Trackwatch® Critical Infrastructure Edition
Trackwatch® Critical Infrastructure Edition is Gatewatcher's solution dedicated to OIVs and their compliance with the Military Planning Act. This technology offers unique sovereignty guarantees, as well as advanced detection of simple and complex cyber threats.
The Military Programming Act: Legal requirements for cyber-resilience of IOVs
Organizations of Vital Importance (OIV) are public or private organizations that carry out activities that are essential to the survival of the nation and whose list, which is confidential, is established by the government. The French State, through the Military Programming Law, requires that these organizations fulfill a number of prerequisites in terms of cyber-resilience.
Detection is one of these prerequisites. The LPM requires OIVs to deploy probes, qualified by ANSSI, on its Vital Information Systems (VIS). These probes are deployed and operated by service providers, also qualified by the ANSSI, called Security Incident Detection Service Providers (PDIS).
Integrating software and hardware hardening requirements into the very design of its solutions, Gatewatcher submitted its Trackwatch® solution early on to the basic qualification issued by the French National Agency for the Security of Information Systems (ANSSI). We obtained this security visa in 2019.
Qualified detection probes
The network detection probes to be installed by OIVs are designed to monitor their critical networks (IVIS) and detect intrusions in real time. The network flow analyzed by the probe is captured by copying using passive equipment called TAP. The probe analyzes the payloads and files passing through this flow and sends alerts that are used by the Security Operation Center (SOC).
The ANSSI, through its specifications for the probes qualification, requires at least that the probes can securely host its signatures and analyze from them the payloads and files circulating on the IVIS, in a "static" manner.
A detection specialist at the service of your compliance requirement
The Trackwatch® detection solution received the ANSSI basic qualification in 2019. This endorsement certifies the software and hardware resilience of the Trackwatch® range, and enables its use by OIVs for their compliance needs.
The range has been extended to offer OIVs a software version capable of responding rationally to this need: the Critical Infrastructure Edition (CIE).
Detection engines that comply with ANSSI standards
Trackwatch® CIE combines a static detection engine with a file analysis engine. The solution also generates metadata that can feed a SIEM and improve its efficiency.
- IoC search
- Contextualization of alerts.
- Analysis of protocols, events and payloads, correlation with known signatures.
- Extensible and interconnectable signature database.
MALCORE LIGHT VERSION
- Static and heuristic analysis of files in real time.
- Correlation with known malware signatures.
Confidently approach its compliance and control its impacts.
Trackwatch® CIE guarantees long-term qualification thanks to a robust software and hardware base that meets the ANSSI's requirements over the long term. This in-depth hardening does not impact Trackwatch® performance: the quality of processing remains identical from 10MBPS to 40GBPS.
Trackwatch® CIE is an immediately operational, turnkey solution. It does not involve any additional equipment or hidden costs due to the integration of the RxTx stream or a complete file analysis. The solution provides better visibility into network activity and optimizes the role of third-party security solutions.
Plug & Play
Trackwatch® CIE is provided as on-premise appliances, simple to integrate into your vital information systems (SIIV). The solution is easily configured and immediately detects intrusions. It is optimized for easy integration with the PDIS service you select.
Trackwatch® consists of at least two appliances: the GCAP (flow capture) and the GGCENTER (management server). Once the IVIIS flow has been copied by a TAP, each appliance has a specific role to play in detection.
Trackwatch® CIE offers many possibilities of interoperability with your installed equipment. It is compatible with all SIEMs on the market, as well as with MISP, EDRs, proxies, etc.
Scalability and performance
Trackwatch® CIE offers a wide range of appliances to meet the needs of OIVs. Standard 1 or 2U servers support the software, with available data rates from 10 MBPS to 40 GBPS. The high granularity of the throughputs offered allows you to match your budget with the size of your IVI system.
Trackwatch® CIE makes no compromise on performance: up to 27000 EPS can be processed in burst compared to an average of 1200 on the qualified probe market. Trackwatch® CIE supports you in the evolution of your detection needs: you can easily switch to the Full Edition version through a software upgrade.
- Software and hardware qualified by ANSSI to equip OIVs in the framework of compliance with the Military Programming Law, a qualification guaranteed over the long term.
- Wide range of hardware from 10 MBPS to 40 GBPS to rationally dimension your project to the size of your IVIS.
- Threat pre-detection : malware, fileless attack, ransomware...
- Compatible with all SIEMs and strong interoperability with third-party solutions.