raytheonts cyber protection solutions - Raytheon Australia

CYBERSECURITY
RAYTHEON’S
CYBER PROTECTION
SOLUTIONS
This article provides an overview of the solutions Raytheon brings to
address challenges found in the cyber domain. Raytheon’s High-Speed
Guard, SureView and Integrity Software 3.0 are products designed
to address the sensitivities of the modern cyber world and protect
organisations from threats which are potentially damaging.
10
Momentum

SureView
In addition to securing some of the most critical Fortune 100 infrastructures, Raytheon
sets the insider threat protection standard across the US federal government, providing
the highest levels of endpoint monitoring and focused observation across America’s
most critical classified networks with Raytheon SureView.
A wide range of insider threats can jeopardise any
organisation with accidental data leaks being only
one dimension. Threats can come in all shapes and
sizes — from well-intentioned but inappropriate
policy violations to deliberate theft of intellectual
property or customer data.
Raytheon SureView is an appliance-based solution
that monitors and investigates insider threats across
all endpoints and channel communications. Once
an incident is identified, data collection is triggered
and stored for further investigation. SureView’s
unique replay feature, DVR replay, plays back what
the user was actually doing before, during and after
the flagged incident to provide the context which
is needed — was it accidental, reckless behaviour
or truly malicious behaviour Investigation through
incident replay and inspection of all associated data
helps quickly determine the root cause and allows
implementation of an appropriate fix.
Only SureView monitors offline mobile laptops and
detects threats usually hidden by encrypted traffic
or files. The policy platform pulls it all together and
displays all enterprise activity in an intuitive visual
dashboard.
Consider the following scenario. Joe, a design
engineer at the fictional company Defence
Solutions, has access to all the technical details of a
specific company program he has been working on.
Two weeks ago, SureView detected him updating
his resume and searching for job availabilities on the
internet, indicators he may be planning to leave the
company. Statistics show people planning to steal
company data do so three weeks prior to leaving
the company and a Cyber Ark software study
revealed 71% of people surveyed said they would
take proprietary corporate data with them when
leaving the company.
Based on the employee productivity policies,
Joe’s actions triggered SureView alerts and Joe
was placed into a group with increased monitoring
for data theft. Recently, SureView detected Joe
disconnecting from the network, accessing the
Defence Solutions specifications document,
renaming, encrypting, and finally, emailing it
to a yahoo email account. Joe tried to obfuscate
his behaviour by disconnecting from the network
and renaming the file, and if confronted, he would
more than likely have talked his way out of it.
Without SureView, Defence Solutions may have
only guessed intellectual property was stolen after
an important contract was lost, or they may never
have found out at all. However SureView’s DVR
replay shows clear mal-intent and proves Joe is an
insider threat.
Instances similar to the scenario above have
actually occurred in the real-world. SureView
ensures these common occurrences do not go
undetected, by providing all the details, insight,
and complete context to immediately assess the
severity of the threat, fix the problem, and build
policies to reduce the likelihood it will happen
again. SureView allows organisations to be
proactive, stay current with new, emerging threats
and adapt to combat the threat.
Q2 2010 11

CYBERSECURITY
High-Speed Guard
In the United States the Government is focused on protecting and improving the
sharing of information, yet it is increasingly hard to distribute information between
varied security classification environments. Cross-domain solutions continue to provide
effective interoperability and serve as a link to ensure that data maintains sensitivity
levels throughout the information sharing and transmission processes, but these
solutions are often plagued with high administrative costs and bandwidth constraints.
Raytheon solves these problems with High-Speed
Guard, a solution that bridges the security gap
between different domains, resulting in a faster,
efficient and cost-effective cross-domain solution
— even for the most challenging data sharing
environments. High-Speed Guard provides a
controlled network interface that reviews and
releases sensitive data, while still maintaining
transfer rates above other options.
The key features and benefits of High-Speed Guard
outweigh those of other cross domain solutions.
Unlike other solutions, High-Speed Guard supports
large computer systems with comparatively lower
administrative costs, making it the best choice for
large-scale deployments. Raytheon’s High-Speed
Guard has been installed for 190 defence and
civilian agencies, and is listed on the Unified Cross
Domain Management Office (UCDMO) Baseline list
of trusted cross-domain technologies.
Critical infrastructures that guard America’s most
classified information have been employing High-
Speed Guard since it received its first certification
and accreditation in 1998. With a wide array of
interface capabilities, the High-Speed Guard easily
integrates into many systems, delivering data
transactions through simultaneous, bi-directional
information transfers using separate transmission
sockets.
This allows it to sustain industry’s fastest rates of
more than 9Gb/s on a 2 CPU platform. Guard
provides flexible and adaptable data validation
rules, eliminating hard-coded rules, whilst
supporting multiple application protocols. Customer
configurable can be easily managed and maintained
and digital signatures ensure reliable human review.
A Human Review Manager (HRM) function works
as a web-based tool to provide release and review
of non-structured data, requiring human interface
for classification and release decisions. This feature
is particularly important for systems that use
human information analysis, as digital signatures
can provide a confirmation of the data review by
authorised reviewers.
Guard features built-in support for Web services
utilizing HTTP, providing complete inspection of all
HTTP headers and full XML Parsing Support. The
technology enables real-time video streaming while
providing unparalleled control and auditing of video
streams through its MPEG2 parsing capability. This
validates key metadata fields, including classification
and release caveats. Raytheon’s ‘Generic’ Proxy
capability facilitates connections with systems using
other protocols, allowing users to create rules that
meet any standard TCP/IP or UDP/IP connection.
Automated Secure Transfer (AST) supports file ‘drop
box’ transfers, validating files using the same rule
engine as other High-Speed Guard services, a COTS
virus scanner, digital signatures, or any combination
thereof.
High-Speed Guard customers continuously receive
support from Raytheon lead engineers who monitor
requirements, trends and technical challenges,
ensuring the needs of the customer in information
protection and sharing are met.
Raytheon High-Speed Guard transcends the
boundaries of other cross domain technologies
to deliver solutions necessary in the secure and
effective transfer of information, meeting today’s
secure transfer needs at tomorrow’s transfer rates.
12
Momentum

Integrity Software 3.0
Integrity Server and Integrity Desktop
Raytheon has developed a suite of software which strikes a new balance between
security and transparency enabling a higher level of protection for sensitive material
and against cyber threats which can be potentially damaging for an organisation.
Integrity Server and Integrity Desktop are the machinery behind Raytheon’s new Integrity
Software 3.0.
Integrity Server is a powerful, high-grade content
filtering gateway developed specifically for multilevel
information security (MLIS) networks and large
enterprises. Integrity Server automatically scans
files, email messages and file attachments against
predetermined content filtering policies to protect
against sensitive data leakage and the introduction
of potentially malicious code. Integrity Server
offers high throughput and availability for security
conscious organisations that need to inspect large
quantities of data.
Server is unique in its ability to perform continuous
24/7 high performance lexical and binary level
scans of large volumes of information from up to
10 different sources simultaneously. This software
ensures continuous protection against deliberate or
random electronic threats, by detecting malicious
code embedded or camouflaged within files, email
messages or attachments.
Integrity Server facilitates the secure sharing of
information over multiple networks and enables
users to set and monitor organisational policies
and multiple scans from a centralised location.
Configurations can also vary according to the
needs of the organisation. For example, the Server
can be used as a distribution or dissemination
data hub where files, email and attachments are
collected, scanned against specific policies and then
distributed to an appropriate destination. Moreover,
sources and destination networks could be different
security levels within an MLIS network, or a single
network.
Integrity Desktop works in conjunction with server
as a content filter, assisting users to counter
both internal and external electronic threats by
minimising the introduction of potentially malicious
code into the network. Desktop simultaneously
prevents inappropriate material from leaving the
organisation, and enables the user to monitor
and control files based upon the detection and
identification of their content and true file type. It is
ideal for small networks or for users requiring fine
detailed file analysis.
Desktop utilises binary, converted, and native
scanning processes at speeds equal to or faster than
1MB/sec to identify the true file type of a scanned
file, without tampering with the selected file. The
user simply selects the files to be shared and runs a
user-generated or organisational standard scanning
policy on the file to ensure it adheres to sharing
policies. A graphical viewer then displays the results
in their original context; identifying offending
contents and providing guidelines for remediation.
It therefore reduces the necessity for declassification
or sanitisation procedures prior to sharing files
within a network. In addition, Desktop also has the
ability to scan ‘raw’ data including deleted files on
devices such as USB memory devices, which are able
to hide information from common file browsing
utilities like windows explorer.
For organisations of any size, Integrity software 3.0
offers 360 degree protection from sensitive data
leakage and potentially damaging cyber threats,
which can infiltrate an organisation’s networks, files,
and take the form of embedded or camouflaged
malicious code. M
For more information on SureView,
High-Speed Guard, Integrity Software or
any other Raytheon product or service
please contact Raytheon Australia or visit
our website: www.raytheon.com.au
Q2 2010 13