The CCX Technologies SystemX Operating System provides a complete set of Intrusion Detection Systems that provide unprecedented visibility into Operational Networks and Equipment.
Traffic can be monitored on traditional Ethernet and WiFi IP based networks, on data-bus networks like MIL-1553, CAN Bus, and ARINC-429, and from plain-text logs supplied using industry standard protocols. All using the same hardware, software, and infrastructure.
All rules and algorithms are completely transparent and user configurable. Development Kits and development environments are available to support rule and algorithm development by third-parties and all network data can be collected, viewed, and exported to any external system.
CCX Technologies can provide rule and algorithm development services, or can support development by third-parties. For sensitive systems it is possible for a third-party to develop and use algorithms and rules without exposing them to CCX Technologies at all.
Fleet Management
SystemX provides all of the tools required to manage a fleet of intrusion detection systems. Alerts and data can be collected and forwarded to a central server, either in real-time when there are connectivity options, or post-mission using secure maintenance laptops or other maintenance connectivity systems.
New rulesets and algorithms can be pushed out to a fleet of systems using the same infrastructure that is used to collect alerts and data.
A SystemX ground server can be used to analyze collected alerts and data, and alerts and other system state data can be forward to any external SIEM systems.
Captured traffic is stored on local databases, allowing for detailed forensics investigations for any generated alerts.
Data-Bus IDS
Using the CCX Technologies Falcon IDS within the SystemX ecosystem it is possible to collect, decode, and monitor Data-bus data from any supported data-bus, including MIL-1553, ARINC-429, and CAN Bus.
Data can be collected using any of the CCX Technologies DataPHYs and Secure Routers or from any third-party data collection systems.
The IDS itself can run on any CCX Technologies Secure Router, or as a virtual machine on other application hosting systems.
Algorithms can be created for a multitude of different scenarios. For example, identifying an anomalous rate of change in a vehicle’s speed due to a GPS spoofing attack, or detecting the injection of malicious data into a MIL-1553 data bus.
SystemX comes with a set of default algorithms which can be configured with specific rules to identify many common data-bus anomalies. SystemX also contains a built-in editor and algorithm development environment that can be used to write and modify algorithms easily on the system. In addition a stand-alone falcon simulator is available for offline development of complex algorithms and decoding software.
Network IDS
SystemX’s Network Intrusion Detection System (NIDS) uses the power of Snort to monitor a IP traffic on a network and detect potential threats. Once a Snort service is active, traffic is continuously analyzed against a ruleset and will generate an alert if a rule is triggered.
SystemX includes a set of default rules and rulesets and new industry standard Snort rules can be created on the system, or sourced from external sources.
Logs IDS
SystemX’s Logs IDS provides real-time analysis of system logs using regular expression based rules compared against plan-text logs. Plain text logs from the local SystemX instance can be analyzed, in addition to logs provided from external systems using industry standard protocols.
SystemX includes a set of default rules and rulesets and new industry standard Snort style rules can be created on the system, or sourced from external sources.