Connectivity Without Compromise
Angel is the first cyber security service designed and developed to cater to the unique requirements of the merchant marine IT environment.
As the maritime sector continues its path to digitisation, the need to secure ship networks, both for business and crew use has become critical. As in all walks of life, cybersecurity threats have grown in reach and complexity and now should be considered as a vital part of the overall safety management in shipping. Angel is the leading cyber security solution for maritime that addresses the evolving cyber threat.
ANGEL is the first cybersecurity service that has been designed and developed to meet the unique and diverse requirements of the merchant marine sector. It secures the vessel’s business, IoT and crew networks by providing oversight, security threat alerting and control of the vessel’s entire network.
With enhanced web filtering, antivirus protection, intrusion detection and prevention, application control, Honeypot, and ICS/Scada protection, it delivers multi-layered protection of the vessel.
The system’s core component is Juniper’s Unified Threat Management platform which works through Infinity to separate business, IoT and crew traffic, providing separate secure network traffic flows. This is all backed up by a team of security specialists dedicated to handling any security issues based at Angel’s Security Operations Centre in Athens.
Distributed and developed by
Angel incorporates a wealth of feature-rich applications that keep your networks running smoothly and safely.
This allows over 150 category options, using a real-time URL threat scorecard delivered in partnership with ForcePoint. In addition, high-risk categories can be preselected and blocked.
All content, both inbound and outbound, can be filtered based on various criteria.
Provided in cooperation with leading anti-malware company Sophos Labs, the system features reputation enhanced, cloud-based antivirus capabilities.
The system features multi-layered spam protection as well as up-to-date phishing URL detection and extension blockers.
The system includes stateful signature inspections with more than 65 protocol and 500 contexts supported. It also offers more than 17,000 signatures for identifying anomalies, attacks, spyware and applications.
Over 4,000 applications can be pre-selected and blocked. The AppTrack feature analyses application data and classifies it, based on advanced criteria while the AppFW feature creates application control policies.
To further protect the network Angel deploys a Honeypot that acts as a decoy to detect, deflect and monitor cyber attacks.
The system also provides full reporting at chosen intervals of all traffic and incidents, including vulnerability assessments and incident alerts.
What is Angel?
ANGEL is an ecosystem which is provided as a Managed Security Service (MSS) with the capability to detect and prevent cyber attacks. A customized daily or weekly report reports the cyber security health status of a fleet. The service is monitored on a 24/7 basis and upon discovery of potential Security Incidents, the Security Operations Centre analysts notify the customer with full incident details and recommended actions / countermeasures to be taken.
Customers can use ANGEL to also gain visibility over bandwidth consuming applications and system network behavior.
Does ANGEL require network reconfiguration?
Absolutely not. ANGEL transparently inspects and analyses network traffic and prevents attacks, malware, viruses, intrusion attempts and unwanted traffic. ANGEL’s security components are embedded inside Infinity and they can be enabled instantly.
Is ANGEL a common UTM system?
No, it is not a common UTM system. ANGEL’s core is built around Juniper’s vSRX engine and contains advanced security features. Sophos Antivirus & Antispam, ForcePoint (WebSense) Web & Content Filtering to provide protection against malware, viruses, phishing attacks, intrusions etc. In addition, Denial of Service (DoS) mechanisms are enabled for ANGEL to detect protocol anomalies and network malfunctions. A specially crafted honeypot, with its associated traps, is embedded inside ANGEL in order to track attackers and malware which may be present in the customer networks and to inform the Security Operating Team of possible exploitation attempts.
All these security features are continuously monitored and analyzed by Neurosoft’s SOC team, which consists of information security personnel who (a) track potential security incidents as they occur and (b) inform the customer and suggest measures to be taken, providing 24/7, real-time protection.
Does ANGEL provide Zero Day Malware Protection?
ANGEL’s zero-day detection capabilities can be enhanced with Juniper’s SKYATP (Sky Advanced Threat Prevention), which is located in the cloud (AWS) and which performs deep file inspection using multiple security mechanisms such as machine learning algorithms and cloud sandboxing techniques. Files transferred through the HTTP protocol or suspicious attachments to emails are uploaded to the cloud sandboxing analysis services for inspection. This service is provided upon special request and is not embedded in ANGEL’s packages.
It is not included due to the fact that it requires a large amount of data.Furthermore, ANGEL utilizes a continuously updated threat intelligence database, consisting of heavily reported malicious IPs reported for malware / ransomware and C&C. Every external destination IP address from vessels is compared to the IPs in the Threat Intelligence Database for potential matches. In the case of a match, an alert is raised and examined by the SOC team. If the alert is indeed related to a potential security incident, then the customer is notified.
Can I block/allow access to a specific website or website category?
Yes. Specific websites/website categories or applications can be blocked or permitted upon request. The block/permit action can be enabled per security network segment (e.g. business/crew network).
ANGEL’s web filtering service includes extensive category options (150+ categories) and a real-time scorecard delivered by Forcepoint (WEBSENSE).
This comes in addition to the Infinity Web & Content Filtering features and while the Infinity portion can be done by the customer, the ANGEL portion requires the involvement of the SOC to make sure that there will be no negative side effects of the rules to be implemented.
Can I exclude (whitelist) a host or network from ANGEL protection?
Yes. Host and network whitelisting are available upon request. If a host/network gets whitelisted from the security services, then its’ traffic bypasses all the security mechanisms. The customers’ IT administrator can use the Infinity hub to assign roles and usernames to specific business network IPs on each vessel. The roles are “white-list” or “black-list” or “none”.
The “white-list” role bypasses existing ANGEL’s security mechanisms (IDP, ANTIVIRUS, web-filtering, etc.). The “black-list” role blocks the specific IP from entering the Infinity or using the virtualized resources. Role “none” is used if the IT administrator wants to give a username to every business IP and to be able to receive customized application reporting regarding application usages per business system.
As above this comes in addition to the existing Infinity Whitelist and again needs to be implemented by the SOC.
Does ANGEL operate on High Availability mode?
Yes, ANGEL is based upon Infinity’s architecture so on the Infinity Cube it operates in High Availability mode.
How does ANGEL’s Honeypot work? Do they interact with our vessel network?
ANGEL’s Honeypot service consists of a specially crafted host, designed to attract attackers and malware that may be present on the business network as well as on all virtual networks, such as IoT VLANs etc.
Honeypots ‘sit’ on the network and wait for any exploitation attempt, upon which an alert is triggered. The alert is examined by the SOC team and if it is indeed related to a potential security incident then the customer is notified. The Honeypot is managed by Infinity and does not preemptively interact with the vessel network.
How is the Vulnerability Assessment (VA) initiated?
Each ANGEL package offers several Vulnerability Assessments per year. The IT administrator schedules a time to perform the Vulnerability Assessment on the business network and the SOC team executes the VA. At the end of the assessment, a detailed report is sent to the client’s IT administrator, which entails the relevant findings. The report is accompanied by an executive summary, which contains critical findings that need to be addressed by the client immediately.
The VA can be executed at any time as it does not execute a penetration since the procedure is resource intensive.
With the emergence of the digitised systems such as VDR (Voyage Data Recording), AIS (Automatic Identification System), and ECDIS (Electronic Chart Display and Information System), the maritime sector has become more vulnerable to cyber attacks.
These systems on their own are not equipped to meet the threats of the 21st century. Each of these essential systems can present easy access to an attacker, with potentially devastating consequences.
What was traditionally an attempt to obtain sensitive data has transformed into highly sophisticated and complex attacks that attempt to inflict damage to property and operations. Aside from any commercial or reputation damage, the insurance sector is becoming more aware of the cyber security threat.
The Cyber Attack Exclusion Clause (CL 380) 10/11/2003 has appeared on marine policies for the past 10 years.
It excludes any loss, damage, or liability caused either directly or indirectly by the use of a computer and its associated systems and software as a means of inflicting harm.
Furthermore, in 2017 the IMO issued resolution MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems. This takes effect in 2021 encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems as defined in the ISM code.
Angel helps the maritime sector to comply with these upcoming steps that are designed to keep shipping cyber secure. Angel also presents maritime insurers with evidence that your ships have advanced cyber protection which can lower your insurance premiums.
great companies we work with
Some examples of our work
and how to plan it
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis. Dictum non consectetur a erat nam at. Orci sagittis eu volutpat odio. Donec pretium vulputate sapien nec sagittis aliquam malesuada. Nec nam aliquam sem et tortor consequat id porta. Morbi non arcu risus quis varius.
Leo vel fringilla est ullamcorper eget nulla. Neque laoreet suspendisse interdum consectetur libero. Suscipit tellus mauris a diam maecenas sed enim ut. Netus et malesuada fames ac turpis egestas sed tempus urna. Lacus vestibulum sed arcu non. Iaculis eu non diam phasellus. Eu feugiat pretium nibh ipsum consequat nisl vel pretium lectus. Sagittis vitae et leo duis ut diam quam nulla porttitor.
Ultrices mi tempus imperdiet nulla malesuada pellentesque. Gravida quis blandit turpis cursus in. A scelerisque purus semper eget duis at tellus at urna. Maecenas sed enim ut sem viverra aliquet eget sit amet. Gravida neque convallis a cras semper. Rhoncus dolor purus non enim praesent elementum facilisis leo. Est placerat in egestas erat. Sit amet porttitor eget dolor morbi non arcu. Mattis vulputate enim nulla aliquet porttitor lacus luctus accumsan. At varius vel pharetra vel turpis nunc eget lorem.