The Cloud and Mobility revolution, intensified by the quickly evolving threat landscape, heightens the
challenge for businesses to secure their IT infrastructure. Now they must fight security threats that target
their employees, applications, and other assets - not just on-premises, but throughout all of cyberspace.
LightSEC Enables MSSPs to Tame Cyber Security Complexity
1. LightSEC™
The Cloud and Mobility revolution, intensified by the quickly evolving threat landscape, heightens the
challenge for businesses to secure their IT infrastructure. Now they must fight security threats that target
their employees, applications, and other assets - not just on-premises, but throughout all of cyberspace.
The Internet has become the new IT
Enterprises and SMBs are migrating to off-premise data centers and most are already on the cloud.
Their remote-access employees have no offices, nor the resources for superior protection. So, businesses
are left with no other choice, but to outsource their IT security, just as they did for their IT data centers and
applications. This creates a unique opportunity for service providers to provide managed security services,
which supplement the communication services that they already provide.
ECI’s LightSEC solution enables service providers to become managed security service providers.
MANAGED SECURITY SERVICES
FOR SERVICE PROVIDERS
2. ECI’S LightSEC SOLUTION TAMES CYBER
SECURITY COMPLEXITY
Single platform
Consolidates delivery of security services for economical initial
deployment and ongoing operations.
All-Inclusive
Combines multiple security services to provide businesses with
comprehensive protection from cyber attacks.
Intuitive threat assessment
Aggregates all security events and network transaction anomalies on
a single dashboard, facilitating identification and response to attacks
and decreasing false negatives.
Single Point-of-contact
Interfaces with a trusted, long-standing vendor with solid expertise
best practices. This eliminates the need to deal with multiple
suppliers.
Best of breed
Integrates and leverages proven security applications from Check
Point® and other leading suppliers, for uncompromising security
assurance.
Future-ready
In-service upgrades keep pace with the evolving threat
landscape, providing you with peace of mind to do business.
Multi-tenant
A single cloud-based managed security service provider
(MSSP) threat detection system provides unrivaled
cost-effectiveness and ease of service delivery.
3. LightSEC ARCHITECTURE
LightSEC Cloud Solution comprises the following components
ECI’S LIGHTSEC CYBER
SECURITY SUITE
A rich set of mature and innovative security services
developed for today’s MSSP needs, encompassing active
threat mitigation as well as early warning threat detection and
prevention.
Among multiple network security functions, LightSEC
incorporates Check Point’s optimized network security
functions and provides a Next Generation Firewall,
breakthrough Intrusion Prevention System (IPS), URL
Filtering, Anti-Malware, and more.
LIGHTSEC-VTM
INTUITIVE
THREATASSESSMENTPLATFORM
A comprehensive threat assessment and management
platform that features an aggregated view of calculated
threats from the entire cyber security suite. LightSEC-V
also provides adaptive risk grading that correlates multiple
security functions, so that a CSO can allocate security
experts more effectively according to the apparent severity
level of the alert.
MERCURYTM
NFV DELIVERY
SOLUTION
Delivers security services as virtualized network functions
(VNFs) for ultimate deployment flexibility between
cloud-based and customer premise locations. Mercury
eliminates the dependency on diverse dedicated security
appliances.Using Commercial-Off-The-Shelf (COTS)
technology, Mercury is available as a standalone platform,
or as an integrated blade within the Neptune metro packet
transport system, and comes with full Management and
Orchestration (MANO) support.
For application flexibility, Mercury NFV implements
‘dynamic service function chaining’ to optimize risk
classification and adjust the chain of security functions
required to neutralize any given threat.
4. LightSEC CYBER SECURITY SUITE
The firewall controls all incoming and outgoing
network traffic by applying a designated set of rules.
Simultaneously, it provides multilayer protection
between trusted secure networks and non-trusted
networks, filtered by five security gates. Each security
gate supports intelligent security technologies suited to
a specific layer including, IPsec, NAT, header analysis,
user ID, data validation, full-session state management,
IP/Port/User-based ACL, and URL awareness. This
offering is part of ECI’s alliance with Check Point and
the solution implements their Next Generation Threat
Prevention for multilayer security protection.
IPsec secures IP communications by authenticating and
encrypting each IP packet of a communication session.
IPsec can protect data flows between a pair of hosts
(host-to-host), between a pair of security gateways
(network-to-network), or between a security gateway
and a host (network-to-host). It also supports
network-level peer authentication, data origin
authentication, data integrity, and data confidentiality
(encryption), plus replay protection.
Firewall
IPsec VPN
A real-time, behavioral-based attack mitigation
application that protects the organization infrastructure.
It prevents network and application downtime,
application vulnerability exploitation, malware spread,
network anomalies, information theft, and other
emerging cyber-attacks. It constitutes a world-class
security solution including Distributed Denial of Service
(DDoS) mitigation and SSL-based protection, to fully
protect applications and networks against known and
emerging network security threats. These include
denial of service attacks, DDoS attacks, internet pipe
saturation, attacks on login pages, attacks behind
CDNs, and SSL-based flood attacks. LightSEC DDoS
protection also includes:
• Protection without affecting legitimate traffic
• A comprehensive set of security modules
• Accuracy of inline or out-of-path (OOP) deployment
• Centralized attack management, monitoring, and
reporting.
DDoS protection
Provides application security and identity control. It
enables IT teams to create granular policies easily, based
on users or groups, to identify, block, or limit usage of
over 250,000 Web 2.0 applications and widgets.
Application Control
INTERNET-FACING ACTIVE THREAT MITIGATION
FUNDAMENTAL ACTIVE THREAT MITIGATION
Integrated with Application Control, URL filtering allows
unified enforcement and management of all aspects
of Web security. It provides optimized Web security
through full integration in the gateway to prevent
bypassing of external proxies; integration of policy
enforcement with Application Control for full Web and
Web 2.0 protection; and UserCheck, which empowers
and educates users on Web usage policy in real time.
URL Filtering
5. Anti-bot detects bot-infected machines and prevents
bot damage by blocking bot command and control
communications. Anti-virus uses virus signatures and
anomaly recognition to block malicious files at the
gateway before they can affect users. Continual updates
from ThreatCloud, the first collaborative network to
fight cybercrime, ensure the latest available protection
measures from the ever-evolving threat landscape.
Anti-Bot and Anti-Virus
Eliminates malware contained in emails and
web-downloaded documents. It removes exploitable
content (including active content and various embedded
objects) and reconstructs files using known, safe elements.
Provides comprehensive protection for the
organization’s messaging infrastructure. A
multidimensional approach delivers highly accurate
spam protection and defends organizations from a wide
variety of virus and malware threat attempts via email.
Continual updates assure interception of all threats
before they spread.
Threat Extraction
Anti-Spam and Email Security
This breach detection and remediation solution
comprises one or more network applications (physical
appliances and/or virtualized delivery) together with
software modules. These connect passively to the primary
switches of your internal network, find compromised
endpoints and stolen credentials proactively, and then
proceed to flag and remediate them. The solution works
in a three-step iterative process to identify and mitigate
attacks, as follows:
• Detect - The application passively monitors
network traffic and profiles the behavior of each
user/endpoint. Without requiring any configuration
or signatures, it detects subtle deviations in the
network, based on analysis of network behavior and
gathered historical KPIs.
• Illuminate - Further investigates traffic anomalies,
automatically scans suspected traffic, and collects
host-level indicators to identify the origin of
suspicious activities. This unique network-centric
detection and analysis, augmented by cloud-based
threat intelligence, provides your security team with
actionable incidents with an extremely low false-
positive rate.
Network Anomaly Detection
EARLY WARNING THREAT DETECTION AND PREVENTION
• Remediate - The actionable information generated
for each breached system enables efficient triage
and remediation. The solution purposely keeps
the number of alarms (and false positives) to a low
manageable number, so that security officers can
mitigate breaches efficiently and quickly. This can be
executed early in the attack life cycle, before any real
damage is done.
Big Data Cyber Analytics detect patterns that may
indicate malicious users and trends, to prompt action
before a problem occurs. Similar to Network Anomaly
Detection traffic analysis, Big Data Cyber Analytics
analyzes information over time, including log files of
user behavior, flagged information from deep packet
inspection (DPI), and other data feeds. It employs
sophisticated big-data machine learning without
predefined rules, signatures, or heuristics.
Big Data Cyber Analytics