Protecting critical infrastructure from cyber-attacks is a particularly complex challenge. You must defend operational

technologies (OT), and be able to discern tangible threats from a multitude of reported events. ECI’s Muse Cyber Security

Suite meets these challenges head-on.

SHIELD unifies multiple cyber security functions into a consolidated form factor and prevents OT cyber-attacks at any CI

facility, well before they can cause any harm. SHIELD incorporates industry-leading SCADA anomaly detection, a Secure

Gateway, Encryption, and more.

COMPASS is an intelligent, centralized system that eliminates the guesswork when identifying and managing CI cyber security

threats. It collects, validates, correlates, and analyzes information generated by SHIELD, presenting threat insights in a visually

intuitive and actionable manner.

COMPREHENSIVE PROTECTION FOR CRITICAL

INFRASTRUCTURE

Full OT security coverage

Prevents attacks at facility points

of access

Event correlation zeroes in on real

threats

Low TCO by combining security with connectivity

CYBER SECURITY

SUITE

MUSE™

UNIQUE CHALLENGES IN PROTECTING

CRITICAL INFRASTRUCTURE

MUSE CYBER SECURITY SUITE ARCHITECTURE

In the past, industrial control systems were isolated from less secure areas, such as corporate networks and the Internet.

Consequently, gapping and physical security measures were sufficient for securing these systems. Eventually, organizations

connected their SCADA networks with other networks in order to cut costs and share operational information. But by

eliminating this separation of systems, the control networks became exposed to hackers.

While traditional security solutions provided some level of protection, these were often deployed in a piecemeal,

uncoordinated fashion with gaps in coverage. Moreover, they overstretched cyber teams, making them deal with all possible

threats and the sheer amount of alerts generated. It became critical to reduce the overwhelming quantity of notifications,

warnings, and false-positive alarms to allow cyber teams to focus on real threats in real-time to prevent breaches and attacks.

Muse addresses these challenges by providing a holistic

cyber security solution for critical infrastructure and

operational networks. It relies on two systems:

Muse COMPASS provides an aggregated view of

calculated threats from the entire cyber security suite.

It delivers threat severity grading, based on correlating

events from multiple security functions, enabling

effective allocation of professional expertise.

Muse SHIELD provides attack mitigation at the

communication points-of-access to CI facilities, and

feeds COMPASS with events, logs, and Deep-Packet-

Inspection (DPI) information. In turn, COMPASS

guides SHIELD policies on how to handle various

patterns and signatures of packet flows.

MUSE COMPASSTM

MUSE SHIELDTM

An intelligent centralized system, COMPASS eliminates the guesswork

in identifying and managing CI cyber security threats. It collects,

validates, correlates, and analyzes information from Muse SHIELD,

presenting threat insights in a visually intuitive and actionable manner.

COMPASS lets your team focus on real threats, in real time, making

better use of your existing headcount.

A simple click on an aggregated alert allows you to analyze events from

Unifying multiple cyber security functions into a consolidated form factor, SHIELD stops OT cyber-attacks at the

communications point-of-access to any CI facility, before they can cause harm. SHIELD provides:

multiple security functions. A clean, easy-to-follow multiple-event timeline is displayed, enabling the user to drill down to

discover and pinpoint threat root causes.

COMPASS enables future-proof growth and flexibility, by adding/removing third-party modules and aggregated

components, such as threat databases, open source intelligence, and existing SIEM systems.

SCADA ANOMALY DETECTION

SECURE GATEWAY

ENCRYPTED COMMUNICATIONS

Muse SCADA AD automatically discovers the assets across your OT networks and scrutinizes network traffic. It learns the

finite set of connections, conversations, and commands, creating a fine-grain behavioral system baseline that characterizes

legitimate traffic behavior for each asset in the network. Advanced algorithms are then applied to the system baseline to

detect anomalies that may indicate an attack or another problem. These analyses offer important insights about network

hygiene, configuration issues, and vulnerable assets, generating actionable alerts that are clear, consolidated, and

context-rich. The alerts provide security and control teams with rapid situational awareness of potential and actual process

disruptions, enabling them to respond to events and maintain the safety and reliability of industrial processes quickly

and efficiently.

The multilayer protection Secure Gateway suite includes NextGen-Firewall, Application Control, as well as IPS and

Network-Antivirus. The Secure Gateway segregates the different OT LANs. This way, attacks cannot propagate to other

locations in the network and lateral movement is blocked

L2/L3 encryption protects data flows between a pair of SHIELDs. It also supports network-level peer authentication, data

origin authentication, data integrity, and data confidentiality (encryption).

ABOUT ECI

ECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along

with its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications, end-

to-end network management, a comprehensive cyber security solution, and a range of professional services. ECI's

ELASTIC solutions ensure open, future-proof, and secure communications. With ECI, customers have the luxury of

choosing a network that can be tailor-made to their needs today – while being flexible enough to evolve with the

changing needs of tomorrow. For more information, visit us at www.ecitele.com

Contact us to discover how Muse™ can secure your critical infrastructure from cyber attacks

Co

py

righ

t © 2

018

EC

I. All rig

hts re

se

rve

d. In

form

atio

n in

this d

oc

um

en

t is su

bje

ct to

ch

an

ge

with

ou

t no

tice

. EC

I assu

me

s no

resp

on

sib

ility fo

r an

y e

rrors th

at m

ay a

pp

ea

r in th

is do

cu

me

nt.

COMPREHENSIVE PROTECTION FOR CRITICAL

INFRASTRUCTURE

CURRENT CHALLENGES MUSE CYBER SECURITY VALUE

Separate systems for attack mitigation and threat detection Muse provides a comprehensive integrated solution for protecting the OT

encompassing SHIELD attack mitigation and COMPASS threat detection.

Limited visibility of the operational technology (OT) COMPASS provides automatic discovery, presentation, and validation of

the network topology of all SCADA devices.

Ensuring system integrity, that all commands and control functions are

genuine and correct

COMPASS validates OT network on the assumption that it has been

breached and that SCADA C&C may be altered by an intruder.

Assessing parallel inputs from multiple security monitoring tools, where

each tool supports a different security function

COMPASS aggregates threat analysis and consolidates, grades, and

presents risks according to their severity and number of independent

sources. It reduces false positives and negatives, increasing overall

effectiveness.

Long intervals for conducting investigations, due to collection of

information from multiple security tools and sources

COMPASS aggregates, stores, and makes all security information easily

accessible from a central repository, speeding up threat evaluation and

response.

Network connectivity and network security are detached SHIELD consolidates connectivity with security, creating a streamlined,

low-cost, high-reliability architecture.

Multiple security mitigation functions from multiple vendors SHIELD consolidates multiple pre-certified best-of-breed security functions

on a single form factor, covering SCADA anomaly detection, encryption,

and a Secure Gateway.

New cyber security threats drive new security tools on separate

solutions

SHIELD is an open cyber security platform, capable of implementing

additional security functions.