Elbit Systems

Cyber Defense
Elbit Proposition

►Elbit Provides full End-to-End cyber security solution:

• Fully integrated and comprehensive Cyber Protection Suite
• Specially designed for customer requirements to allow future growth
• Elbit Technology Inside - Key products developed in-house
• World leading cyber security technology partners

►Elbit is a trusted partner with proven Track Record:

• Leading cyber security provider, for the Israeli intelligence and defense community
• Numerous projects and deployment around the world

►Operational Expertise
• Risk assessment, planning, operational & technical support and maintenance

►Supporting the customer capabilities through expert professional services

• Recruitment support, Implementation and integration, Systems tutoring, Admins OJT, Cyber
Academic Program, Methodologies consultancy
© 2021 Elbit Systems Proprietary
Our Offering
CERT
Security Operations
Internet
Center (SOC)
Datacenter

Cyber Education
& Training

OT Networks – Organization IT
Remote Sites / Substations Networks

© 2021 Elbit Systems Proprietary

Our Portfolio | Cyber Defense

Reference Project

4
© 2021 Elbit Systems Proprietary
►SOC
►SIEM
►SOAR
►Vulnerability Assessment
►MDM
►UTM NG-FW
►Sandbox Seamless integration
►NAC within IT and OT networks
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

5 © 2021 Elbit Systems Proprietary

6 © 2021 Elbit Systems Proprietary
7 © 2021 Elbit Systems Proprietary
►SOC
►SIEM ► VMWare Virtualization Environment
►SOAR • Management, resource optimization, operational automation capabilities
►Vulnerability Assessment ► Zesco's Cyber security virtualization Environment
is separated into three environments types:
►MDM
• IT Environment: Consists of 6 ESX Servers, built in VMWare Cluster
►UTM NG-FW • OT Environment: Consist of 3 ESX Servers, each built as Stand Alone server
►Sandbox • EDR Environment: Consist of 1 ESX Server, built as Stand Alone server
►NAC
►Anti-DDOS
►PKI ► Zesco NetApp storage systems are hardware data storage and retrieval systems.
A modular hardware architecture.
►EDR
►OT Protection
► Nexus 9K switches
►DLP
►Cloud Protection
► Cisco Catalyst 2960-X Series
►DB Protection

8 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR ► A consolidated Security Information and Event Management solution
►Vulnerability Assessment providing real-time visibility of the entire IT infrastructure.

►MDM ► Zesco’s QRadar solutions with the core SIEM component and the following complimentary
integrated modules: Risk Manager, Vulnerability Manager, and Incident Forensics.
►UTM NG-FW
► QRadar allows obtaining accurate analytical data on security events in real-time.
►Sandbox The solution collects processes and stores data from connected log sources to analyze it and
generate offenses based on correlation rules once a security threat is detected.
►NAC
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

9 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR ► A comprehensive Security Orchestration, Automation and Response platform
►Vulnerability Assessment that unifies case management, automation, real-time collaboration and threat intel management
to serve security teams across the incident lifecycle.
►MDM
► Incidents - Potential security data threat that SOC administrators identify and remediate.
►UTM NG-FW There are several incident triggers, including , SIEM alerts , Mail alerts.
►Sandbox ► Incident Lifecycle - the orchestration and automation system is used to bring all of the various
pieces of your security apparatus together.
►NAC
► Integrations - third-party tools and services that the XSOAR platform orchestrates and
►Anti-DDOS automates SOC operations.
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

10 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment ► Tenable SecurityCenter is the unifying platform that brings a simplified and continuous
approach to complex network risk management for hybrid IPv4/IPv6 asset discovery,
►MDM vulnerability management, configuration auditing and compliance reporting.
►UTM NG-FW ► Tenable supports both periodic and continuous models of security, risk, and compliance
management. Provides unified security monitoring continuous risk and compliance
►Sandbox management on Single Platform for Scanning and Continuous Monitoring.
►NAC ► Tenable Security Center identify attacks and critical weaknesses, so problems can be avoided
►Anti-DDOS and impacts minimized. Detailed reporting and dashboards provide visibility and control over
essential IT operations and security processes.
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

11 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR ► Vmware Workspace ONE MDM
►Vulnerability Assessment ► Mobile Device Management (MDM) is a device lifecycle management technology that
►MDM enables IT to deploy, configure, manage, support and secure mobile devices through MDM
profiles installed on the devices.
►UTM NG-FW MDM software provides asset inventory, over-the- air configuration of email, apps and Wi-Fi,
remote troubleshooting, and remote lock and wipe capabilities to secure the device and the
►Sandbox enterprise data on it.
►NAC ► Workspace ONE Unified Endpoint Management technology, is the simple and secure enterprise
platform that delivers and manages any app on any smartphone, tablet, or laptop.
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

12 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment ► Fortigate FW 1500D - high performance Next Generation firewall (NGFW) capabilities for
►MDM large enterprises and service providers.
IPS, SSL inspection, and advanced threat protection to optimize your network’s performance.
►UTM NG-FW • Main FW – The Zesco Internal FW are 2 Fortigate 1500D in High availably cluster mode for full
redundancy .providing SSL-VPN with MFA services, perimeter NGFW with full UTM services ,and
►Sandbox internal separated FW for the new SOC data center.
►NAC • OT VPN FW – Zesco OT VPN FW, is standalone Fortigate 1500D, providing secure SSL-VPN
connection to the OT network, NGFW services from the OT networks to the secure SOC data center .
►Anti-DDOS
►PKI ► FortiAnalyzer - Security Driven Analytics and Log Management. Provides deep insights into
►EDR advanced threats through Single-Pane Orchestration, Automation, and Response for your
entire attack surface to reduce risks and improve your organization's overall security.
►OT Protection Simplifies the complexity of analyzing and monitoring new and emerging technologies that have
expanded the attack surface, and delivers end-to-end visibility of the network.
►DLP
►Cloud Protection
► Fortimanager – Automation Driven Centralized Management , Manage all Fortinet devices in
►DB Protection a single-console central management system. FortiManager provides full visibility of the
network, offering streamlined provisioning and innovative automation tools.

13 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment
►MDM ► FortiSandbox is a physical appliance running specific OS types for running files in a virtual
►UTM NG-FW isolated environment for testing if the file is benign or malicious.
The sandbox device receives files identified in the traffic passing the FortiGate firewalls in the
►Sandbox network.
►NAC
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

14 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment ► Clearpass is a NAC (Network Access Control) solution based on 802.1x protocol, Simple
►MDM automated device configuration and control for wired and wireless devices , support for
operating systems and supplicant of Windows, Mac OS X, iOS, and Android devices.
►UTM NG-FW
► The Clearpass support bring-your-own-device (BYOD) initiatives in enterprise, uniquely
►Sandbox simplified workflow, centralized administrative control and management console.
►NAC
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

15 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment ► Radware’s award-wining DefensePro is a real-time Intrusion Prevention System (IPS) and
►MDM DoS-protection device, which maintains business continuity by protecting the application
infrastructure against existing and emerging network-based threats that cannot be detected by
►UTM NG-FW traditional IPSs, such as: network- and application-resource misuse, malware spreading,
authentication defeat and information theft.
►Sandbox
►NAC
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

16 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment
►MDM ► PKI environment supply a trusted source for certificate issued by a certification authority.
The trust relay on a hierarchy of certificate servers with a root certificate authority at the top.
►UTM NG-FW
► From security perspective, the Root CA is kept offline and the keys are kept on the HSM
►Sandbox device, the Root CA needs to be turned on for CRL publish, and enrollment of certificates for its
subordinate certificate authorities.
►NAC
► SafeNet Luna HSMs are hardware security modules designed to protect critical
►Anti-DDOS cryptographic keys and to accelerate sensitive cryptographic operations across a wide range of
►PKI security applications
► Consumers of the PKI infrastructure can be entities that are enrolling certificate from the
►EDR certificate authority or entities that needs to validate a certificate presented to them.
►OT Protection
►DLP
►Cloud Protection
►DB Protection

17 © 2021 Elbit Systems Proprietary

►SOC
►SIEM ► Elbit EDR - Endpoint Detection & Response is a security solution designed to detect
malicious activity on endpoints, prevent malware attacks, and enable investigation and
►SOAR remediation of dynamic security incidents .
It provides a new approach for detecting and responding to Advanced Persistent Threats,
►Vulnerability Assessment based on a hybrid detection engine, which combines behavioral analysis with machine learning
►MDM algorithms to identify abnormal activity.
This unique hybrid approach is proven to detect a broader range of malicious activities,
►UTM NG-FW including threats that have never before been encountered, and minimizes false positives.
►Sandbox ► Using a kernel-level agent and Big Data technologies the EDR provides active hunting and full
forensics capabilities – all in one product.
►NAC Providing best detection and deployed in among the world’s most sensitive networks, EDR is a
secure and reliable product.
►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

18 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment
►MDM
►UTM NG-FW
►Sandbox
► RAM2 – next generation Security Orchestration, Automation and Response platform for OT security
►NAC and digital risk management. Seamlessly integrates information from diverse operational and security
systems. Discovering, analyzing, and monitoring all OT, IT and IIOT assets within the operational
►Anti-DDOS environment, Correlates security events and digital risks from across the entire OT network. Proactively
identifies risk patterns and presents only meaningful and relevant insights. The platform’s user-friendly
►PKI dashboards simplify OT security - allowing operational teams to continuously assess their security
►EDR posture, while easily enforcing policies, industrial standards, and more. And when cyber incidents require
SOC intervention, RAM2 facilitates seamless collaboration between operational cyber teams, providing
►OT Protection analysts with a tailored workbench for in-depth forensic investigation.
►DLP ► Waterfall - WF500 this diode device is One-way information transfer component that provide secure
data transfer between two different logical networks, Waterfall’s enable safe IT/OT integration, remote
►Cloud Protection monitoring and diagnostics. Pair: TX Module contains a laser, and RX Module contains an optical
►DB Protection receiver. A pair of modules can transmit information only one way
A secure way to transfer data between the OT environment and the SOC data center allowing
visibility to the OT network .

19 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
► Forcepoint DLP protects organizations from information leaks and data loss at the perimeter
►Vulnerability Assessment and inside the organization, as well as in certain Infrastructure as a Service platforms.
►MDM ► Forcepoint DLP Network prevents data loss through email and over web channels such as HTTP,
HTTPS, and FTP.
►UTM NG-FW
► It includes an analytics engine that identifies and ranks high-risk incidents. Incidents generated by
►Sandbox DLP policies across all core Forcepoint DLP components are evaluated to report on those with
►NAC the highest data loss or data theft risk score.

►Anti-DDOS
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

20 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment
► Forcepoint Cloud Access Security Broker (CASB) automatically discovers cloud application
►MDM use, analyzes the risks and enforces appropriate controls for SaaS and production applications.
►UTM NG-FW ► Cloud apps providing security and compliance posture, Preventing data loss and enforcing
granular access controls , comprehensive App Discovery, Governance, Analytics and Protection
►Sandbox in one integrated solution, Built-in integration with enterprise directories, SIEM and MDM , deep
►NAC support for Office 365, AWS, Salesforce, Google Apps, Box, Dropbox, NetSuite, Workday,
Microsoft Azure and more. Forcepoint ensures the safe and productive use of cloud apps across
►Anti-DDOS all users ,endpoint and cloud platforms.
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

21 © 2021 Elbit Systems Proprietary

►SOC
►SIEM
►SOAR
►Vulnerability Assessment
► McAfee Database Security is an highly scalable software solution that monitors the Database
►MDM Management System (DBMS) and protects it from internal and external threats and intra
database exploits.
►UTM NG-FW
► McAfee Database Activity Monitoring Protects data from all threats by monitoring activity locally
►Sandbox on each database server and by alerting or terminating malicious behavior in real time
►NAC ► Automatically discovers databases on the network, determines if the latest patches have been
►Anti-DDOS applied, and tests for vulnerabilities, such as weak passwords, default accounts, and other
common threats.
►PKI
►EDR
►OT Protection
►DLP
►Cloud Protection
►DB Protection

22 © 2021 Elbit Systems Proprietary

Thank You