www.obrela.com
Corporate Security
Intelligence
Using
security
analytics
and
sophisticated
risk
management
technology
we
dynamically
protect
our
clients
by
identifying,
analyzing,
predicting
and
preventing
security
threats
in
real
time.
We Keep Your Business
In Business
Organizations have already made significant investments in order to implement best‐of‐breed, multi‐layered information security architectures,
adopting in a relatively small timeframe a multitude of technologies such as Firewalls, Intrusion Detection Systems, Web Application Firewalls,
Anti‐virus / Anti‐spam / Anti‐phishing systems, etc. in a never‐ending race of improving their security posture and being able to cope with the
new threats. Each security system and mechanism, however, implies a significant operational overhead in order to be efficient and deliver on its
security and Return on Investment promises.
All services are built on our highly‐available and secure Datacenters and operated 24x7x365 by our Security Operations Centers staffed with
certified and experienced Security Analysts and Engineers.
Obrela Security Industries Corporate Security Intelligence services are engineered to be vendor independent, practically capable to monitor
security, operational and transactional events from any product, system or application and network device available in the market today.
Our Corporate Security Intelligence services, Security Operations Centers and Datacenters are ISO 27001 and ISO 9001 certified.
www.obrela.com
Keep
Control
1
Contract
Save
Money
Lease not Buy
Save
Time
Fast Deployment
Keep
Simple
1 Service Point
Reduced CAPEXObrela Security Industries Corporate Security Intelligence Services require ZERO capital investment. The client is not required to purchase or own
any infrastructure, as everything is owned and preconfigured by Obrela Security Industries including any client‐side infrastructure and
equipment.
Low OPEX
Obrela Security Industries staff a team of security experts and engineers operating 24 hours a day, 365 days a year, relieving their Clients from
the operation cost of maintaining in‐house Operations Center would require hiring and training a dedicated team of at least 10 specialized
employees
Increased Scalability
Obrela Security Industries Security‐as‐a‐Service offerings are based on strictly bound service level agreements, allowing the clients to expand the
scope of systems monitored according to their needs based on a predefined pay‐as‐you‐go model.
Reduced Time‐to‐implementation
Leveraging the power of Obrela Security Industries state‐of‐the‐art Incident and Event Management Platform the time typically required to start
monitoring the majority of a client’s infrastructure ranges from a few days to a few weeks.
Employee Turnover Risk Elimination
Even when an organization is prepared to fund an investment for an in‐house Operations Center, maintaining, training and certifying security
experts able and willing to work 24x7 is a difficult task. This investment in human capital is unlikely to mature, mainly due to the high employee
turnover. Those issues are factored in the Obrela Security Industries MSSP business model in order for any employee turnover to happen
transparently to the end‐customer.
Service Quality
The overall service quality offered by Obrela Security Industries can be measured as well as monitored in tangible, monetary terms should any
SLA clause be breached. Speed of Deployment
Obrela Security Industries follow strict workflows, optimized for deployment quality, accuracy and speed. The re‐usability of our multi‐tenant
pre‐fine‐tuned and optimized platform, our methodology and the experience of our security engineers, guarantee an unmatched delivery time in
the MSSP industry today.
We
provision
it
all
as
a
service
and
clients
can
get
what
they
want
when
they
want
and
where
they
want
with
no
upfront
or
very
little
Obrela Security Industries security event management services
take the step beyond storage and alerting to provide real‐time
monitoring, historic & behavioral analysis and the automated
security incident response necessary to manage the higher level of
risk associated with doing business in today’s digital world.
Our state‐of‐the‐art SIEM technology operated 24x7x365 by our
Security Analyst teams is pro‐actively monitoring network systems
and applications traffic, looking for suspicious activity and
notifying when security events require additional analysis,
investigation or action. The advanced real‐time correlation and
behavioral analysis capabilities of our SIEM platform identifies the
relevance of any given event by placing it within context of who,
what, where, when and why that event occurred, in order to
derive its impact on business risk terms.
Logs from multiple sources as IDS/IPS, network devices, servers,
applications and databases are cross‐correlated between each log
source and external intelligence data in order to identify incidents
that are happening in real‐time. Corporate Security Intelligence
services are delivered to the client utilizing a vast library of
optimized correlation rules and behavior analysis/profiling use
cases called “Deep Security Event Correlation”.
All the operations are collaborative and delivered to our Clients
through a full‐featured Case Management System where all
incidents are tracked from identification to resolution.
Granular and role based real‐time dashboards and reports are
delivered providing a multi‐dimensional view of the operations
taking place, as well as Key Performance Indicators (KPIs) that
ensure our service is delivered in strict accordance to each SLA.
Adding to the above, a unique set of “Complementary Intelligence
Services” complete the eco‐system of Corporate Security
Intelligence by bringing additional value to any deployment
incorporating, amongst others, external intelligence, social media
monitoring and Malware/APT protection and analytics.
Obrela
Security
Industries
collects
and
analyzes
structured
and
unstructured
data
generating
valuable
intelligence
for
new,
emerging
and
advanced
security
threats
giving
its
clients
a
unique
advantage
in
predictability,
preparation
and
response.
Security
Event
www.obrela.com
Our
Corporate
Security
Intelligence
Services
provide
a
logical
“umbrella”
of
active
protection
not
just
a
managed
SIEM
service.
We
offer
an
unprecedented
additional
protection
layer
that
ensures
the
identification,
prevention,
and
prediction
of
cyber
threats
in
real
time.
All
under
a
single
console.
Automated Malware & APT Analysis – Swordfish MAS
™
This unique service allows OSI to capture nearly anything the customer's internal users
download (whether they know they are downloading it or not), analyze the files behavior and
communications and provide all appropriate information needed to flag the file ok for further use or not.
The results of this dynamic analysis are also fed back into the SIEM for cross‐correlation with real‐time
logs collected from the equipment in order to solidify the impact and prevent propagation of any
malware or APT.
Web Resource Surveillance –
Swordfish WebMonitor
™
The customer's key web resources and their approved activities are extensively tested until a “Gold
Standard” behavior mapping is developed. This “Gold Standard” mapping is then applied to OSI's
Security Operations Center(SOC) and monitored ‘round‐the‐clock. Any deviation from this mapping will
trigger flags within OSI's SOC and strict rules of engagement are followed, allowing the customer to act
quickly and decisively.
Reputational Intelligence – Swordfish ReputationMonitor
™
Obrela Security Industries Reputational Intelligence enhances Corporate Security Intelligence by adding
reputational context to all the actors associated with the communications between the customer
infrastructure and the Internet. This is performed by integrating and de‐duplicating multiple proprietary
and open reputational feeds. OSI Domestic Intelligence Network uses SIEM and Honeypot intelligence to
extract and “local” attack formations & attackers targeting multi‐region telecommunication providers,
amongst other industries. Sources based on OSI proprietary intelligence (SIEM based reputation,
Malware Analysis, Regional Honeynet), Commercial Feeds (eg DVLabs) and Open Source feeds allow OSI
to have total visibility of communication with TOR/Anonymity, C&C Servers, Compromised Hosts,
Malware Repositories, Phishings Sites, etc.
Social Media Intelligence – Swordfish SocialMonitor ™
Malicious parties make use of social media such as Twitter, Facebook, public forums, IRC Channel and
paste bins in order to organize upcoming attacks and/or invite internet users to take part in mass‐driven
attack scenarios such as Distributed Denial of Service (DDoS). OSI Security Intelligence has identified pre‐
attack discussions and successfully provided fail‐safe recommendations and strategies to eliminate the
implied customer risk of a successful attack.
To automate and streamline the above methodology, Obrela Security Intelligence developed SWORDFISH SocialMonitor combining the Intelligence Data Gathering approaches and Real‐Time Threat Management capabilities of the SIEM platform, in order to extract and normalize publicly available announcements and information leaks and automatically correlate them in real‐time with suspicious behavior and trends identified through monitoring the Customer infrastructure.
(3‐D)imensional Correlation
(3‐D)imensional Correlation is an additional layer on top of the security intelligence services that
combines the log management capabilities of the OSI monitoring platform with the actual
vulnerabilities of the systems monitored. This type of service is targeted for large organizations with
increased complexity of infrastructure where logs are gathered from a large number of devices.
Based on the OSI advanced correlations rule‐set, the correlation engine takes into consideration the
“Vulnerability” factor, reducing false‐positives and as a result increases or decreases the alert‐
criticality level depending on whether an attack vector meets the conditions required in order to be
successful.
User Activity Monitoring / Privileged User Surveillance
All organizations have a special group of users that have elevated privileges or capabilities on their
systems and applications. This (or any other definable) group of users needs to be
continually supervised in order to ensure proper behavior and actions within the organizations systems.
Privileged User Surveillance Service monitors and logs these specific users activities and escalates when
these violate the security policy or meet the mutually agreed rules of engagement.
Network Perimeter Surveillance
All network traffic on customer perimeter network is extensively monitored and a “Gold Standard”
behavior mapping is developed. This mapping is then subjected to further testing and is refined
to ensure that it contains only approved traffic. This final mapping is applied to OSI's SOC so that any
traffic that triggers an alert is properly dealt with. Customer will be able to take a variety of actions
depending on the type of policy infringement.
Configuration Assessment – Swordfish PolicyMonitor
™
The Configuration Assessment (Swordfish PolicyMonitor) retrieves configurations from firewalls,
routers, IDS/IPS, *nix systems and analyses them using pattern recognition in order to identify actions
and deviations from normal administration. The Swordfish Configuration Assessment module is an
invaluable tool to track configuration changes over time, attribute them to users performing the
actions and maintain a complete history map of all interactions with network management equipment.
www.obrela.com
True
regulatory
compliance
finally
made
easy.
The significant increase in the number of governments’
regulations over the confidentiality, integrity and availability of
sensitive information has drastically affected the operating
requirements of security departments. These new requirements
have created a large time‐sink for security departments in
collecting, organizing, monitoring and reporting on event logs to
detect and manage control‐related activity.
As a result, it’s no surprise that companies across all industries are
calling out for technology to automate the required but time
consuming processes.
Designed around best practices, Obrela Security Industries SIEM
solution leverage the NIST 800‐53 (FIPS 200) standard to provide a
comprehensive system for the implementation, assessment and
monitoring of control effectiveness, including access control
changes, administrative activity, log‐in monitoring, as well as
change and risk management.
Each Compliance Package automatically maps these technical
checks to the standard to place them in policy and risk‐relevant
operational context, allowing organizations to focus on key
services and business processes within the enterprise.
Obrela Security Industries brings these two compliance standards
together to deliver the most relevant and comprehensive set of
compliance content in the SIM market today:
Comprehensive report templates assessing the
effectiveness of internal controls
Extensive graphical dashboards for continuous
compliance oversight
Focused tracking of administrative activity delivering
effective separation of duties
Real‐time identification of high risk activity
Integration of each non‐compliance issue in the Security
Incident Response procedure followed by the Security
Operations Centers in order to achieve “true
compliance”
Ability to map assets to more than one compliance
category
Effective Log Management requires broad event collection, efficient
storage and straightforward analysis of large amounts of log data. Obrela
Security Industries Enterprise Log Management service uniquely
addresses these challenges along with simplicity in deployment and
management, from small to enterprise scale, and elimination of tradeoffs
between performance and efficiency.
By leveraging the event collection and normalization abilities of our SIEM
Technology, Obrela Security Industries collects and securely stores log
data from hundreds of types of commercial products. Clients using Obrela Security Industries Log Management Services enjoy the ability to perform
"forensics on the fly", run Ultra‐fast searches of raw and structured log
data via a simple, Google‐like interface without any concerns regarding
technology risks, deployment, storage size monitoring, scalability,
security and performance. High performance search and reporting can
reduce hours of manual effort down to minutes or seconds valuable
especially in periods where time matters, such as during the investigation
of security incidents.
Obrela Security Industries Log Management services being based on
isolated and secured n‐tier distributed and highly available architectures
also guarantee that the process of logs analysis and regular reporting
poses no negative impact on collection, normalization and correlation
performance, nor it compromises storage efficiency.
Our Enterprise Log Management offering provides:
Multiple and scalable retention policies on data collected
(capacity & retention time)
Unrestricted search using free‐text or structured queries Unlimited number of Reports and Dashboards
Granular access controls on Logs, Reports and Dashboards Ability to keep the Raw (unparsed) Logs for litigation purposes Integrity checking using multiple timestamps and hashes to
establish a chain of custody
24x7x365 support by our Security Operations Centers teams
Enterprise
Log
www.obrela.com
As consumers become more comfortable with online financial
services, the sheer number of transactions and amount of money
handled via the internet has exploded. This has brought an equally
large boom in online fraud. Today’s online banking customer faces
financial risks from bots, viruses, hackers and phishers. In fact,
growth in fraud may derail online financial services if widespread
fraud can’t be stopped.
Obrela Security Industries Fraud Management Services detect
and prevent online fraud by evaluating and scoring financial
transactions in real time. Unlike legacy fraud prevention
technologies, Fraud Management Services can correlate activity
across multiple banking channels, to detect sophisticated fraud
schemes that span online, ATM, telephone and bank branch
activity.
Our services can leverage existing client side legacy fraud
detection technologies by aggregating information from a variety
of risk and fraud scoring products, to create a single, high‐level
risk score of any transaction, as it occurs.
Obrela Security Industries can proactively monitor FMS systems
and applications, looking for suspicious activity and notifying when
fraudulent behavior and events require additional analysis,
investigation or action. Customer Transaction Verification can be
performed when required, given event critically and historical data.
Security event information is being consolidated and reported to our
Security Operations Centers (SOC) where it is being correlated &
monitored and manually validated on a 24X7 basis. Incidents
requiring attention are escalated based on mutually agreed SLA and
are monitored until closure via an integrated ticketing system.
Fraud
Management
Services
Unlike
legacy
fraud
prevention
technologies,
we
correlate
activity
across
multiple
banking
channels,
to
detect
sophisticated
fraud
schemes
that
span
online,
ATM,
telephone
and
bank
branch
activity.
Obrela Security Industries Cyber Security Incident Response
services are provided with a powerful combination of proactive
planning and 24 x 7 handling of security incidents.
Our Incident Management and Response services enable client
organizations to respond quickly and confidently to computer‐
related security incidents ‐ including system compromise, virus
infection and denial of service attacks ‐ helping you minimize
downtime and lost revenue.
The Security Incident Response Team provides onsite & remote
support and guidance to the client for the mitigation/containment
of any security incident that may occur. This may include technical
assistance in any of the following fields:
Collection and Interpretation of the all data and logs
related to the Incident
Guidance on the actions needed to contain the
threat/incident
Guidance for recovery actions if that’s necessary
and all the phases of the SIRT methodology: Identification Assessment Repressive Actions Eradication Recovery Follow‐up Monitoring
Additionally, Obrela Security Industries can help clients be prepared
against security incidents by conducting criticality and vulnerability
assessments, threat analysis, creating a an appropriate control
framework, mapping the implications of people / process /
technology / information and review the state of readiness in cyber
security incident response.
