16.11.2022 IT Cybersecurity IT Luxembourg

If the issue of cybersecurity is indisputable

Writer Olivier Poirier (Sogeti)

If the issue of cybersecurity is indisputable, VSEs and SMEs often look helplessly at the complexity of their environment. Between unknown threats, lack of budgets and shortages of qualified personnel, the challenges are legion. Digital transformation, for its part, forces companies to react quickly – sometimes in the absence of their own digital security. What solution is left for businesses? Update on the situation with Sogeti Luxembourg.

SOC, a defense cornerstone for modern companies

The Security Operations Center (SOC) is defined by the American technology consulting firm Gartner as both “a team, often operating on a 24-hour shift” and “a dedicated and organized facility to prevent, detect, assess and respond to cybersecurity threats and incidents, and to complete and assess regulatory compliance”.

SOCs have been part of the defense arsenal of companies wanting to reduce their cyber risks and increase their resilience for many years. However, the implementation of an internal SOC remains mainly reserved for very large organizations, the only ones that can afford such a lengthy and costly effort. Many large groups and smaller companies turn to managed service providers to perform this function. An ideal alternative, but often difficult to afford for VSEs and SMEs.

Easy prey for cybercriminals

Cyberattacks (ransomware, phishing, etc.) within these same VSEs and SMEs are however constantly increasing, as they are often less well protected, and the risks are generally unknown or underestimated. Indeed, while 95% of business leaders believe they know cybersecurity well, 99% do not use more than three “standard” tools to protect themselves: antivirus, firewall and data backup. *

These solutions are no longer enough. Antiviruses provide protection against viruses that have already been identified, but around 400,000 new viruses are detected every day. These viruses therefore have plenty of time to do damage before being identified,” explains Vincent Fougerouse, Presales Cybersecurity at Sogeti Luxembourg.

In addition, and even if they would like to, many leaders do not have the means to invest massively in IT security – although such an attack could mean, for most, the death of their company.

The reality of MSSPs

In this context, it becomes crucial for Managed Security Service Providers (MSSPs) to be able to adapt to the evolution of cyber threats, while remaining competitive and accessible to as many people as possible. This is not an easy task, since every company evolves in a different context: organizational, regulations specific to their field of activity, technologies used, level of maturity, risk appetite, etc. Each proposed solution must therefore be adaptable, flexible and scalable.

SIEM solutions

For many years, Security Information & Event Management (SIEM) solutions have been the cornerstone of SOCs. However, while SIEM is necessary, on its own it is no longer sufficient. And this for at least three reasons.

A SIEM is highly dependent on events collected from other solutions, such as IPS, antivirus or applications. Their ability to detect is therefore closely linked to the company& security solutions. And thirdly the proper configuration of solutions.

Of course, the SOC brings added value in all cases. The Sogeti Luxembourg SOC, for example, is based on different axes: Cyber Threat intelligence (CTI), Machine Learning or the development of use cases. But the quality of the data reported by the IS is crucial and directly impacts the performance of the SOC”, specifies Vincent Fougerouse.

Also, SIEM does not protect. It is a monitoring system which, although capable of detecting ransomware and associated data encryption, cannot block an attack in progress.

Finally, endpoints (servers, computers, smartphones, etc.) very often constitute the “blind spot” of SIEMs and serve almost systematically as pivots for the most devastating attacks. Monitoring the endpoints of an infrastructure is of course possible but remains very demanding. Indeed, the life cycle of workstations, for example, is fast compared to that of the network infrastructure. This involves a constant and significant effort and explains why the monitoring of this part of the IS is generally done indirectly, using third-party tools such as antivirus – the SOC then suffers from a lack of visibility and control.

Customers expect more from an MSSP today, and rightly so!” says Vincent. Automation (SOAR – Security Orchestration, Automation and Response), Cyber Threat intelligence, Threat Hunting, Machine Learning, Sandboxing, EDR (Endpoint Detection and Response), NDR (Network Detection and Response), MTD (Mobile Threat Defense), Deceptive Response, XDR (Extended Detection and Response), … the list is long.

Taking this reality into account, Sogeti Luxembourg develop a cybersecurity service offer called SOC 4 ALL that meets the following criteria:

  • Provide a SOC service with its own detection capabilities, independent of the clients’;
  • Propose a “fusion center” approach which, in addition to the traditional functions of the SOC, notably integrates operational incident response capabilities;
  • Provide an offer including all the advanced services expected from a current SOC: CTI, SOAR, Machine Learning, data science, sandbox, etc.;
  • Be accessible to as many organizations as possible.

In its “SOC 4 ALL” offer, Sogeti Luxembourg [NC10] provides, on the one hand, its know-how and cybersecurity expertise and, on the other hand, a solution from the company TEHTRIS™. TEHTRIS provides a set of pre-packaged, “turnkey” products that adapt to the daily life of small and medium-sized structures. A design interface facilitates their installation and use, and automatic alerts are triggered when a threat is neutralized for visibility of protection.

Benefiting from both the cyber expertise of Sogeti Luxembourg and TEHTRIS, the “SOC 4 ALL” offers ultra-efficient and optimal protection against the most sophisticated threats, known or unknown is in particular thanks to TEHTRIS OPTIMUS combining Endpoint Detection and Response (EDR) and Next Gen Anti-Virus (AV) in a single agent to detect and neutralize threats in real time, without human action.

A recognized solution, and at an affordable price, any company can protect itself with high-end technology and components. The TEHTRIS XDR Platform and its integrated intelligent technologies (knowledge base, neural network, Cyberia, Sandbox, behavioral analysis module, etc.) make it possible to strengthen the detection and neutralization of threats.

The service is flexible and adaptable with a choice of products according to the needs of the company.

With this new offer, Sogeti Luxembourg democratizes the premium SOC for SMEs and VSEs. A SOC for all, a “SOC 4 ALL”.

* Figures from the survey "Les TPE/PME et la cybersécurité " conducted by Ifop for XEFI from 2 to 25
November 2021 among 400 people.