2017 global technology leadership award cyberbit …...frost & sullivan research notes that with...

2017 Global Cybersecurity Detection and Response

Technology Leadership Award

BEST PRACTICES RESEARCH

© Frost & Sullivan 2017 2 “We Accelerate Growth”

Contents Background and Company Performance .................................................................. 3

Industry Challenges .............................................................................................. 3

Technology Leverage and Business Impact of Cyberbit .............................................. 4

Conclusion........................................................................................................... 9

Significance of Technology Leadership .................................................................. 10

Understanding Technology Leadership .................................................................. 10

Key Benchmarking Criteria .................................................................................. 11

Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices ....................................................................................................... 12

The Intersection between 360-Degree Research and Best Practices Awards ........ 13

Research Methodology ........................................................................................ 13

About Frost & Sullivan ........................................................................................... 13



Background and Company Performance

Industry Challenges

Increasingly prevalent cyber-attacks and hacking incidents continue to drive governments to enact new defense measures and upgrade their existing cybersecurity infrastructure to combat these threats. Cyber threats have evolved beyond attempts to infect hardware with malicious code or deface government websites—modern cyber-incidents occur as well-orchestrated, coordinated attacks from myriad participants targeting critical national infrastructure, mission-critical private-sector systems, financial institutions, as well as essential government services.1 Many of these attacks follow a structured approach—reconnaissance, intelligence gathering, and incursion—yet it remains difficult to identify and mitigate these threats before they harm a network.

These cyber-attacks on governments can cause critical damage to a government’s day-to-day operations, while also leaving them vulnerable to further breaches from other non-state actors. Many countries already support robust cybersecurity frameworks with many moving towards legislation- and compliance-driven security protocols for critical systems or continue operations of country-specific computer emergency response teams.2 Frost & Sullivan research notes that with increasing technological convergence and mobile connectivity, such as cloud computing, the Internet of Things, and e-governance, cybersecurity must remain a fundamental aspect of any government security agenda globally.

In addition to government networks and control systems, cyber-attacks also target critical national infrastructure (CNI), such as utilities, ports, airports and transit centers, financial institutions, and large enterprise networks. Most CNI entities and enterprises use legacy control systems or only one type of cybersecurity network protection, leaving them vulnerable to attacks even as they undergo various system upgrades. Many of the legislative mandates call for increased cybersecurity measures and mandatory incident reporting when CNI operators or government departments face a security breach.3

New legislation will mandate more advanced network monitoring and more precise incident detection services for critical government defense and private-sector systems. Frost & Sullivan finds that governments are focusing on strengthening their information technology (IT) infrastructure and networks through standardized testing and evaluation protocols, certified security products, automated monitoring and incident reporting, and deploying trained cybersecurity staff to ensure comprehensive cybersecurity protections.4

1 See Frost & Sullivan’s Government Cybersecurity, 9AB0-23, June 2016. 2 See Frost & Sullivan’s Government Cybersecurity. 3 See Frost & Sullivan’s Government Cybersecurity. 4 See Frost & Sullivan’s Government Cybersecurity.



Even with this increased awareness of their vulnerabilities, organizations continue to experience exponential growth in cyber-attacks year over year, specifically those uniquely designed to attack a particular network or system. The continuing technological shift towards increased connectivity also opens even more vulnerable endpoints through mobile device connectivity, the Internet of Things networks, software-as-a-service offerings, and cloud computing. Organizations also face a dizzying array of choices in cybersecurity vendors offering different pieces of a complete cybersecurity solution and face a significant skills shortage of operators to run these security systems. Determining a security vendor that excels in detection and response, provides a complete cybersecurity solution, along with the operator training and more proactive protections, will be the ideal choice for protecting CNI and government systems.

Technology Leverage and Business Impact of Cyberbit

Cyberbit provides its global customer base of government, defense, critical national infrastructure, and private-sector enterprise customers with stand-alone products as well as integrated cybersecurity solutions to secure IT networks and industrial control networks from cyber-attacks; improve Security Operation Centers' (SOC) efficiency; and train cybersecurity experts hands-on in a real-world environment. Headquartered in Ra’anana, Israel, with local presence in North America, Europe and Asia, Cyberbit is a subsidiary of NASDAQ-traded (ESLT) Elbit Systems, Israel's largest defense contractor. Cyberbit leverages technology, IP (intellectual property), and expertise gained over more than a decade as Elbit's cybersecurity and intelligence division, together with capabilities from Nice's cyber division, acquired by Elbit in 2015.

Taking Detection and Response to the Next Level

Cyberbit recognized the need for government, defense, and enterprise customers to improve their security posture to fit current challenges—e.g. advanced and targeted threats manage to bypass existing security; significantly large detection and response times, taking days to weeks for identification and response; and a constantly growing skill shortage coupled with a growing need for cybersecurity trained and qualified personnel. Cyberbit's products and solutions address these needs and focus on detection, mitigation and response, focusing the organization on what's important, and by increasing security teams' effectiveness while reducing organizational risk. The company’s cybersecurity product offerings can benefit one particular market segment as well as combine with each other to create a robust cybersecurity system protecting all aspects of a customer’s cybersecurity operations. These market segments include endpoint security, Security Operations Center (SOC) automation and orchestration, Industrial Control Systems (ICS) security, and security training and simulation. Cyberbit provides one of the most effective solutions for detecting unknown, signature-less and targeted threats, including file-less attacks and ransomware, by using machine learning and behavioral analytics, enabling quick identification of root cause and response. Cyberbit's approach was proven to provide its customers with substantially higher detection and response capabilities, while keeping



low false positive ratios. As a result, security teams can focus on high priority alerts and are not distracted and overloaded with false alarms.

Cyberbit Endpoint Detection and Response (EDR)

Cyberbit EDR detects unknown and targeted threats that bypass conventional systems while keeping low false-positive ratios. The system continuously monitors network hosts (endpoints and servers) and the granular data is collected and sent to a central on-premise Big Data repository. Cyberbit EDR then analyzes the collected data using both machine learning and behavioral analytics to identify potential threats. As much as it is a detection tool, Cyberbit EDR operates as a forensics and proactive hunting platform which provides highly efficient forensic capabilities, and presents findings in an easy-to-read graphical view of threats detected, allowing operators to quickly understand the threat, identify the root cause and execute the best mitigation and response measures. By using behavioral analysis and machine learning, Cyberbit EDR can detect threats that not only bypass signature-based systems but also next generation endpoint security systems that rely heavily on known Indicators of Compromise (IOCs).

Cyberbit Security Suite

Source: Cyberbit

Cyberbit EDR Graph-Based Malware Analysis

Source: Cyberbit



SCADAShield

SCADAShield protects Industrial Control Systems (ICS) deployed by critical national infrastructure, manufacturers, governments and defense organizations. Most attacks on critical infrastructure start by penetrating the IT network. However, ICS security solutions focus on the OT (operational technology) network. Cyberbit's SCADAShield is the only ICS security solution protecting the entire ICS attack surface including SCADA attacks and IT to OT threat vectors, while assuring operational resilience and continuity. SCADAShield provides continuous passive monitoring, security analytics, full visibility and forensics. SCADAShield uses Deep Packet Inspection (DPI) methodologies for SCADA network analysis, and deploys machine learning algorithms over Big Data to analyze information from the SCADA, industrial IT, and corporate IT networks to detect IT to OT communications, machine-to-machine, and remote maintenance threat vectors. SCADAShield automatically builds a real-world network map, displaying all network assets and communications, and identifying IT/OT touchpoints.

SOC 3D

Incident response teams are often overwhelmed with incidents and miss critical incidents which risk the business. SOC 3D is the only automation and orchestration platform that also provides Big Data security analytics for real-time investigation and response. Cyberbit’s SOC 3D uses a single pane of glass for automating and orchestrating the incident response process and increasing its efficiency. SOC 3D creates a business-driven SOC by prioritizing incidents according to their business risk, focusing the incident response process on what matters the most. SOC 3D substantially reduces the time to respond to an incident by automating the entire response cycle, including decision-making, data enrichment and response playbooks. It provides Big Data security analytics,

SCADAShield’s Comprehensive Network Map

Source: Cyberbit



which add visibility and context to security alerts. Analysts can also investigate raw data from the security information and event management (SIEM) system, security devices, and additional organizational systems.

Cyberbit Range

Cyberbit Range is a hyper-realistic cyber simulation platform that enables service providers, enterprises, governments and academies to set up cybersecurity training centers that train security teams and business professionals in confronting advanced cybersecurity threats, and for testing security tools and architectures. Cyberbit Range supports both individual and team training and simulates both IT and OT networks. The simulation operates as a fully customizable environment with real-life settings and complex attack simulation, capable of simulating the actual networks that trainees will be working on. Benign traffic and custom attack scenarios are injected into the simulated network, training users on detecting, investigating and responding to the latest cyber-attacks, including ransomware and malware. The system records the entire training session for team debriefing, review, and evaluation of the trainees' performance. Cyberbit Range trains systems operators, security teams, IT teams, and executive leadership through both individual and group training sessions. The system’s simulation capabilities also allow customers to use the system as a testing tool for any potential new devices, new security protocols, or network security reconfiguration and see how these changes would affect their overall network security before carrying out these changes.

SOC 3D Incident Response Automation Panel

Source: Cyberbit



Cybersecurity Expertise Fostered By Customer Need

Cyberbit’s expertise, technologies, IP, and deep knowledge of the market originates from over 15 years of supplying high-end security solutions to Elbit Systems' government and defense customers. As it continues to expand beyond its defense industry roots, Cyberbit is dedicated to enhancing its cybersecurity solutions and bringing together comprehensive industry expertise. Since its separation from Elbit in 2015, Cyberbit has expanded its global customer base in all verticals: government, defense, critical national infrastructure entities, financial institutions, and other large private enterprise customers in the Americas, Europe, and Asia. The company protects hundreds of thousands of endpoints throughout its extensive install base and maintains market leadership throughout its four major market segments, particularly within the cybersecurity simulation sector.

The breadth of security solutions offered by Cyberbit gives customers the assurance that their next-generation security needs are met. The installation and system integration ease, together with global maintenance and support programs Cyberbit offers, makes Cyberbit an appealing company to work with due to its dedicated product teams. These teams also remain available to service and support throughout the life of the system allowing for easy system maintenance or repair as needed. Many enterprise customers appreciate Cyberbit’s history as a trusted government contractor with high brand reputation and rely on its security solutions. Cyberbit participates in many industry trade shows, content marketing opportunities, and thought leadership experiences to teach commercial enterprise customers about its history and showcase its legacy of successful integrations. The company focuses on enhancing operations for both commercial and

Cyberbit Range’s Training Platform Dashboard

Source: Cyberbit



government customers through growing its global partner and channel network as well as strengthening its support and system deployment teams globally. Cyberbit continues to focus on delivering uncompromising cybersecurity offerings to meet customer needs throughout multiple industries and around the world.

Conclusion

As cyber-attacks become more pervasive globally, governments, financial institutions, utilities and enterprises must find ways to protect their networks. With many attacks created to target specific systems, mitigating these targeted attacks becomes increasingly complex. Built by a trusted contractor within the defense industry, Cyberbit offers customers in the public and private sectors with a range of high-performance detection and response solutions to protect their IT and OT infrastructure, as well as in-depth hands-on training to qualify their teams.

With its breadth of cybersecurity expertise and robust technology offerings, Cyberbit is recognized with Frost & Sullivan’s 2017 Technology Leadership Award.



Significance of Technology Leadership Technology-rich companies with strong commercialization strategies benefit from the increased demand for high-quality, technologically innovative products. Those products help shape the brand, leading to a strong, differentiated market position.

Understanding Technology Leadership Technology Leadership recognizes companies that lead the development and successful introduction of high-tech solutions to customers’ most pressing needs, altering the industry or business landscape in the process. These companies shape the future of technology and its uses. Ultimately, success is measured by the degree to which technology is leveraged and the impact that technology has on growing the business.



Key Benchmarking Criteria For the Technology Leadership Award, Frost & Sullivan analysts independently evaluated two key factors—Technology Leverage and Business Impact—according to the criteria identified below.

Technology Leverage Criterion 1: Commitment to Innovation Criterion 2: Commitment to Creativity Criterion 3: Technology Incubation Criterion 4: Commercialization Success Criterion 5: Application Diversity

Business Impact Criterion 1: Financial Performance Criterion 2: Customer Acquisition Criterion 3: Operational Efficiency Criterion 4: Growth Potential

Criterion 5: Human Capital



Best Practices Recognition: 10 Steps to Researching, Identifying, and Recognizing Best Practices Frost & Sullivan Awards follow a 10-step process to evaluate Award candidates and assess their fit with select best practice criteria. The reputation and integrity of the Awards are based on close adherence to this process.

STEP OBJECTIVE KEY ACTIVITIES OUTPUT

1 Monitor, target, and screen

Identify Award recipient candidates from around the globe

• Conduct in-depth industry research

• Identify emerging sectors • Scan multiple geographies

Pipeline of candidates who potentially meet all best-practice criteria

2 Perform 360-degree research

Perform comprehensive, 360-degree research on all candidates in the pipeline

• Interview thought leaders and industry practitioners

• Assess candidates’ fit with best-practice criteria

• Rank all candidates

Matrix positioning of all candidates’ performance about one another

3

Invite thought leadership in best practices

Perform in-depth examination of all candidates

• Confirm best-practice criteria • Examine eligibility of all

candidates • Identify any information gaps

Detailed profiles of all ranked candidates

4 Initiate research director review

Conduct an unbiased evaluation of all candidate profiles

• Brainstorm ranking options • Invite multiple perspectives

on candidates’ performance • Update candidate profiles

Final prioritization of all eligible candidates and companion best-practice positioning paper

5 Assemble panel of industry experts

Present findings to an expert panel of industry thought leaders

• Share findings • Strengthen cases for

candidate eligibility • Prioritize candidates

Refined list of prioritized Award candidates

6 Conduct global industry review

Build consensus on Award candidates’ eligibility

• Hold global team meeting to review all candidates

• Pressure-test fit with criteria • Confirm inclusion of all

eligible candidates

Final list of eligible Award candidates, representing success stories worldwide

7 Perform quality check

Develop official Award consideration materials

• Perform final performance benchmarking activities

• Write nominations • Perform quality review

High-quality, accurate, and creative presentation of nominees’ successes

8 Reconnect with panel of industry experts

Finalize the selection of the best-practice Award recipient

• Review analysis with panel • Build consensus • Select recipient

Decision on which company performs best against all best-practice criteria

9 Communicate recognition

Inform Award recipient of Award recognition

• Present Award to the CEO • Inspire the organization for

continued success • Celebrate the recipient’s

performance

Announcement of Award and plan for how recipient can use the Award to enhance the brand

10 Take strategic action

Upon licensing, company can share Award news with stakeholders and customers

• Coordinate media outreach • Design a marketing plan • Assess Award’s role in future

strategic planning

Widespread awareness of recipient’s Award status among investors, media personnel, and employees



The Intersection between 360-Degree Research and Best Practices Awards Research Methodology Frost & Sullivan’s 360-degree research methodology represents the analytical rigor of our research process. It offers a 360-degree-view of industry challenges, trends, and issues by integrating all 7 of Frost & Sullivan's research methodologies. Too often companies make important growth decisions based on a narrow understanding of their environment, leading to errors of both omission and commission. Successful growth strategies are founded on a thorough understanding of market, technical, economic, financial, customer, best practices, and demographic analyses. The integration of these research disciplines into the 360-degree research methodology provides an evaluation platform for benchmarking industry players and for identifying those performing at best-in-class levels.

About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best-in-class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best-practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages more than 50 years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community from 45 offices on six continents. To join our Growth Partnership, please visit http://www.frost.com.

360-DEGREE RESEARCH: SEEING ORDER IN THE CHAOS

http://www.frost.com/

2017 global technology leadership award cyberbit …...frost & sullivan research notes that with...

Documents