cyber security suite comprehensive protection for … · gateway, encryption, and more. compass is...
TRANSCRIPT
Protecting critical infrastructure from cyber-attacks is a particularly complex challenge. You must defend operational
technologies (OT), and be able to discern tangible threats from a multitude of reported events. ECI’s Muse Cyber Security
Suite meets these challenges head-on.
SHIELD unifies multiple cyber security functions into a consolidated form factor and prevents OT cyber-attacks at any CI
facility, well before they can cause any harm. SHIELD incorporates industry-leading SCADA anomaly detection, a Secure
Gateway, Encryption, and more.
COMPASS is an intelligent, centralized system that eliminates the guesswork when identifying and managing CI cyber security
threats. It collects, validates, correlates, and analyzes information generated by SHIELD, presenting threat insights in a visually
intuitive and actionable manner.
COMPREHENSIVE PROTECTION FOR CRITICAL
INFRASTRUCTURE
Full OT security coverage
Prevents attacks at facility points
of access
Event correlation zeroes in on real
threats
Low TCO by combining security with connectivity
CYBER SECURITY
SUITE
MUSE™
UNIQUE CHALLENGES IN PROTECTING
CRITICAL INFRASTRUCTURE
MUSE CYBER SECURITY SUITE ARCHITECTURE
In the past, industrial control systems were isolated from less secure areas, such as corporate networks and the Internet.
Consequently, gapping and physical security measures were sufficient for securing these systems. Eventually, organizations
connected their SCADA networks with other networks in order to cut costs and share operational information. But by
eliminating this separation of systems, the control networks became exposed to hackers.
While traditional security solutions provided some level of protection, these were often deployed in a piecemeal,
uncoordinated fashion with gaps in coverage. Moreover, they overstretched cyber teams, making them deal with all possible
threats and the sheer amount of alerts generated. It became critical to reduce the overwhelming quantity of notifications,
warnings, and false-positive alarms to allow cyber teams to focus on real threats in real-time to prevent breaches and attacks.
Muse addresses these challenges by providing a holistic
cyber security solution for critical infrastructure and
operational networks. It relies on two systems:
Muse COMPASS provides an aggregated view of
calculated threats from the entire cyber security suite.
It delivers threat severity grading, based on correlating
events from multiple security functions, enabling
effective allocation of professional expertise.
Muse SHIELD provides attack mitigation at the
communication points-of-access to CI facilities, and
feeds COMPASS with events, logs, and Deep-Packet-
Inspection (DPI) information. In turn, COMPASS
guides SHIELD policies on how to handle various
patterns and signatures of packet flows.
MUSE COMPASSTM
MUSE SHIELDTM
An intelligent centralized system, COMPASS eliminates the guesswork
in identifying and managing CI cyber security threats. It collects,
validates, correlates, and analyzes information from Muse SHIELD,
presenting threat insights in a visually intuitive and actionable manner.
COMPASS lets your team focus on real threats, in real time, making
better use of your existing headcount.
A simple click on an aggregated alert allows you to analyze events from
Unifying multiple cyber security functions into a consolidated form factor, SHIELD stops OT cyber-attacks at the
communications point-of-access to any CI facility, before they can cause harm. SHIELD provides:
multiple security functions. A clean, easy-to-follow multiple-event timeline is displayed, enabling the user to drill down to
discover and pinpoint threat root causes.
COMPASS enables future-proof growth and flexibility, by adding/removing third-party modules and aggregated
components, such as threat databases, open source intelligence, and existing SIEM systems.
SCADA ANOMALY DETECTION
SECURE GATEWAY
ENCRYPTED COMMUNICATIONS
Muse SCADA AD automatically discovers the assets across your OT networks and scrutinizes network traffic. It learns the
finite set of connections, conversations, and commands, creating a fine-grain behavioral system baseline that characterizes
legitimate traffic behavior for each asset in the network. Advanced algorithms are then applied to the system baseline to
detect anomalies that may indicate an attack or another problem. These analyses offer important insights about network
hygiene, configuration issues, and vulnerable assets, generating actionable alerts that are clear, consolidated, and
context-rich. The alerts provide security and control teams with rapid situational awareness of potential and actual process
disruptions, enabling them to respond to events and maintain the safety and reliability of industrial processes quickly
and efficiently.
The multilayer protection Secure Gateway suite includes NextGen-Firewall, Application Control, as well as IPS and
Network-Antivirus. The Secure Gateway segregates the different OT LANs. This way, attacks cannot propagate to other
locations in the network and lateral movement is blocked
L2/L3 encryption protects data flows between a pair of SHIELDs. It also supports network-level peer authentication, data
origin authentication, data integrity, and data confidentiality (encryption).
ABOUT ECI
ECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along
with its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications, end-
to-end network management, a comprehensive cyber security solution, and a range of professional services. ECI's
ELASTIC solutions ensure open, future-proof, and secure communications. With ECI, customers have the luxury of
choosing a network that can be tailor-made to their needs today – while being flexible enough to evolve with the
changing needs of tomorrow. For more information, visit us at www.ecitele.com
Contact us to discover how Muse™ can secure your critical infrastructure from cyber attacks
Co
py
righ
t © 2
018
EC
I. All rig
hts re
se
rve
d. In
form
atio
n in
this d
oc
um
en
t is su
bje
ct to
ch
an
ge
with
ou
t no
tice
. EC
I assu
me
s no
resp
on
sib
ility fo
r an
y e
rrors th
at m
ay a
pp
ea
r in th
is do
cu
me
nt.
COMPREHENSIVE PROTECTION FOR CRITICAL
INFRASTRUCTURE
CURRENT CHALLENGES MUSE CYBER SECURITY VALUE
Separate systems for attack mitigation and threat detection Muse provides a comprehensive integrated solution for protecting the OT
encompassing SHIELD attack mitigation and COMPASS threat detection.
Limited visibility of the operational technology (OT) COMPASS provides automatic discovery, presentation, and validation of
the network topology of all SCADA devices.
Ensuring system integrity, that all commands and control functions are
genuine and correct
COMPASS validates OT network on the assumption that it has been
breached and that SCADA C&C may be altered by an intruder.
Assessing parallel inputs from multiple security monitoring tools, where
each tool supports a different security function
COMPASS aggregates threat analysis and consolidates, grades, and
presents risks according to their severity and number of independent
sources. It reduces false positives and negatives, increasing overall
effectiveness.
Long intervals for conducting investigations, due to collection of
information from multiple security tools and sources
COMPASS aggregates, stores, and makes all security information easily
accessible from a central repository, speeding up threat evaluation and
response.
Network connectivity and network security are detached SHIELD consolidates connectivity with security, creating a streamlined,
low-cost, high-reliability architecture.
Multiple security mitigation functions from multiple vendors SHIELD consolidates multiple pre-certified best-of-breed security functions
on a single form factor, covering SCADA anomaly detection, encryption,
and a Secure Gateway.
New cyber security threats drive new security tools on separate
solutions
SHIELD is an open cyber security platform, capable of implementing
additional security functions.