The “Casino Model” of Cyber Defense

When attackers go after your most sensitive capabilities, they don’t announce themselves. In today’s threat landscape, protecting the battlefield means assuming they’re already inside.
Elbit Systems embraces this forward-thinking approach with a suite of solutions built on the assumption that systems are already compromised. Designed for military and national defense networks that operate without internet access, the flagship CyberShield suite goes beyond blocking intrusions – it’s built to understand them.

“We operate like a casino’s security system,” says Oshri, Head of the Cybersecurity Line of Business at Elbit Systems’ C4I and Cyber Division. “Everyone can get in – the key is what they do once they’re inside.” For Oshri and his team, defense begins with connecting the dots by monitoring behavior, not just scanning for known threats. The focus is on real-time processes: which files are accessed, what commands are executed, and whether the activity aligns with the system’s normal state.

Autonomous Defense in Air Gapped Environments

Elbit’s cyber solutions are built specifically for closed environments – military platforms, standalone endpoints, and secure facilities that operate without access to the outside world. These systems function autonomously, detecting and responding to malicious activity in real time, without needing cloud updates or live internet feeds from external connectivity.

“Much of our R&D focuses on protecting isolated systems,” Oshri explains. “These are platforms that never connect to the internet yet still face sophisticated threats.” That challenge led to the development of CyberShield End Point (EP) – a specialized endpoint protection tool that operates without a central server, treating each machine as its own mini SOC (Security Operations Center). 

CyberShield EP delivers robust protection while maintaining a minimal resource footprint, making it an effective solution for distributed environments where agility and efficiency are key.

Not a Black Box

Unlike traditional cybersecurity tools that arrive as closed, inflexible packages, Elbit’s platforms are modular by design. “We don’t just hand over a sealed product,” says Oshri. “We give clients the freedom to adapt by themselves – inject their own intelligence, define custom rules, and tailor the system to evolving operational needs.”
That flexibility is important in a world where malware evolves constantly. Elbit engineers routinely collect live samples from the web and test their systems in a controlled cyber range – a kind of digital “shooting range” where threats are launched at sensitive files like live ammunition. This hands-on approach aims to ensure resilience against emerging attack vectors, including malware embedded in open-source code and AI-generated exploits.

Tactical SOC and Cyber-Contested Zones

One of the most important recent evolutions – accelerated by the war in Ukraine – is the emergence of tactical SOCs: cyber operations centers that operate directly in the field, often with limited bandwidth and unreliable connectivity. “We collect and process data at the edge,” explains Oshri. “Even under degraded network conditions, commanders maintain visibility into cyber-contested zones – areas where hostile activity is actively unfolding.”
This edge capability gives commanders real-time insight into what’s happening on individual systems – whether it’s a compromised tank, a sensitive sensor, or a frontline command terminal. It also enables dynamic enforcement: as the system learns and adapts, it can apply policy changes instantly, without relying on central infrastructure.

Shifting Mindsets, Not Just Systems

All of Elbit’s core cyber technologies have moved beyond the prototype phase, with real-world deployments and proven results. Yet according to Oshri, the biggest challenge ahead isn’t technical – it’s educational. “The market is only beginning to internalize the new threat landscape,” he says. “Cybersecurity is no longer optional. The U.S. Armed Forces, for example, typically require in their tenders built-in advanced cyber defense capabilities.”
As military systems become increasingly interconnected, cyber resilience is now as essential as armor or fuel. Elbit’s strength lies not only in knowing how to defend these systems, but in doing so without relying only on traditional infrastructure.

From Product to Capability

With clients across Asia, rising interest in Europe, and growing traction among global integrators, Elbit’s cyber portfolio is poised for its next leap forward. The CyberShield suite has undergone a three-year transformation – driven by field experience and customer insight – that positions it well for the evolving priorities of modern defense.
“In the past, we tried to sell a product,” Oshri reflects. “Now, we deliver a capability – one that learns, adapts, and operates under real constraints. The demand for this kind of cyber defense is only going to grow.”
The casino may be open, but not every move will go unnoticed.