlates, analyzes and stores log data from network infrastructure, servers and applications in order to identify and mitigate security incidents while facilitating compliance with requirements within PCI, HIPAA, GLBA, SOX and other frameworks. The secure, cloud-based Cyphon platform collects log data generated by devices such as firewalls, IPS solutions, servers, desktops and applications. Correlation logic is applied to the aggregated logs to identify potential security threats, and alerts are generated and sent in real time, on a 24x7x365 basis. ControlScan Security Analysts are on hand to support the assessment and investigation of critical alerts and to provide guidance on proper response.

Key features of the ControlScan Managed SIEM Service

• Log Collection for your entire IT infrastructure
• Event Correlation and Analysis leverages multi-sourced log data and advanced correlation rule sets to detect security incidents
• Prioritization and 24 x 7 Alerting
• 12 Months of Log Retention for compliance requirements, including PCI DSS requirement 10
• Reporting and Data Access available to you through ControlScan's web-based platform
• Advance Functionality including:
• File Integrity Monitoring (FIM)
• Custom real-time dashboards

A Unique Solution to Solving the Security Challenge.

As the leader in providing cloud-based, unified security and compliance solutions, ControlScan offers unique value through its Managed SIEM service.

Deploy with ControlScan and get benefits that include the following:

Security-as-a-Service – Avoid costly, up-front investments in hardware, software and technical expertise with ControlScan’s cloud-based services. You’ll be up and running quickly and effectively with an enterprise-class, scalable solution. A solution that gets better with time – Ongoing upgrades and enhancements to the Managed SIEM service ensure the addition of new capabilities for identifying evolving attack methods. At the same time, your ControlScan security team is continually creating and tuning correlation rules for your environment to ensure maximum visibility to true, critical alerts. A staff of security experts watching your back – Only the largest organizations can afford a staff of resources maintaining security and compliance day-in and day-out. ControlScan brings extensive knowledge and experience in both areas, validated by the range of IT Security, PCI and HIPAA certifications held by our team of experts. This knowledge continues to grow as threats become more advanced. A single solution for your biggest challenges – The ControlScan Managed SIEM service delivers functionality you need on three different fronts: 1) Security 2) Compliance 3) Operations. By collecting, aggregating, correlating and analyzing data from your environment, you gain visibility to your organization’s overall security posture, support for key controls in most compliance frameworks, and assurance of the health of your networked systems.

Corax’s rich data foundation is created through expert ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary Corax automated ‘outside in’ discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their internet connections with other companies.

• Technology and Security data
• Loss data
• Real time Threat Intelligence & Vulnerability data
• Real time Business Interruption / Internet
• Commercial Information
• Custom analytics
• Clients able to modify our model to develop their own view of risk

AI-enabled probabilistic modelling. Prediction and expected costs of data theft and IT disruption Rich, granular, expert-created standardised dataset. Detailed technology, security and loss data on millions of companies Scalable technology platform. Continuous daily, automatic addition and update of thousands of companies in the database

Data, reports and modelled outputs on:

• Cyber risk of individual and groups of companies, including assessment and benchmarking of cyber hygiene and technology resilience; and prediction and expected costs of data theft and IT disruption.
• Scenarios relating to cyber events, security vulnerabilities, technologies and vendors.

Delivered via web access or API integration

Corax is the leading and largest source of cyber exposure data and predicted loss costs of breach and network outage events. Corax’s rich data foundation is created through expert selection, ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary automated discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their interconnections with other companies. Modelled data is developed within a proprietary AI probabilistic engine to predict the expected cost of data compromise and IT disruption with unprecedented accuracy.