Security solutions such as anti-malware, NBAD, and IDS/IPS are necessary, but not enough for comprehensive protection of government networks. These commercial off-the-shelf (COTS) products have known specifications, can be circumnavigated and have not been designed to implement custom government security requirements.
How Qosmos Inside Solves the Problem
Use Qosmos ixEngine to build custom 2nd line of defense based on network sensors, that can detect and mitigate advanced threats.
Benefits for Governments
- Own custom solutions based on government security expertise & requirements
- Ability to adapt solutions quickly and accurately to new situations
- High technical performance
- Efficiency: time, resources, costs
Example of Implementation
Information Extracted for Cyber Protection
Recognized Applications and Protocols (sample)
- Instant Messaging: AIM, Skype, Yahoo, Google Talk, QQ, etc.
- Webmail: Gmail, Hotmail, Livemail, Yahoo mail, etc.
- Network: IP, TCP, FTP, Ethernet, DNS, DHCP, UDP, etc.
- Audio/Video: H.323, SIP, MGCP, RTP, RTCP, MMSE, RTSP, Shoutcast, Yahoo Video, SCCP, etc.
Extracted Information (sample)
- User ID
- IP address
- Date & time of login / logoff
- Instant Messaging: Login, Sender, Receiver, File Transfer, Attached Documents
- Email: Subject of email, Recipients, Content of email, Attached documents (content + metadata), Header field, Envelop field
- Data transfer sessions (type, content, time)
Characteristics of COTS Cyber Defense Barrier
- Can only detect standard attacks and known threats
- Specifications and capabilities may be known to adversaries
- Backdoors could have been hidden in the product before delivery to the cyber security teams
- Main role is to filter out known threats and ease the work for the Custom Barrier (see below)
Characteristics of Custom Cyber Defense Barrier
- Developed by government cyber security teams, based on Network Intelligence provided by Qosmos
- Leverages specific security policies and expertise that only the security team has (not the COTS vendors)
- Able to detect weak signals of abnormal behavior which could mean a compromised network
- Able identify new types of threats before they are implemented in COTS
- Only deals with “outside the norm” threats, so a limited team of cyber security experts can concentrate on real attacks instead of minor problems or false alarms
- Can be built to identify attacks on specific networks or specific countries