raytheonts cyber protection solutions - Raytheon Australia
raytheonts cyber protection solutions - Raytheon Australia
raytheonts cyber protection solutions - Raytheon Australia
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CYBERSECURITY<br />
RAYTHEON’S<br />
CYBER PROTECTION<br />
SOLUTIONS<br />
This article provides an overview of the <strong>solutions</strong> <strong>Raytheon</strong> brings to<br />
address challenges found in the <strong>cyber</strong> domain. <strong>Raytheon</strong>’s High-Speed<br />
Guard, SureView and Integrity Software 3.0 are products designed<br />
to address the sensitivities of the modern <strong>cyber</strong> world and protect<br />
organisations from threats which are potentially damaging.<br />
10<br />
Momentum
SureView <br />
In addition to securing some of the most critical Fortune 100 infrastructures, <strong>Raytheon</strong><br />
sets the insider threat <strong>protection</strong> standard across the US federal government, providing<br />
the highest levels of endpoint monitoring and focused observation across America’s<br />
most critical classified networks with <strong>Raytheon</strong> SureView.<br />
A wide range of insider threats can jeopardise any<br />
organisation with accidental data leaks being only<br />
one dimension. Threats can come in all shapes and<br />
sizes — from well-intentioned but inappropriate<br />
policy violations to deliberate theft of intellectual<br />
property or customer data.<br />
<strong>Raytheon</strong> SureView is an appliance-based solution<br />
that monitors and investigates insider threats across<br />
all endpoints and channel communications. Once<br />
an incident is identified, data collection is triggered<br />
and stored for further investigation. SureView’s<br />
unique replay feature, DVR replay, plays back what<br />
the user was actually doing before, during and after<br />
the flagged incident to provide the context which<br />
is needed — was it accidental, reckless behaviour<br />
or truly malicious behaviour Investigation through<br />
incident replay and inspection of all associated data<br />
helps quickly determine the root cause and allows<br />
implementation of an appropriate fix.<br />
Only SureView monitors offline mobile laptops and<br />
detects threats usually hidden by encrypted traffic<br />
or files. The policy platform pulls it all together and<br />
displays all enterprise activity in an intuitive visual<br />
dashboard.<br />
Consider the following scenario. Joe, a design<br />
engineer at the fictional company Defence<br />
Solutions, has access to all the technical details of a<br />
specific company program he has been working on.<br />
Two weeks ago, SureView detected him updating<br />
his resume and searching for job availabilities on the<br />
internet, indicators he may be planning to leave the<br />
company. Statistics show people planning to steal<br />
company data do so three weeks prior to leaving<br />
the company and a Cyber Ark software study<br />
revealed 71% of people surveyed said they would<br />
take proprietary corporate data with them when<br />
leaving the company.<br />
Based on the employee productivity policies,<br />
Joe’s actions triggered SureView alerts and Joe<br />
was placed into a group with increased monitoring<br />
for data theft. Recently, SureView detected Joe<br />
disconnecting from the network, accessing the<br />
Defence Solutions specifications document,<br />
renaming, encrypting, and finally, emailing it<br />
to a yahoo email account. Joe tried to obfuscate<br />
his behaviour by disconnecting from the network<br />
and renaming the file, and if confronted, he would<br />
more than likely have talked his way out of it.<br />
Without SureView, Defence Solutions may have<br />
only guessed intellectual property was stolen after<br />
an important contract was lost, or they may never<br />
have found out at all. However SureView’s DVR<br />
replay shows clear mal-intent and proves Joe is an<br />
insider threat.<br />
Instances similar to the scenario above have<br />
actually occurred in the real-world. SureView<br />
ensures these common occurrences do not go<br />
undetected, by providing all the details, insight,<br />
and complete context to immediately assess the<br />
severity of the threat, fix the problem, and build<br />
policies to reduce the likelihood it will happen<br />
again. SureView allows organisations to be<br />
proactive, stay current with new, emerging threats<br />
and adapt to combat the threat.<br />
Q2 2010 11
CYBERSECURITY<br />
High-Speed Guard<br />
In the United States the Government is focused on protecting and improving the<br />
sharing of information, yet it is increasingly hard to distribute information between<br />
varied security classification environments. Cross-domain <strong>solutions</strong> continue to provide<br />
effective interoperability and serve as a link to ensure that data maintains sensitivity<br />
levels throughout the information sharing and transmission processes, but these<br />
<strong>solutions</strong> are often plagued with high administrative costs and bandwidth constraints.<br />
<strong>Raytheon</strong> solves these problems with High-Speed<br />
Guard, a solution that bridges the security gap<br />
between different domains, resulting in a faster,<br />
efficient and cost-effective cross-domain solution<br />
— even for the most challenging data sharing<br />
environments. High-Speed Guard provides a<br />
controlled network interface that reviews and<br />
releases sensitive data, while still maintaining<br />
transfer rates above other options.<br />
The key features and benefits of High-Speed Guard<br />
outweigh those of other cross domain <strong>solutions</strong>.<br />
Unlike other <strong>solutions</strong>, High-Speed Guard supports<br />
large computer systems with comparatively lower<br />
administrative costs, making it the best choice for<br />
large-scale deployments. <strong>Raytheon</strong>’s High-Speed<br />
Guard has been installed for 190 defence and<br />
civilian agencies, and is listed on the Unified Cross<br />
Domain Management Office (UCDMO) Baseline list<br />
of trusted cross-domain technologies.<br />
Critical infrastructures that guard America’s most<br />
classified information have been employing High-<br />
Speed Guard since it received its first certification<br />
and accreditation in 1998. With a wide array of<br />
interface capabilities, the High-Speed Guard easily<br />
integrates into many systems, delivering data<br />
transactions through simultaneous, bi-directional<br />
information transfers using separate transmission<br />
sockets.<br />
This allows it to sustain industry’s fastest rates of<br />
more than 9Gb/s on a 2 CPU platform. Guard<br />
provides flexible and adaptable data validation<br />
rules, eliminating hard-coded rules, whilst<br />
supporting multiple application protocols. Customer<br />
configurable can be easily managed and maintained<br />
and digital signatures ensure reliable human review.<br />
A Human Review Manager (HRM) function works<br />
as a web-based tool to provide release and review<br />
of non-structured data, requiring human interface<br />
for classification and release decisions. This feature<br />
is particularly important for systems that use<br />
human information analysis, as digital signatures<br />
can provide a confirmation of the data review by<br />
authorised reviewers.<br />
Guard features built-in support for Web services<br />
utilizing HTTP, providing complete inspection of all<br />
HTTP headers and full XML Parsing Support. The<br />
technology enables real-time video streaming while<br />
providing unparalleled control and auditing of video<br />
streams through its MPEG2 parsing capability. This<br />
validates key metadata fields, including classification<br />
and release caveats. <strong>Raytheon</strong>’s ‘Generic’ Proxy<br />
capability facilitates connections with systems using<br />
other protocols, allowing users to create rules that<br />
meet any standard TCP/IP or UDP/IP connection.<br />
Automated Secure Transfer (AST) supports file ‘drop<br />
box’ transfers, validating files using the same rule<br />
engine as other High-Speed Guard services, a COTS<br />
virus scanner, digital signatures, or any combination<br />
thereof.<br />
High-Speed Guard customers continuously receive<br />
support from <strong>Raytheon</strong> lead engineers who monitor<br />
requirements, trends and technical challenges,<br />
ensuring the needs of the customer in information<br />
<strong>protection</strong> and sharing are met.<br />
<strong>Raytheon</strong> High-Speed Guard transcends the<br />
boundaries of other cross domain technologies<br />
to deliver <strong>solutions</strong> necessary in the secure and<br />
effective transfer of information, meeting today’s<br />
secure transfer needs at tomorrow’s transfer rates.<br />
12<br />
Momentum
Integrity Software 3.0<br />
Integrity Server and Integrity Desktop<br />
<strong>Raytheon</strong> has developed a suite of software which strikes a new balance between<br />
security and transparency enabling a higher level of <strong>protection</strong> for sensitive material<br />
and against <strong>cyber</strong> threats which can be potentially damaging for an organisation.<br />
Integrity Server and Integrity Desktop are the machinery behind <strong>Raytheon</strong>’s new Integrity<br />
Software 3.0.<br />
Integrity Server is a powerful, high-grade content<br />
filtering gateway developed specifically for multilevel<br />
information security (MLIS) networks and large<br />
enterprises. Integrity Server automatically scans<br />
files, email messages and file attachments against<br />
predetermined content filtering policies to protect<br />
against sensitive data leakage and the introduction<br />
of potentially malicious code. Integrity Server<br />
offers high throughput and availability for security<br />
conscious organisations that need to inspect large<br />
quantities of data.<br />
Server is unique in its ability to perform continuous<br />
24/7 high performance lexical and binary level<br />
scans of large volumes of information from up to<br />
10 different sources simultaneously. This software<br />
ensures continuous <strong>protection</strong> against deliberate or<br />
random electronic threats, by detecting malicious<br />
code embedded or camouflaged within files, email<br />
messages or attachments.<br />
Integrity Server facilitates the secure sharing of<br />
information over multiple networks and enables<br />
users to set and monitor organisational policies<br />
and multiple scans from a centralised location.<br />
Configurations can also vary according to the<br />
needs of the organisation. For example, the Server<br />
can be used as a distribution or dissemination<br />
data hub where files, email and attachments are<br />
collected, scanned against specific policies and then<br />
distributed to an appropriate destination. Moreover,<br />
sources and destination networks could be different<br />
security levels within an MLIS network, or a single<br />
network.<br />
Integrity Desktop works in conjunction with server<br />
as a content filter, assisting users to counter<br />
both internal and external electronic threats by<br />
minimising the introduction of potentially malicious<br />
code into the network. Desktop simultaneously<br />
prevents inappropriate material from leaving the<br />
organisation, and enables the user to monitor<br />
and control files based upon the detection and<br />
identification of their content and true file type. It is<br />
ideal for small networks or for users requiring fine<br />
detailed file analysis.<br />
Desktop utilises binary, converted, and native<br />
scanning processes at speeds equal to or faster than<br />
1MB/sec to identify the true file type of a scanned<br />
file, without tampering with the selected file. The<br />
user simply selects the files to be shared and runs a<br />
user-generated or organisational standard scanning<br />
policy on the file to ensure it adheres to sharing<br />
policies. A graphical viewer then displays the results<br />
in their original context; identifying offending<br />
contents and providing guidelines for remediation.<br />
It therefore reduces the necessity for declassification<br />
or sanitisation procedures prior to sharing files<br />
within a network. In addition, Desktop also has the<br />
ability to scan ‘raw’ data including deleted files on<br />
devices such as USB memory devices, which are able<br />
to hide information from common file browsing<br />
utilities like windows explorer.<br />
For organisations of any size, Integrity software 3.0<br />
offers 360 degree <strong>protection</strong> from sensitive data<br />
leakage and potentially damaging <strong>cyber</strong> threats,<br />
which can infiltrate an organisation’s networks, files,<br />
and take the form of embedded or camouflaged<br />
malicious code. M<br />
For more information on SureView,<br />
High-Speed Guard, Integrity Software or<br />
any other <strong>Raytheon</strong> product or service<br />
please contact <strong>Raytheon</strong> <strong>Australia</strong> or visit<br />
our website: www.raytheon.com.au<br />
Q2 2010 13