Description Company: None


Intelligence Enabled Next Gen SOC

Keywords: Security operation center, dynamic risk assessment

Functional Components Description

Leonardo’s Next Generation Security Operation Center (NextGen SOC) provides a significant range of Managed Security Services to large and critical organization. Currently, the security services portfolio is composed of a full range of service in the phases of Prediction, Prevention, Proaction and Reaction. The predictive capabilities of Leonardo’s NextGen SOC are significantly enhanced by the Leonardo’sThreat Intelligence solutions with services proactively targeting the detection of cyber threats, the management of vulnerabilities and the response to security incidents.Leonardo’s Threat Intelligence Solutions include systems and services based on the monitoring and analysis of large amounts of open source data, deep and dark web, aimed at detecting cyber attacks being prepared and information illegally stolen and published on the web. The solution also provides a comprehensive overview on brand or event sentiment, and the prevention of cyber frauds carried out through the Internet. Since the human factor is essential, even though edge technologies such as artificial intelligence are used to enhance research and highlight deductions, new links and information, Leonardo’s analysts team operates through the Intelligence Operation Center supported by next generation SOCs. The system processes information and data through an end-to-end flow ranging from the collection of open sources information (OSINT), to the building of a knowledge base to carry out analysis and reasoning. Both artificial intelligence techniques and a big data analytics engine are used for the purpose.

Use request Private

Services provided:
- Predictive Identify the threat before it can became a problem for customer security (IOC)
- Preventive Identify the customer security problem before it can became a security incident (RTSM _ SDM)
- Proactive Identify the security incident and activate all necessary processes (RTSM – SSM)
- Reactive Reacts to the security incident by performing all necessary actions (CSIRT)

Services:
- Predictive Identify the threat before it can became a problem for customer security (IOC)
- Preventive Identify the customer security problem before it can became a security incident (RTSM _ SDM)
- Proactive Identify the security incident and activate all necessary processes (RTSM – SSM)
- Reactive Reacts to the security incident by performing all necessary actions (CSIRT)

Technical equipment
- HPC: 500 TFlops High performance computing resources elaborating 500,000 bln operations every second.
- Cloud infrastructure.


Cyber Threat Intelligence Services

Keywords: Vulnerability detection, attack detection, monitoring, Darknet, real-time analysis, Fraud detection

Functional Components Description

Leonardo’s Threat Intelligence Services include three sets of functionalities that can be selected according to customer’s context and requirements.Each set is configurable into single services designed to operate in specific application scenarios, in cloud or on premises, depending on the operating context:
Cyber Threat Intelligence: detects new vulnerabilities, cyber-attacks being prepared and information illegally stolen from companies and organisations posted on the Internet, through the continuous monitoring of web and darknet sources and the realtime analysis of huge amounts of data searching for possible clues.
Social and Security Threat Intelligence: acquires, analyses and correlates information on open sources in order to offer a complete overview of the online sentiment related to socio political events. This contributes to improve the awareness of imminent potential threats against the customers’ assets.
Fraud Detection Threat Intelligence: prevents internet frauds relevant to phishing campaigns, domain hijacking and theft of digital identities through the continuous monitoring of web and darknet sources aimed at identifying attackers and improving the customers’ ability to protect themselves against internet frauds.

Use request -

Services provided: The customer can choose, according to the specific sector and its peculiar needs and requirements, to install a Leonardo Threat Intelligence system on premises and to include, in addition to the design & build of the solution, also on site ongoing support provided by Leonardo (on premises model).
Selecting the full-outsourcing model, the customer can decide to use a subset of services with pre-configured functions based on specific application scenarios of interest and receive automatic reports that can be used without the support of analysts.
Customers can also decide to implement the system at their premises and simultaneously make use of Leonardo’s infrastructure only for those services that require high computing capacity without facing additional costs (hybrid model).
Leonardo’s Threat Intelligence on-premises model is better suited to the needs of Law Enforcement and Intelligence Agencies for counter terrorism activities and for the support of investigation and crime preventing activities.
On the contrary, hybrid or remote models, best meet protection and cyber resilience needs of critical infrastructures and multi-national strategic enterprises with international networks.

Services:

Technical equipment
HPC: 500 TFlops High performance computing resources elaborating 500,000 bln operations every second

Security Evaluation Facility

Keywords: Security evaluation, civil, military

Functional Components Description

The Leonardo Security Evaluation Facility (LVS) is operational since 2017 following the incorporation into Leonardo of the pre-existing Consorzio RES LVS (active since 1997), in response to the ICT market growing needs in the framework of security processing and maintenance of electronic data. Consorzio RES operates in accordance with the international standards ISO/IEC IS-15408 (Common Criteria) and ISO/IEC 27001 (ex BS 7799). LVS, qualified by the Information Security Certification Body (Organismo di Certificazione della Sicurezza Informatica – OCSI), the meets following requirements:

Use request -

Services Provided:

LVS operates as:
- Security Evaluation Facility qualified by OCSI
- Global Consultant in the physical, organizational and ICT security
- ICT consultant for military security certifications (consistently with the national certification schemes).
The LVS also carries out training and consultancy activities to support the customer in addressing the processes of evaluation and certification In particular, it deals with:
- definition of the security documentation during the preparation fase of the evaluation;
- analysis of the ST/ToE/PP (Protection Profile) to verify if it is evaluable
- training on general security issues in the information technology environment and, in particular, on evaluation techniques

To guarantee impartiality, independence, confidentiality and objectivity in the evaluation process, LVS consultants that provide assistance to a supplier or customer for the evaluation of a ToE or part of it, cannot participate as evaluator in the same process. LVS is able to offer a complete security assessment, not limited to the evaluation process, including security risk assessment, security requirements definition and their formalization in the ST and the definition of the whole documentation necessary to face the evaluation process.

Services:

Technical equipment
- Laboratory
- ISO27001 perimeter
- Specialized SW
- "Design for Certification Methodology"