Legal, consulting, project leadership and know-how hub. Based in Sandvika, Norway.
Today ICT is threatened by pervasive and constant cyberattacks and intrusions, led by youngsters, hacktivists, criminals and governments. Resilience to these threats is constantly declining due to the following factors:
- Increasing intensity of attacks (more actors are involved);
- Higher vulnerability of the landscape (not just bugs and misconfigurations but social engineering, system design, cryptography problems, etc.);
- Spread of interconnected systems, which enable chained attacks.
To successfully organise cyber defence, every organization should have means to:
- Detect threats when they occur;
- Analyse and understand them;
- Remediate the compromise.
We provide an efficient solution to this problem - second generation DeepEye Federated Defence System, which consists of Security Operations Module DeepEye SOC Console, and many DeepEye Xray Sensors. The technology overlay is provided to build collective defence.
- The system is built on already existing, natural trust relationships between sites where sensors are deployed for information on cyberspace threats sharing and collective defence;
- i.e. it may be applied in both a particular sector (energy, government, etc.) and interconnected systems (ex. National registers);
- sharing networks, exchange, processed information, CERTs;
- The system is built in line with the most advanced philosophy of cyber defence - Critical Controls for Effective Cyber Defence;
- The system enables an instrumentation approach - adaption to any infrastructure setup;
- The system core consists of Dell or SuperMicro hardware, proven collecting protocols and components, and uses the most advanced cyber defence methodology concepts.
- DeepEye SOC Console is organized in easy to use manner.
Users and use cases
- Collective cyber defence of the critical infrastructure sector;
- Intelligence sharing for national CERTs and organizations;
- PPP partnership between the trusted ISPs, government, military and industry;
- Activities of defence institutions (Ministry of Defence, other national or private agencies).
We provide detail design, implementation, training and running the service for the clients.
|DeepEYE-SOC||DeepEye SOC Console|
|DeepEYE-Xray||DeepEye Xray Sensor|
- Lego based set of instrumentation characteristics, integration of unified analysis, subsequent correlation;
- Simple architecture, two types of components: DeepEye SOC Console and DeepEye Sensors;
- DeepEye SOC Console works as management component, both as central point for distributing configurations, as well as consolidating and aggregating all sensor information; Console can easily manage tens of sensors;
- Integration: it integrates with Event handing platforms (like Service Desks like CA Service Desk, OTRS, RTIR, and other, or abuse automation and resolution systems) via email and web API integrations;
- Console has flexible visualization and reporting (dashboards, exports, filtering and aggregation, customized layouts);
- DeepEye Xray sensors have modular structure. Main modules allow to use Vulnerability active and passive scanning, intrusion detection system with diverse ruleset, traffic metadata (IPFIX, netflow ...), content extraction (like DNS names, SSL certificates, file hashes, and etc.)
- Sensors can be extended with functionality and components required by clients.
- Optional deep analysis on computing elements (servers) with very light agent footprint, and ability to script any required functionality, including but not limited to:
- Change of configuration of access to disk, user profiles;
- Code execution outside trusted paths;
- Anomalies in network socket usage (listening ports, network connectivity in unexpected way);
- Connectivity of external devices;
- Effective information delivery from sensors into the platform.
- Scalable architecture with unlimited organizations in the defence federation;
- Platform enables creation of indicators of attacks and compromises;
- Selective sharing of information outgoing from the organization (i.e. filter capability for what is shared);
- Optimization of human resources across the sector, as there is lack of cyber defence skillset.