RUBIDIUM

Security Information Event Management (SIEM)

 

CyberSeal’s SIEM appliance is an all-source cyber situation awareness apparatus with the enhanced ability to facilitate operational responses to cyber security events.

Equipped with hassle-free and automated log collection from multiple sources, it provides organization-wide visibility (and multi-zone protection) with a single security dashboard console that displays “who, what and when”.  This is done using a Complex Event Processing (CEP) technology that performs sophisticated correlation analysis of intrusion symptoms to reduce false positives.  This technology also offers out-of-the-box reports, the ability to customize reports on the fly, real-time alerts to identify potential attacks or policy violations as they happen and alerts concerning anomalous network activity.

CyberSeal’s SIEM provides a workflow that enables the delivery of best practices that support compliance initiatives.  SIEM was designed with security in mind, implementing well-known and proven hardening methodologies to “defend the defender”. It features an intuitive user interface supporting PCs, tables and smart phones.

CyberSeal’s SIEM takes a holistic approach in assisting security teams to uncover cyber-attacks in all parts of the facility, providing integration various PSIM system to offer a complete picture of all the site’s threats and alarms.

CyberSeal’s unique proactive approach enabling Integration with vulnerability scanning tools and routine scans provides an effective means of detecting threats and wrong configurations in the network, and advises the security team regarding the correct configuration.

Integrated Endpoint and Network Security

CyberSeal’s SIEM is fully integrated with Checkpoint’s endpoint security for workstations and servers (disk encryption, media encryption, anti-malware and firewall) and with Checkpoint’s network security (Firewall, VPN, IPS and Antivirus).
The security threats and events reported by these applications is reported by the SIEM, offering a complete vision on the network’s cyber security status.

 

LAN Monitoring

CyberSeal’s SIEM receives security events and threats reported by the Tungsten Cyber Security Switch. It also generates security events according to analyzed data collected from various network devices (such as Ethernet switches and routers) and.

 

Wireless Monitoring

Major thefts of data have been initiated by attackers who have connected wirelessly to access points from outside the site, bypassing organizations’ physical security perimeters. CyberSeal’s SIEM actively detects any illegal wireless activity near the site.

 

Data Access Control

In many environments, internal users have access to all or most of the informational and physical assets in a given facility. Once attackers have penetrated such a network, they can easily find and exfiltrate important information with little resistance.
CyberSeal’s SIEM controls, prevents and reports the use, assignment, and configuration of administrative privileges on computers, networks, and applications. Information is gathered from network based sensors and reported to CyberSeal’s SIEM.

 

System Architecture

The Rubidium offers multiple connections to CyberSeal and third party equipment. These connections, based on many protocols, allow the Rubidium to monitor the network and discover cyber security thread and behavior