By Paolo Valpolini
Rafael Advanced Defense Systems is a multi-domain company that provides solutions of various kinds, ranging from tactical to strategic levels. Its Air & C4ISR Division is the one in charge of providing cyber defence solutions aimed at top players, governments and major agencies, exploiting company proprietary technologies and algorithms, which include a lot of automation, developed by the research and technology Department.
Rafael realised that at top level there was a lack of solutions, hence it concentrated on this segment. The company is i.e. the prime contractor for Israel National Cyber Event Readiness Team (CERT), which includes different other providers. All its products are open architecture in order to allow a quick reaction to evolving threats.
“We must be aware that there is no way to stop all cyber attacks on a nation,” Dori, one of the company responsible for cyber defence tells EDR On-Line at Milipol Paris, explaining that understanding what is going on and what is the potential risk is key to face cyber threats. “We first look at acquiring a full situational awareness, considering trends, global intelligence and incidents,” he adds, collecting those information from all organisations, systems developed by the company allowing to forecast possible effects, a “what if” capability so to speak, to understand which sectors and which organisations might be hit, and which might be the consequences. Artificial intelligence is exploited to correlate the various events, in order to provide Tier 1 analysts a playbook allowing them to issue an instant report, Rafael tools providing an automatic layout of the report based on inputs and information acquired. A summary report will then be issued, which will be used for lessons learned and after action review, and might brig to some automatic changes in the aforementioned playbook. A higher threat intelligence platform managed by higher level analysts allows to correlate information, all those being translated into a common language, the STIX 2.0 (Structured Threat Information Expression). “This system takes into account past experiences, analyses patterns and methods, and allows to create profiles that permit predicting the next moves of an attack,” Dori explains. “We can get to an 80-90% accuracy, depending on the quality of the intelligence,” he adds, “as event in the more sophisticated has around 80% of the tools have already been used, which allows to recognise the attack and understand the attack vector, eventually also allowing identifying the group which is behind the incident.”
Two products were unveiled by Rafael at Milipol Paris, the first one being the SCADA Dome, SCADA standing for Supervisory Control and Data Acquisition. SCADA. The system is aimed at protecting Industrial Control Systems (ICS), of which SCADA is the largest subgroup. SCADA Dome is made of four protection layers, a physical layer, an industrial network protection layer, a computing infrastructure security layer and a security situation awareness layer.
The SCADA Dome is aimed at protecting large industrial infrastructures and alike, while the Cyber Dome, the second system shown in Paris, is a higher level system, which can be scaled up from a single Security Operations Centre (SOC) up to a nation-level CERT. It is based on the experience acquired by Rafael in the aforementioned Israel CERT and in other operations, and is aimed both at private and public sectors, for those domains that are highly exposed to cyber risks.
Photos by P. Valpolini