Cyber security : risks and threats

In 2021, 95% of executive committees will include CyberSecurity issues in their agenda, versus 25% in 2017! (McKinsey)

Multiple challenges for your company.

Depending on your role within the company, security is perceived in different ways. How do you translate the risks identified at the company level into cyber risks and then into operational solutions? Gatewatcher helps you to see this more clearly.

Identify your cyber risk level

Aligning business challenges and cyber risks

Put into practice the appropriate security solutions.

Identify your cyber risk level

Among the cyber risks discussed in board steering meeting:
Data theft, cyber espionage: impact on the company's image

Data theft for espionage or ransom purposes, whatever it may be, is an infringement of the freedom of enterprise. It can concern personal data of customers or employees, patents, industrial secrets, sensitive data, intellectual property…
When the stolen data is then published or sold on the dark web, the consequences, both in terms of image and finance, are significant.

How to avoid service interruptions?

For any company the interruption or blocking of production in a factory, in a a processing chain with one or more economic partners, in the e-commerce site… are a real curse. Any interruption or hindrance to the functioning of the operations implies the impossibility to deliver the customer orders as planned. Yet, a large number of e-commerce sites have had to suspend their activity following cyber attacks… The risk is therefore very present!

Governance and security: control with confidence

The principle of security governance is at stake. It is essential to manage company rules, and to equip oneself with suitable processes and tools. Implementing them is also important. For example, how can we take control of Shadow IT ? Today, some departments within the company have a wide choice in the use of cloud and SaaS tools, without necessarily going through the security restrictions put in place by the IT department to protect the company.

Internal attacker: How to anticipate it?

Unfortunately, cyber risk can also come from the inside. Despite companies’ efforts to define internal security policies, profiles, access rights and clearance, this risk remains ever present. If the question of who can access what, when, from where, it is also a question of how to determine whether abnormal behavior is, or is not, a threat.

In France as well as abroad, laws and regulations force companies in sectors considered as sensitive to equip themselves with certified solutions. The Military Planning Act compliancy requirement in France is a perfect use case.

Aligning business challenges and cyber risks

CIOs and CISOs, how can you align the company’s security challenges with the development of infrastructures for the deployment of new services ? From business issues to key cybersecurity questions, Gatewatcher gives you some food for thought.
Reduce exposure to the risk of Advanced Persistent Threats (APT)

Based on IDC survey, 8 out of 10 companies believe that their risk of being exposed to targeted attacks is increasing over time. But detecting APT attacks remains a complicated topic. Indeed, many tools for detecting sophisticated attacks , such as APTs, remain frequently powerless against encoded binaries, despite the fact that this artifice is mainly used today to escape detection.

We don't know what we don't know : how do we contextualize the attacks ?

The markers of threats and attacks are multiplying and taking increasingly sophisticated forms. The origins of threats are multiple and may have been already spotted by other companies … without you even knowing it when you are confronted with it! From this perspective, Threat Intelligence tools are today essential complements to efficient attack detection.

Too many alerts to manage reduce responsiveness

According to IDC, automation will contribute to the success of IT security management for 7 out of 10 companies. Automation via AI holds promise for streamlining alerts and providing a first level of insight into the most advanced threats. The goal is to focus on what matters and improve decision making.

Choose an all-in-one solution or prefer a combination of bricks ?
The budget issue is undeniable; it can also be a limitation. Pooling specialized tools results in greater risk coverage. The condition is that such solutions to be integrated into the more global environment of a SIEM ,for example, for centralized management of alerts, or that they interact together for remediation through a SOAR.
Building the right infrastructure to anticipate threats
Cyber threats, whether internal or external in origin, always take advantage of a weakness in an existing technical architecture, or even in the installed software itself. In most cases, these threats use your IT network to spread.It is therefore necessary to know how to place your security elements as far upstream as possible to avoid the consequences of propagation. Detection solutions must therefore also be placed at the network level, and not only at the level of individual user workstations, at which level it is often too late.

Put into practice the appropriate security solutions.

Stay one step ahead of cyber threats: Gatewatcher supports security teams and SOCs in the operational implementation of solutions. Here are 5 concrete examples of solutions and their benefits.
Spot a ransomware attack in real time

How does ransomware work ?

Ransomware attacks make the victim run software that encrypts data and asks for a ransom. While it’s easy to recognize ransomware once it’s in action, it’s much more difficult to detect it upstream, as the various components used are often camouflaged to circumvent existing defenses.

Detecting the actions that betray ransomware

An effective defense system must simultaneously monitor several entry points (mail servers, etc.) and detect the actions of the attackers aimed at downloading the malicious software that will perform the encryption from the victim. The actions taken, as well as the attempts to communicate the software to the outside world, in addition to the software itself, are all elements that reveal the presence of ransomware before its malicious phase occurs.

Our answer: detect the clues to act in time

Our detection solutions are able to detect the elements that are specific to these ransomware attacks: retrieving the key from a C&C, identifying suspicious SMB flows or detecting malicious attachments in an email. The platform gives you the advantage to react as soon as possible, both on the purely exploit aspect of these attacks and on the malware part.

Key points :

Detection of sneak moves on the IS and obfuscated exploitation techniques

Detection of ransomware before it is executed

Prevents loss of control of your IS and financial and reputational damage

Learn more

Products : Trackwatch, Aioniq

Identify security policy violations

Promote a deterministic approach to detection ?

An effective approach to network detection is to maximize your visibility into ongoing malicious and suspicious actions, avoiding time-consuming cleanup of false positives generated by unqualified or overly holistic tools.

Compliance with the PSSI is often limited by a lack of visibility

When it comes to drafting and checking compliance with the PSSI, organizations often face the same problem: a lack of visibility on assets and more generally on the network. This lack of visibility prevents an accurate assessment of the risks and often results in the deployment of a detection system that is not sufficiently parameterized for the IS to be monitored. Inevitably, this leads to noise in the alerts and results in a detection system that is often abandoned in the long term.

Our response: Detecting ISSP violations

Gatewatcher solutions perform an inventory of all your network traffic. Based on this information, your IS team can establish the feared events and build the security policy. It is then a matter of immediately implementing a set of rules derived from the mapping.

Key points :

The bottom line is comprehensive, hazard-free control of your traffic

Any attempt to violate your security policy will be immediately escalated by an alert

Learn more :

Products : Trackwatch, Aioniq

Bringing its ISVIs into compliance with the Military Planning Act

What does the military planning Act require from the OIVs ?

The French Military Planning Act requires public or private organizations that operate activities essential to the nation (OIV) to strengthen the security of some of their information systems, also called vital information systems (ISIV). This includes the installation of detection probes. Behind this obligation stands the will to promote a sovereign cyber defence industry in France and to increase the resiliency of the OIV’s information systems.

Choose a probe qualified by the ANSSI agency

A qualified detection probe is an on-premises network security device that can analyze network activity in real time to detect intrusion attempts. The ANSSI conducted a series of security tests, carried out in the laboratory, on equipment submitted by software vendors. Those that met the resilience requirements of the software and hardware presented were eligible for this qualification.

Our answer: Long-term compliance without compromising performance

Integrating software and hardware hardening requirements into the early design of its solutions, the Trackwatch® detection platform has been awarded the ANSSI’s basic qualification. As such, it allows you to comply with the Military Planning Act (LPM). Trackwatch® offers unique integration facilities on the market: native RxTx aggregation, high scalability and simple deployment in a PDIS-type architecture..

Key points /

Simple, high-performance detection compliance

Long-term qualified products

Learn more :

Product : Trackwatch

 

Detecting the exploitation of a vulnerability by shell code

What is a shellcode?

A shellcode is an exploitation technique of a vulnerability, which consists in a string of characters forming an executable binary code. This code, provided by the attacker, will exploit the vulnerability by forcing the machine to execute it, usually by injecting it into its memory through a buffer overflow. The result will depend on the attacker’s goal and can, for example, be the takeover of a command line interface.

What are the dangers of shellcodes and their contemporary evolutions?

Shellcodes are often the invariable common element of so-called 0-days attacks, i.e. cyber attacks that exploit a yet unknown vulnerability. These attacks are undetectable in the first place, because they are unpredictable. Thus, the most effective fight would be to observe the original payload, injected to exploit the vulnerability.

Our answer: protect against encoded and polymorphic shellcodes

Our unique solutions are capable of identifying shellcodes that use an encoding, emulating the encoding and translating it in a way that is intelligible to an analyst. Our anti-shellcode engine supports all major encodings available on Metasploit-like platforms, as well as polymorphic generators.

Key points :

Detection of all types of shellcodes and especially the most undetectable ones: encoded, polymorphic, custom...

Very low false positive rate on the Codebreaker module

Participates in the combat against 0-days attacks

Learn more :

Products : Trackwatch, Aioniq

Staying ahead of threats with more intelligence

Why is Threat Intelligence complementary to your cybersecurity solutions?

A set of cybersecurity solutions is never totally failsafe against very recent or resurgent threats. An external source of Threat Intelligence brings new data, outside of the solution’s editor, and complementary in nature, source and context. Additional Threat Intelligence can also provide information on the latest threats to a particular industry.

Optimize your fleet with a Machine Readable Threat Intelligence feed (MRTI)

A Threat Intelligence feed, known as MRTI, provides information on threats that can be directly assimilated by your detection equipment (probes, SIEM, etc.). This so-called “technical” Threat Intelligence allows you to simply increase the efficiency of your solutions by improving the knowledge of the threat landscape and reducing noise. You can also automate your hunting to reduce incident detection time. It increases the contextualization of information and reduces false positives without changing your existing processes.

Our answer: a solution without constraints

With LastInfoSec’s feed offer, you can optimize the detection efficiency of your equipment without any constraints and without changing your processes: the feed is proposed in a highly standardized format (StixV2) and is integrated directly into your equipment. The benefits are very immediate and the reactivity of the solution places it at the forefront of the market. Contextualize your alerts by adding new external information, increase the detection capacity via extra recent IOCs…

Key points

Simple integration without changing your processes

Fully qualified and validated data stream to reduce false positives

Enriching your alerts for a better responsiveness of your teams

Export format usable by cybersecurity solutions without human interaction

Contextualization of information to ease the work of SoC teams

For more information :

Product : Lastinfosec