Rubidium

www.cyber-seal.net
Rubidium
CyberSeal’s Next Generation SIEM Appliance
Unmatched Protection in a Multi-Perimeter World
Real time management of security related events.
Monitoring of cyber-security threats in all network layers.
Easily Integrated with PSIM systems.

general
Nine out of ten sensitive networks are compromised
by sophisticated and unfamiliar cyber threats. Even
networks protected by advanced cyber security tools
are susceptible. Many of these cyber threats focus
on confidential and classified information from heavily
protected government and military networks, ultimately
undermining national security. These attacks target
deliberately selected high-profile targets, including
mission critical control systems, national infrastructures;
critical sites security systems, safe-city networks and
SCADA control networks.
CyberSeal’s Rubidium is a unique SIEM system for the
non-IT and non-technical users. It offers a top-notch
architecture and artificial intelligence algorithms to provide
clear, simple and intuitive access to Cyber Security
threats and alarms in critical sites.
CyberSeal’s SIEM appliance synthesizes four core components:
• Security Information Management: It provides
for the collection and processing of data and
its incorporation, aggregation and analysis into
meaningful information. The data is collected
from various sources such as log files or socket
connections.
• Security Event Management: It focuses on real-time
management of security-related events. Data sources
typically include firewalls, switches and routers,
IDS/IPS, application servers, DB servers, identity
management servers, Web servers, network security
hardware and endpoints.
• Network Discovery: Automatically maps network
connections and allows you to add supplementary
information. It streamlines efficiency analysis by
automating log collection, application detection,
tuning, built-in policies and reports, detection of
network elements (geographic location of elements)
and incident prioritization.
• Internal Console and External Element Management
System: adds capabilities such as correlation
of diverse data sources, vulnerability analysis,
compliance reporting, event reporting, anomaly
detection and notification.
benefits
Cost Effective and Ready Protection: Enjoy extensive
cyber security coverage from the Cyber Security
Operations Center (CSOC) in a matter of minutes. The
seamless process of monitoring the organization via the
web-based interface instantly provides reputation-based
threat intelligence, risk prioritization and centralized
security management. The system is easily scalable, fully
redundant and backed up by a remote data recovery site.
Lowered Rate of False Positives: Minimize false positives,
optimize time utilization and allow security analysts to focus
on genuine threats. The majority of events and notifications
dealt with by CERT/CSOC operators are usually false
alarms that are mistakenly flagged as malicious activity. In
addition the system provides actionable alerts to prevent or
respond immediately to significant cyber threats as they are
detected.
Leveraged, Non-Intrusive, Network-Based Security:
Seamlessly integrate the appliance with existing network
elements such as managed switches, firewalls, anti-virus
applications, firewalls, Wi-Fi hotspots and other security
mechanisms. Log data and alerts are then piped to
the appliance and the user interface displays the actual
layout of the installation.
Reduced Acquisition Costs: Reduce security management
acquisition costs and improve efficiency with centralized
command and control,boostedby fully automated end-to-end
operations.

views
CyberSeal’s SIEM offers an intuitive web based user interface
which offers a simple to use operation while keeping the users
on top of complex cyber security situations. The cyber threats
and events are presented in three different views, each offers
fresh presentation methods:
• SNAPSHOT: Graphical view of the current cyber
security status of the network. The entire network is
presented as several icons colored according to the
cyber security threat level while taking the complexity
to behind-the-scenes.
domains approach
CyberSeal’s SIEM provides an easy access to the Cyber
Security information in the network by dividing the
network into security domains.
• Physical Network domain is providing an access to the
LAN layer including connection mapping and security
threats and events reported by CyberSeal’s TungstenCyber
Security Switch and Cobalt data diode as well as from third
party network equipment such as Ethernet Switches.
• Network Security domain includes the network firewalls, IPs,
VPN and Antivirus. It receives Cyber Security threats and
events and integrates them with all other Cyber Security
• Cellular domain is providing activity monitoring tools for
preventing and reporting illegal and hostile cellular activities.
• PHYSICAL: Geographical presentation of cyber
events. Network components are located on
geographical map or on any site diagram and colored
according to their cyber security alarm level.
• NETWORK: Graphical presentation of discovered network
layout colored according to the current cyber security
threat level. This view may be used by expert users to
monitor the relations between network components while
presenting cyber security events on top.
• Wireless Network domain includes the Wi-Fi and wireless
links. It provides security information on illegal network
access by unknown clients, abnormal network activity and
rogue devices.
• Servers and Workstations domain is providing an access to
the endpoint security information and to the security events
generated by the computers operating systems (Windows
and Linux).
• User configurable domains may be added as required
offering customized views of network or cyber sections.
Each user configurable domain may include one or more
network components, such as servers, workstations,
switches and various software components.

features
Holistic View: A unique multi-tier approach allows each tier to
provide additional information and adds another viewpoint on
the system’s security status. SIEM is endowed with a range of
monitoring capabilities from close analysis of each and every local
log to an overview of the entire communications network.
Out-of-the-box templates: Assist in meeting compliance
requirements and reduce the hassle of aggregating multiple data
feeds by simplifying the creation of configurable rules and policies
for extracting useful information from network elements.
Real time Alerts: IT and security teams turn to SIEM to help
them identify potential attacks or policy violations while they
occur and to warn of anomalous network activity. This permits a
faster response, allowing security teams to nip the threat in the
bud. It also reduces damage from an attack and recovery time
after an attack.
Visibility: A single security dashboard presents What, Who and
When, displaying attack type, attack targets and attack time.
Proactive Approach: The SIEM appliance integrates with
vulnerability scanning tools and a program of routine scans to
provide an effective, proactive means of detecting threats.
Event Correlation: Complex Event Processing (CEP)
technology performs a sophisticated correlation analysis
of intrusion evidence to reduce false positives, ensure
completeness of detection and provide a bird’s eye view of
incidents. Distributed architecture permits smooth processing
and monitoring of numerous daily log entries.
Log Collection and Management: Hassle-free, automated
log collection from multiple sources. SIEM provides a central
repository for log storage and archiving. It also provides a method
of forensic incident analysis through normalization of dissimilar
data sources. It permits root cause analysis and investigation of
archived logs for complete forensics.
Reporting: Clear reporting distinguishes between
anomalies and misuse.
Practical Analysis: SIEM deals effortlessly with the huge quantity
of data generated by security and network devices. It correlates
events and pipes them into a sophisticated data mining engine
that uses both behavioral and context-based methods.
Versatile Access: A highly intuitive web-based user
interface (aka: a thin client) accompanied by a smartphone/
tablet app provides remote, secure and around the clock
connection options.
Ticketing: Investigations triggered by CyberSeal’s SIEM are
logged within the system as tickets.
Enhanced Administrative Capabilities: For a more secure
environment and convenient operation, the appliance enables the
administrator to control access rights to the application and its
sites, to control passwords and to monitor activity.
Compliance: Workflow designed to facilitate the best IT practices
and comply with regulatory initiatives.

Open System
As a key component of security and IT operations
infrastructure, CyberSeal’s SIEM seamlessly integrates
with other element managers reporting systems or
enterprise management products. It integrates smoothly
with network/application configuration management, help/
service desks, performance management, identity and
access management, Wi-Fi hotspots, MDM solutions
and network fault management. The appliance also
uses open APIs and software development kits to
facilitate interoperability between products (SIEM, Log
Management, Syslog). Alerts are generated in industry
standard format (e.g. SNORT IDS Syslog Format, CEF
Syslog Format) and can also be directed to any CSOC of
the customer’s choice, with a unique northbound interface
to enterprise level or national level SIEMs.
SIEM is a unified platform that addresses security and
compliance needs across critical infrastructure and industrial
process control networks including water treatment, power
utilities, public works and oil & gas installations.
• Integration with additional and emerging technologies:
Collects and correlates information from SCADA
networks, satellite network connections and other
sources.
• Integration with physical security technologies:
Correlates information from both IT systems and
hardware security systems.
Unique Module for SCADA Application
• Defending the defender: Designed with resilience in
mind and implemented with rugged architecture.
• Turnkey deployment: Provides comprehensive security
without compromising process reliability.
• Transparence: Industrial Control System security
remains fully visible.
• Compliance: Addresses regulatory compliance for
NERC CIP, NRC 73.54, CFATS and others.
compatible With All CyberSeal Security Products
• Tungsten – The Cyber Security Switch for physical
security and safe-city applications has a built-in
SCADA protocols probe.
• Vanadium - An IMSI Catcher Detector for critical
infrastructure facilities, to reliably detect fake cellular
base stations attempting stealth eavesdropping on-site.
• Cobalt - A Unidirectional Traffic Enforcer (Diode) to
securely connect disparate networks.
• Yttrium - An IMSI Catcher that provides real time
monitoring and control of mobile phone intrusions into
the network perimeter and restricted zones such as
prisons and other restricted access locations.
Industry Leading Partnerships
CyberSeal’s extensive collaboration with our specialized
partner portfolio enables us to provide a truly
comprehensive solution. CyberSeal has partnered with
leading security vendors to merge expertise and create
a better synergy in the areas of physical and cyber
security. CyberSeal’s partnership program creates a “force
multiplier” that can improve situational awareness and
emergency decision-making.
Magal’s Fortis 4G Integration
Integrating CyberSeal’s SIEM alerts with Magal’s
PSIM alerts provides continuous monitoring of the
network perimeter. We have also integrated the various
components and systems that activate events and alarms
to trigger the appropriate response to cyber trespassing
and cyber-attacks.

Solution Architecture

Supported Network Elements
vendor
CyberSeal
Checkpoint
Moxa
Radwin
Ruckus
Ubiquiti
Cisco
Juniper
Microsoft
Redhat
Centos
Symantec
McAfee
model
Tungsten
Cobalt
Yttrium
Vanadium
1180 NGTP appliance
4200 NG Data Protection appliance
End point security
AWK-3121
Winlink 100
Radwin-2000
Radwin-5000
ZoneFlex outdoor 77XX
airMAX family
Aironet 15xx
Catalyst 2xxx
Catalyst 3xxx
Catalyst 4xxx
Catalyst 6xxx
ASA firewall family
EX2xx
EX3xxx
EX4xxx
Windows Server 2008
Windows Server 2012
Windows 7
Windows 8
Linux Server 5.5
Linux Server 6.0
Linux Server 5.5
Linux Server 6.0
Endpoint security
Endpoint security
Supported Protocols
• SNMPv1/v2c/v3
• Telnet
• SSH/SSHv2
• TR069
• HTTP/HTTPS
• TCP RAW Socket
• REST JSON
• Web Services
• CORBA
• RMI
• FTP/SFTP
• SCP
• UDP stream

Technical Specifications & features
Feature
Power
AC Input
Power Consumption
Power Supply
Environmental
Operating temperature
Storage temperature
Relative Humidity
Dimensions
Weight
User Interface
Security
Access
Technology
Supported Browsers
Supported Devices
Optional Configurations
Site Rubidium
Extended Rubidium
Level 1 Server Configuration
CPU
Memory
Disk
Network
Video
Input Devices
Level 2 Server Configuration
CPU
Memory
Disk
Network
Video
Input Devices
Description
100-240V/50-60Hz
750W
Single or Redundant (Optional)
10oC to 35oC
10 to 80%
19” width /1U height /702mm depth
14Kg
User authentication, Flexible profiles, Audit trail
HTTPs, up to 10 concurrent user sessions
Install free, web UI thin client
Microsoft Internet Explorer, Mozilla Firefox, Google Chrome , Apple Safari
PCs, Macs, iOS and Android Tablets, Pablets and Smart phones.
Level 1 server configuration, limited to 1,000 network elements.
Level 2 server configuration, unlimited number of network elements.
Single Intel Xeon® E5-2603 1.80GHz
Signal 8GB RDIMM 1600MHz
500GB, 7200 RPM, SATA 3Gbps
4 x 10/100/1000Mbps auto-negotiate ports
1280x1024 pixels, 32bits color, VGA port
Mouse, Keyboard
Dual Intel Xeon® E5-2620 2.00GHz
Dual 16GB RDIMM 1600MHz
500GB, 7200 RPM, SATA 3Gbps
4 x 10/100/1000Mbps auto-negotiate ports
1280x1024 pixels, 32bits color, VGA port
Mouse, Keyboard
CyberSeal Ltd.
25 Habarzel Street, Tel-Aviv, Israel 6971035
T: (972)-3-6449991, F: (972)-3-6449992
www.cyber-seal.net
Distributed by:
Version: 1.00