מערכת ניהול לוגים אבטחת מידע, זיהוי חריגות ומרכז בקרה...

המפיצה של הרשמיתCYBERSHARK

by

About Us• Connect Everywhere Israel, Branch of Mexican IT Company

•More then 20 years of IT management & Security

•Working globally as Security Expert

• Bring the Israel IT top of the art security solution

Malware Based Attacks Continue To Rise

20092,361,414

430,555,582

new malware detected

2015 new malware detected

Source: Symantec 2016 Global Intelligence Network Report

1,179,000new malware

detected every day

Source: Symantec 2016 Global Intelligence Network Report

Cisco Threats Security Risk• Every day there are

more then 10 Security Risk threats in your network that you need to handle • Some impact you

immediately • You need to be aware

them and threat them when it happen

• 2016 – 146 Vulnerabilities for Microsoft Office• 106 Vulnerabilities considered CRITICAL

• 2015-2016 – 150 Vulnerabilities for Adobe Reader• 11 Vulnerabilities considered CRITICAL

Microsoft Security Bulletin MS16-120 - Critical

Adobe Security Bulleting

Our Way to Solve Security Risk• Our System Solution helps companies to overcome

security issues in their system• There are 2 process that work together to solve your

security break

• SIEM - Security Information and Event Management • Deal with all the alerts in the system

• SOC - Security Operations Center • Real people• Working 24x7 • Monitors the security event • send alerts and solutions to problems

The work flow

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

The company has different IT and Information Security Devices, such as Firewalls, IPS, Switches, routers, proxies, Anti Spam, Antivirus , Windows Servers, Linux Servers and others. Each Device Creates Its Own Security Log With Security Information On It.

1

The Collector (MSI) will be installed on the client premises and will take the logs from all this devices.

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

2

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

Compress

Encrypt

Send

The collector will compress them and send them encrypted to the Cyber Shark Cloud.

3

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

Compress

Encrypt

Send

Aggregation

Normalization

Duplication

The events when arriving pass to different processes as Aggregation, normalization and duplication.

4

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

Compress

Encrypt

Send

Aggregation

Normalization

Duplication

Then are placed in the Database

5

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

Compress

Encrypt

Send

The Data on database is enriched by external sources as Blacklists and others. IT is passed through a complex set of correlation rules.

6 Aggregation

Normalization

Duplication

External Sources

Enrichment

Compliance Rules

Correlation Rules DB

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

Compress

Encrypt

Send

Data can be exposed to the client using the dashboard. When an incident is identified, an alert is sent to the costumer and a ticket being open for the analyst to check the issue.

7 Aggregation

Normalization

DuplicationExternal Sources

Enrichment

Compliance Rules

Correlation Rules DB

Dashboard Alert

Firewalls

I.P.S

Linux Server

Window Server

Switches

Router

Collector MSI

Compress

Encrypt

Send

The analyst checks the incident and decide if it is a false positive or not, and if not gathers all the evidence. A Remediation plan is created and all this data is send to the client via a ticketing system or email.

8 Aggregation

Normalization

DuplicationExternal Sources

Enrichment

Compliance Rules

Correlation Rules

Verify False Positive

Add Remediation Plan

DB

Dashboard Alert

Notify

SOC Analyst

CLIENTS

Who needs this solutions• Capital Market• Credit Data Law • Superintendent of Insurance• SOC2 - Cloud companies that hold customer information• PCI - Companies that perform credit card transactions

required to correct• HIPPA - Companies must meet HIPPA regulation - drug

companies and HMOs

Why CYBERShark ?• Your network & data are critical to your success • The characteristics of cyber threats are known:• Unusual outbound network traffic/data exfiltration• Anomalies in privileged-user account activity • Large numbers of requests for the same file• Geographical irregularities• Database extractions (SQL injection)• Sweep Scans & event log alterations

• But these Indicators of Compromise (IoC) cannot be reliably detected by localized security measures like firewalls and IDS/IPS systems!• You need CYBERShark to watch your entire network

HOW CYBERSHARK PROTECTS YOU• The alerts we send you don’t just tell you that there’s a

problem, they tell you how to handle it:• Identification of the specific threat• Remediation steps to fix the problem (device-specific)• All supporting evidence provided in the alert

• The customer portal lets you view your own network security posture at a glance

• You get access to comprehensive reporting for security and regulatory compliance• Compliance reports identify the specific regulatory issues at

stake due to a threat (HIPAA, PCI, GPG13 and more)

Contact Us

WWW.CEI.CO.IL

Salo 052-3653227 salo@cei.co.il

Sharon 054-5680114 sharon@cei.co.il