Cyber Defense

Overview

The Challenge

Security solutions such as anti-malware, NBAD, and IDS/IPS  are necessary, but not enough for comprehensive protection of government networks. These commercial off-the-shelf (COTS) products have known specifications, can be circumnavigated and have not been designed to implement custom government security requirements.

How Qosmos Inside Solves the Problem

Use Qosmos ixEngine to build custom 2nd line of defense based on network sensors, that can detect and mitigate advanced threats.

Benefits for Governments

  • Own custom solutions based on government security expertise & requirements
  • Ability to adapt solutions quickly and accurately to new situations
  • High technical performance
  • Efficiency: time, resources, costs

Example of Implementation

cots schema

Information Extracted for Cyber Protection

Recognized Applications and Protocols (sample)

  • Instant Messaging: AIM, Skype, Yahoo, Google Talk, QQ, etc.
  • Webmail: Gmail, Hotmail, Livemail, Yahoo mail, etc.
  • Network: IP, TCP, FTP, Ethernet, DNS, DHCP, UDP, etc.
  • Audio/Video: H.323, SIP, MGCP, RTP, RTCP, MMSE, RTSP, Shoutcast, Yahoo Video, SCCP, etc.

Extracted Information (sample)

  • User ID
  • IP address
  • Date & time of login / logoff
  • Instant Messaging: Login, Sender, Receiver, File Transfer, Attached Documents
  • Email: Subject of email, Recipients, Content of email, Attached documents (content + metadata), Header field, Envelop field
  • Data transfer sessions (type, content, time)

Characteristics

Characteristics of COTS Cyber Defense Barrier

  • Can only detect standard attacks and known threats
  • Specifications and capabilities may be known to adversaries
  • Backdoors could have been hidden in the product before delivery to the cyber security teams
  • Main role is to filter out known threats and ease the work for the Custom Barrier (see below)

Characteristics of Custom Cyber Defense Barrier

  • Developed by government cyber security teams, based on Network Intelligence provided by Qosmos
  • Leverages specific security policies and expertise that only the security team has (not the COTS vendors)
  • Able to detect weak signals of abnormal behavior which could mean a compromised network
  • Able identify new types of threats before they are implemented in COTS
  • Only deals with “outside the norm” threats, so a limited team of cyber security experts can concentrate on real attacks instead of minor problems or false alarms
  • Can be built to identify attacks on specific networks or specific countries

Qosmos technology has a unique ability to drill down into IP network traffic, extract detailed information and present it in a structured format. This is the foundation for the new types of solution required by organizations that need to protect mission-critical IP networks.

Jeremy Parsons, President & CEO, Mantaro PDS

mantaro