Rubidium
Rubidium - Magal Security Systems Ltd
Rubidium - Magal Security Systems Ltd
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
www.cyber-seal.net<br />
<strong>Rubidium</strong><br />
CyberSeal’s Next Generation SIEM Appliance<br />
Unmatched Protection in a Multi-Perimeter World<br />
Real time management of security related events.<br />
Monitoring of cyber-security threats in all network layers.<br />
Easily Integrated with PSIM systems.
general<br />
Nine out of ten sensitive networks are compromised<br />
by sophisticated and unfamiliar cyber threats. Even<br />
networks protected by advanced cyber security tools<br />
are susceptible. Many of these cyber threats focus<br />
on confidential and classified information from heavily<br />
protected government and military networks, ultimately<br />
undermining national security. These attacks target<br />
deliberately selected high-profile targets, including<br />
mission critical control systems, national infrastructures;<br />
critical sites security systems, safe-city networks and<br />
SCADA control networks.<br />
CyberSeal’s <strong>Rubidium</strong> is a unique SIEM system for the<br />
non-IT and non-technical users. It offers a top-notch<br />
architecture and artificial intelligence algorithms to provide<br />
clear, simple and intuitive access to Cyber Security<br />
threats and alarms in critical sites.<br />
CyberSeal’s SIEM appliance synthesizes four core components:<br />
• Security Information Management: It provides<br />
for the collection and processing of data and<br />
its incorporation, aggregation and analysis into<br />
meaningful information. The data is collected<br />
from various sources such as log files or socket<br />
connections.<br />
• Security Event Management: It focuses on real-time<br />
management of security-related events. Data sources<br />
typically include firewalls, switches and routers,<br />
IDS/IPS, application servers, DB servers, identity<br />
management servers, Web servers, network security<br />
hardware and endpoints.<br />
• Network Discovery: Automatically maps network<br />
connections and allows you to add supplementary<br />
information. It streamlines efficiency analysis by<br />
automating log collection, application detection,<br />
tuning, built-in policies and reports, detection of<br />
network elements (geographic location of elements)<br />
and incident prioritization.<br />
• Internal Console and External Element Management<br />
System: adds capabilities such as correlation<br />
of diverse data sources, vulnerability analysis,<br />
compliance reporting, event reporting, anomaly<br />
detection and notification.<br />
benefits<br />
Cost Effective and Ready Protection: Enjoy extensive<br />
cyber security coverage from the Cyber Security<br />
Operations Center (CSOC) in a matter of minutes. The<br />
seamless process of monitoring the organization via the<br />
web-based interface instantly provides reputation-based<br />
threat intelligence, risk prioritization and centralized<br />
security management. The system is easily scalable, fully<br />
redundant and backed up by a remote data recovery site.<br />
Lowered Rate of False Positives: Minimize false positives,<br />
optimize time utilization and allow security analysts to focus<br />
on genuine threats. The majority of events and notifications<br />
dealt with by CERT/CSOC operators are usually false<br />
alarms that are mistakenly flagged as malicious activity. In<br />
addition the system provides actionable alerts to prevent or<br />
respond immediately to significant cyber threats as they are<br />
detected.<br />
Leveraged, Non-Intrusive, Network-Based Security:<br />
Seamlessly integrate the appliance with existing network<br />
elements such as managed switches, firewalls, anti-virus<br />
applications, firewalls, Wi-Fi hotspots and other security<br />
mechanisms. Log data and alerts are then piped to<br />
the appliance and the user interface displays the actual<br />
layout of the installation.<br />
Reduced Acquisition Costs: Reduce security management<br />
acquisition costs and improve efficiency with centralized<br />
command and control,boostedby fully automated end-to-end<br />
operations.
views<br />
CyberSeal’s SIEM offers an intuitive web based user interface<br />
which offers a simple to use operation while keeping the users<br />
on top of complex cyber security situations. The cyber threats<br />
and events are presented in three different views, each offers<br />
fresh presentation methods:<br />
• SNAPSHOT: Graphical view of the current cyber<br />
security status of the network. The entire network is<br />
presented as several icons colored according to the<br />
cyber security threat level while taking the complexity<br />
to behind-the-scenes.<br />
domains approach<br />
CyberSeal’s SIEM provides an easy access to the Cyber<br />
Security information in the network by dividing the<br />
network into security domains.<br />
• Physical Network domain is providing an access to the<br />
LAN layer including connection mapping and security<br />
threats and events reported by CyberSeal’s TungstenCyber<br />
Security Switch and Cobalt data diode as well as from third<br />
party network equipment such as Ethernet Switches.<br />
• Network Security domain includes the network firewalls, IPs,<br />
VPN and Antivirus. It receives Cyber Security threats and<br />
events and integrates them with all other Cyber Security<br />
• Cellular domain is providing activity monitoring tools for<br />
preventing and reporting illegal and hostile cellular activities.<br />
• PHYSICAL: Geographical presentation of cyber<br />
events. Network components are located on<br />
geographical map or on any site diagram and colored<br />
according to their cyber security alarm level.<br />
• NETWORK: Graphical presentation of discovered network<br />
layout colored according to the current cyber security<br />
threat level. This view may be used by expert users to<br />
monitor the relations between network components while<br />
presenting cyber security events on top.<br />
• Wireless Network domain includes the Wi-Fi and wireless<br />
links. It provides security information on illegal network<br />
access by unknown clients, abnormal network activity and<br />
rogue devices.<br />
• Servers and Workstations domain is providing an access to<br />
the endpoint security information and to the security events<br />
generated by the computers operating systems (Windows<br />
and Linux).<br />
• User configurable domains may be added as required<br />
offering customized views of network or cyber sections.<br />
Each user configurable domain may include one or more<br />
network components, such as servers, workstations,<br />
switches and various software components.
features<br />
Holistic View: A unique multi-tier approach allows each tier to<br />
provide additional information and adds another viewpoint on<br />
the system’s security status. SIEM is endowed with a range of<br />
monitoring capabilities from close analysis of each and every local<br />
log to an overview of the entire communications network.<br />
Out-of-the-box templates: Assist in meeting compliance<br />
requirements and reduce the hassle of aggregating multiple data<br />
feeds by simplifying the creation of configurable rules and policies<br />
for extracting useful information from network elements.<br />
Real time Alerts: IT and security teams turn to SIEM to help<br />
them identify potential attacks or policy violations while they<br />
occur and to warn of anomalous network activity. This permits a<br />
faster response, allowing security teams to nip the threat in the<br />
bud. It also reduces damage from an attack and recovery time<br />
after an attack.<br />
Visibility: A single security dashboard presents What, Who and<br />
When, displaying attack type, attack targets and attack time.<br />
Proactive Approach: The SIEM appliance integrates with<br />
vulnerability scanning tools and a program of routine scans to<br />
provide an effective, proactive means of detecting threats.<br />
Event Correlation: Complex Event Processing (CEP)<br />
technology performs a sophisticated correlation analysis<br />
of intrusion evidence to reduce false positives, ensure<br />
completeness of detection and provide a bird’s eye view of<br />
incidents. Distributed architecture permits smooth processing<br />
and monitoring of numerous daily log entries.<br />
Log Collection and Management: Hassle-free, automated<br />
log collection from multiple sources. SIEM provides a central<br />
repository for log storage and archiving. It also provides a method<br />
of forensic incident analysis through normalization of dissimilar<br />
data sources. It permits root cause analysis and investigation of<br />
archived logs for complete forensics.<br />
Reporting: Clear reporting distinguishes between<br />
anomalies and misuse.<br />
Practical Analysis: SIEM deals effortlessly with the huge quantity<br />
of data generated by security and network devices. It correlates<br />
events and pipes them into a sophisticated data mining engine<br />
that uses both behavioral and context-based methods.<br />
Versatile Access: A highly intuitive web-based user<br />
interface (aka: a thin client) accompanied by a smartphone/<br />
tablet app provides remote, secure and around the clock<br />
connection options.<br />
Ticketing: Investigations triggered by CyberSeal’s SIEM are<br />
logged within the system as tickets.<br />
Enhanced Administrative Capabilities: For a more secure<br />
environment and convenient operation, the appliance enables the<br />
administrator to control access rights to the application and its<br />
sites, to control passwords and to monitor activity.<br />
Compliance: Workflow designed to facilitate the best IT practices<br />
and comply with regulatory initiatives.
Open System<br />
As a key component of security and IT operations<br />
infrastructure, CyberSeal’s SIEM seamlessly integrates<br />
with other element managers reporting systems or<br />
enterprise management products. It integrates smoothly<br />
with network/application configuration management, help/<br />
service desks, performance management, identity and<br />
access management, Wi-Fi hotspots, MDM solutions<br />
and network fault management. The appliance also<br />
uses open APIs and software development kits to<br />
facilitate interoperability between products (SIEM, Log<br />
Management, Syslog). Alerts are generated in industry<br />
standard format (e.g. SNORT IDS Syslog Format, CEF<br />
Syslog Format) and can also be directed to any CSOC of<br />
the customer’s choice, with a unique northbound interface<br />
to enterprise level or national level SIEMs.<br />
SIEM is a unified platform that addresses security and<br />
compliance needs across critical infrastructure and industrial<br />
process control networks including water treatment, power<br />
utilities, public works and oil & gas installations.<br />
• Integration with additional and emerging technologies:<br />
Collects and correlates information from SCADA<br />
networks, satellite network connections and other<br />
sources.<br />
• Integration with physical security technologies:<br />
Correlates information from both IT systems and<br />
hardware security systems.<br />
Unique Module for SCADA Application<br />
• Defending the defender: Designed with resilience in<br />
mind and implemented with rugged architecture.<br />
• Turnkey deployment: Provides comprehensive security<br />
without compromising process reliability.<br />
• Transparence: Industrial Control System security<br />
remains fully visible.<br />
• Compliance: Addresses regulatory compliance for<br />
NERC CIP, NRC 73.54, CFATS and others.<br />
compatible With All CyberSeal Security Products<br />
• Tungsten – The Cyber Security Switch for physical<br />
security and safe-city applications has a built-in<br />
SCADA protocols probe.<br />
• Vanadium - An IMSI Catcher Detector for critical<br />
infrastructure facilities, to reliably detect fake cellular<br />
base stations attempting stealth eavesdropping on-site.<br />
• Cobalt - A Unidirectional Traffic Enforcer (Diode) to<br />
securely connect disparate networks.<br />
• Yttrium - An IMSI Catcher that provides real time<br />
monitoring and control of mobile phone intrusions into<br />
the network perimeter and restricted zones such as<br />
prisons and other restricted access locations.<br />
Industry Leading Partnerships<br />
CyberSeal’s extensive collaboration with our specialized<br />
partner portfolio enables us to provide a truly<br />
comprehensive solution. CyberSeal has partnered with<br />
leading security vendors to merge expertise and create<br />
a better synergy in the areas of physical and cyber<br />
security. CyberSeal’s partnership program creates a “force<br />
multiplier” that can improve situational awareness and<br />
emergency decision-making.<br />
Magal’s Fortis 4G Integration<br />
Integrating CyberSeal’s SIEM alerts with Magal’s<br />
PSIM alerts provides continuous monitoring of the<br />
network perimeter. We have also integrated the various<br />
components and systems that activate events and alarms<br />
to trigger the appropriate response to cyber trespassing<br />
and cyber-attacks.
Solution Architecture
Supported Network Elements<br />
vendor<br />
CyberSeal<br />
Checkpoint<br />
Moxa<br />
Radwin<br />
Ruckus<br />
Ubiquiti<br />
Cisco<br />
Juniper<br />
Microsoft<br />
Redhat<br />
Centos<br />
Symantec<br />
McAfee<br />
model<br />
Tungsten<br />
Cobalt<br />
Yttrium<br />
Vanadium<br />
1180 NGTP appliance<br />
4200 NG Data Protection appliance<br />
End point security<br />
AWK-3121<br />
Winlink 100<br />
Radwin-2000<br />
Radwin-5000<br />
ZoneFlex outdoor 77XX<br />
airMAX family<br />
Aironet 15xx<br />
Catalyst 2xxx<br />
Catalyst 3xxx<br />
Catalyst 4xxx<br />
Catalyst 6xxx<br />
ASA firewall family<br />
EX2xx<br />
EX3xxx<br />
EX4xxx<br />
Windows Server 2008<br />
Windows Server 2012<br />
Windows 7<br />
Windows 8<br />
Linux Server 5.5<br />
Linux Server 6.0<br />
Linux Server 5.5<br />
Linux Server 6.0<br />
Endpoint security<br />
Endpoint security<br />
Supported Protocols<br />
• SNMPv1/v2c/v3<br />
• Telnet<br />
• SSH/SSHv2<br />
• TR069<br />
• HTTP/HTTPS<br />
• TCP RAW Socket<br />
• REST JSON<br />
• Web Services<br />
• CORBA<br />
• RMI<br />
• FTP/SFTP<br />
• SCP<br />
• UDP stream
Technical Specifications & features<br />
Feature<br />
Power<br />
AC Input<br />
Power Consumption<br />
Power Supply<br />
Environmental<br />
Operating temperature<br />
Storage temperature<br />
Relative Humidity<br />
Dimensions<br />
Weight<br />
User Interface<br />
Security<br />
Access<br />
Technology<br />
Supported Browsers<br />
Supported Devices<br />
Optional Configurations<br />
Site <strong>Rubidium</strong><br />
Extended <strong>Rubidium</strong><br />
Level 1 Server Configuration<br />
CPU<br />
Memory<br />
Disk<br />
Network<br />
Video<br />
Input Devices<br />
Level 2 Server Configuration<br />
CPU<br />
Memory<br />
Disk<br />
Network<br />
Video<br />
Input Devices<br />
Description<br />
100-240V/50-60Hz<br />
750W<br />
Single or Redundant (Optional)<br />
10oC to 35oC<br />
10 to 80%<br />
19” width /1U height /702mm depth<br />
14Kg<br />
User authentication, Flexible profiles, Audit trail<br />
HTTPs, up to 10 concurrent user sessions<br />
Install free, web UI thin client<br />
Microsoft Internet Explorer, Mozilla Firefox, Google Chrome , Apple Safari<br />
PCs, Macs, iOS and Android Tablets, Pablets and Smart phones.<br />
Level 1 server configuration, limited to 1,000 network elements.<br />
Level 2 server configuration, unlimited number of network elements.<br />
Single Intel Xeon® E5-2603 1.80GHz<br />
Signal 8GB RDIMM 1600MHz<br />
500GB, 7200 RPM, SATA 3Gbps<br />
4 x 10/100/1000Mbps auto-negotiate ports<br />
1280x1024 pixels, 32bits color, VGA port<br />
Mouse, Keyboard<br />
Dual Intel Xeon® E5-2620 2.00GHz<br />
Dual 16GB RDIMM 1600MHz<br />
500GB, 7200 RPM, SATA 3Gbps<br />
4 x 10/100/1000Mbps auto-negotiate ports<br />
1280x1024 pixels, 32bits color, VGA port<br />
Mouse, Keyboard<br />
CyberSeal Ltd.<br />
25 Habarzel Street, Tel-Aviv, Israel 6971035<br />
T: (972)-3-6449991, F: (972)-3-6449992<br />
www.cyber-seal.net<br />
Distributed by:<br />
Version: 1.00