LightSEC: Dynamic Cyber Defense in Real Time

The cooperation between ECI Telecom’s cyber technology division and the Check Point Company (as well as other companies) yielded a security system for dealing with cyber warfare threats that offers 15 information security capabilities in a single box. Exclusive interview

LightSEC: Dynamic Cyber Defense in Real Time

Many elements in the history of the ECI Telecom Company parallel and reflect the story of the Israeli high-tech industry. Initially, it consisted of labor-intensive central electronics industries engaged in the development of systems with discrete and analog components. Subsequently, it moved on to digital applications using integrated circuits, experienced technological changes of direction and global crises and switched to investments in various innovative activities.

The uniqueness of ECI is that despite its “seniority” (it has been in the business for more than fifty years) and despite the major crises it experienced as a member of the global telecom industry, it has recently entered one of the hottest fields of activity of the global high-tech industry, the cyber technology field, in a big way – all in order to provide a comprehensive solution to its telecom clients.

In its early days, ECI Telecom’s cyber technology division had signed a unique cooperation agreement with the Check Point Company. Today, about eighteen months after its establishment, the division has dozens of employees and is actually marketing systems of the LightSEC family, which incorporate the fruits of the cooperative alliance with the Check Point Company and other companies.

Sigal Barda manages the development activities of ECI Telecom’s cyber technology division and Ronit Kfir is in charge of marketing. Sigal possesses extensive experience of more than twenty years in telecommunications companies, including six years with ECI, and Ronit gained extensive sales experience working for industry giant Symantec.

For many years, ECI developed encryption and other information security solutions for its clientele, which may be divided into three primary vertical segments: the military segment, the telecom segment (service providers) and the infrastructure segment, including electrical corporations and railway system operators. Over the years, ECI realized that the demand for its solutions was increasing, owing to the increasing openness of telecom systems on the one hand, and the growing concerns about hostile cyber activity on the other hand. Consequently, ECI decided to consolidate and reinforce the security solutions offered to its clients. That was how the LightSEC product series and the cyber technology division were conceived. Over the last year, two dedicated cyber technology development teams have been established at ECI: one at the Company’s HQ in Petach-Tiqva and the other at ECI’s R&D center in Omer.

“As a research and development organization, I can testify that the cooperation and the extent of involvement between ECI and Check Point are unique in this field, across the market. Research and development teams of both companies cooperate closely on a daily basis. The cooperative alliance established between the companies has yielded the ultimate solution for dealing with cyber warfare threats in the telecom world. We have been living the telecom world and its needs for many years and this combination enables us to introduce the cyber content world into ECI’s communication network world in an optimal manner,” says Sigal Barda. “In order to establish our development layout we recruited talent from within the Company along with cyber technology and Big Data specialists from other companies. We invest substantially in research and development activities according to the plan we had devised. Today, we have a product that offers an optimal solution to cyber warfare threats and is operated successfully by our clients. Our two development teams currently consist of a few dozen employees. The strengths of our cyber technology division stem from the ‘incubator’ conditions provided by ECI and from the extensive knowledge the Company gained over the years in the fields of telecommunications and information security.”

“LightSEC enables, among other things, a connection to the information security engines the client already has and complements those engines to form a comprehensive solution of seven levels in a single box,” explains Ronit Kfir. “LightSEC is a comprehensive solution with the most extensive information security management system currently available on the market. It operates on the basis of a Network Function Virtualization (NFV) platform or as a stand-alone solution and was intended and designed for the operation and automation networks of various service providers. The hardware by ECI runs a range of software packages and security engines, including the security engines by Check Point. Over the last year, both Israeli companies have been cooperating and the development teams of both companies have been working on the solution together. Apparently, Check Point has OEM-level cooperative agreements with other companies, but it has a full cooperation agreement only with ECI.”

The NFV infrastructure on which LightSEC is based is a new device that is much in demand in the telecom market. It is supervised by the European Telecommunications Standards Institute (ETSI). Another advantage of LightSEC stems from the fact that the system can bundle and present to the user all of the cyber events from all of the security engines operating within the organization – all on a single display screen, along with a risk grading that guarantees appropriate handling of each event according to its risk level. This makes LightSEC suitable for clients with different needs who already have different security engines and solutions and for clients who use communication networks by different suppliers.

LightSEC-V is a management system for cyber technologies installed and operating on the NFV boards integrated in the infrastructure products ECI supplies to its clients and as stand-alone products. The management system bundles information from other products the client uses and provides a single, comprehensive picture of the network status along with other tools for processing and analyzing the information collected.

“LightSEC provides our clients with flexibility in the assimilation of cyber protection dynamically, in real time,” says Sigal Barda. “The product enables the user to identify cyber events and collect them from all of the security devices in the client’s network, and that applies to devices supplied by ECI as well as to devices that had been installed previously. Collecting the information from multiple devices and running our information analysis solutions in a smart, network format enable the user to monitor additional security events and enhance the level of certainty in spotting security loopholes. In this way we simplify the user’s activity while providing a prompt, comprehensive solution to the events while they occur. The client is provided, in real time, with processed information monitoring of all of the security events occurring in the network at a given moment, and based on this information the client can take defensive measures immediately. It is a well-known fact that the time factor is a critical factor in the cyber warfare world.”

What about competition?

Ronit Kfir believes in the uniqueness of LightSEC: “We enjoy competition, as it only improves us,” she asserts. “There are very few competitors to the complex of 15 security capabilities in a single box that we offer our clients. Each security component of the 15 running on the box has a specific competitor that can only compete within its specific niche.”

“Our uniqueness is in the concept and strategy of taking the NFV to the realm of cyber security. Using a solution based on smart service chaining, LightSEC determines the security engines the information should go through according to the type and source of the information. This enables maximum utilization of the data transfer rate on the one hand and the system performance on the other hand. In order to ensure the best performance, the information should not run through all 15 information security engines – but only through the engines that are relevant to it.

For example, for SCADA type information, LightSEC offers information filters that are different from those used for other types of information. When the information is identified as suspicious, the system will nevertheless pass it through all 15 security engines, despite the fact that the definition based on the type of information prescribes that it should only be run through several specific engines. This capability provides a solution to numerous information security challenges. The real information security challenges are occurring right now, and we want to provide a prompt solution for them before the antivirus vendor has identified a new virus, which is, in fact, a post-event situation.”

“The Network Function Virtualization (NFV) world is a complete ecosystem made up of several elements, with each element existing independently. It is like a ‘Lego’ model that may be assembled from different blocks. Today, ECI offers products for each element of this ecosystem. You may purchase each one of these products individually. The product is already being sold to and installed successfully by clients worldwide. For example, we have a major defense client in Europe as well as an ISP client in England,” says Ronit.

“The telecom world is changing, the world is changing. Cyber warfare attacks do not follow a vertical segmentation: they attack Madonna and Sony Pictures and at the same time they may attack banks and military systems,” says Ronit. “The approach is different. Admittedly, each one of the clients looks at his/her own end station and gives it a different name, but eventually, with all of them it is an end station. With banks, the end station may consist of an ATM, in telecom, it may be an antenna and in the field of infrastructures – a train station; but there are very clear definitions between the command center and the end station and there are protocols in use, so that as far as we are concerned the world is becoming increasingly flatter, and the same applies to specific areas in the world. We see attacks arriving from the sea; somewhere offshore there is a ship carrying a few servers and the attacking party wants to stage the attack from that ship. We see attacks coming from different countries. During Operation Protective Edge, last year, we had a different chart of cyber warfare attacks than the one we have had more recently, around the time of the attack in France. The world, as a global village, is growing smaller. ECI has branches in dozens of countries worldwide. All of those countries are vulnerable to cyber warfare attacks and we have a solution for all of them.”

You might be interested also