Intelligence, Detection, Reaction
We anticipate, detect and respond to threats to our customers’ IT system, digital assets, sensitive data and intellectual property
Our CERT, phishing and threat intelligence alliances help us keep a watch for the latest threats and vulnerabilities so that our customers can deploy preventative and corrective measures. We help customers manage threats beyond the corporate perimeter by continuously monitoring the internet, deep and dark web for data leaks and digital fraud.
Our CyberSOCs across the globe detect and manage security alerts from network, endpoints and applications in real time 24/7/365. Our deep expertise, advanced analytics, proprietary threat intelligence and Machine Learning (ML)/Artificial Intelligence (AI) ensure false positives are minimized and real security breaches promptly addressed.
Our in-house Cyber Security Incident Response Team (CSIRT) ensures fast containment and remediation of attacks remotely or on-site. We undertake digital forensics investigations, identifying the timeline and contributing factors for a breach and preserve digital evidence for regulatory and legal compliance.
Penetration Testing & Control
Our ethical hackers and security experts verify the strength and weaknesses of your organization’s security across the risk surface.
Vulnerability Management Services
Keep up to date with the latest vulnerabilities and ensure visibility of those that need to be patched in your environment via two complementary services:
- Vulnerability Watch: Receive bespoke intelligence alerts on the latest vulnerabilities according to your IT architecture, business context and priorities. Access detailed, actionable information on how to address them 24/7 via our Threat Defense Center aaS portal.
- Vulnerability Detection: Scan your IT infrastructure, systems and applications and identify vulnerabilities that need to be patched. Our experts go beyond providing an automated report. We also contextualize findings according to the specific impact of vulnerabilities found in your business and propose a remediation plan. Our solution is hosted and managed in Orange Cyberdefense data centers in France, providing a European sovereign solution.
Cyber Surveillance Services
Manage threats beyond the corporate perimeter by continuously monitoring the internet, deep and dark web for data leaks and digital fraud. Protect your digital assets from fraud, including rogue websites, social media accounts and phishing sites linked to your organization’s brands. Quickly identify and remediate any tampering of your digital assets by cyber criminals and hacktivists. Benefit from our proprietary web crawlers and in-depth qualification by multi-lingual experts 24/7 in France, Singapore and Canada. Our CERT also undertakes in-depth cyber criminality investigations tailored to specific sectors and other bespoke cyber monitoring.
- IP reputation intelligence
- Rogue website monitoring and takedown
- Rogue app monitoring and takedown
- Phishing site take-down
- Hacktivism prevention
- Monitoring of organization and VIP social media accounts
- Domain name monitoring and takedown
- Data leak monitoring
Epidemiology and Signal Intelligence Lab Services
Identify the most effective containment methods in case of a breach via our Epidemiology Lab services. Benefit from our malware behavior profiling and modelling expertise to anticipate how hackers may act.
Our lab experts:
- Identify the equipment used by the hacker and its implications
- Apply predictive tradecraft, an intelligence method used in espionage to the process
- Identify who is behind the attack and the attack motive especially if targeting a specific person within the organization
- Follow malware updates
- Define and apply suitable reaction tactics according to the needs of each company.
Over 300,000 malware, including about 50,000 in the banking sector are analyzed daily by our systems.
Detect, manage and respond to security alerts from network, endpoints and applications in real time 24/7/365. Our deep expertise, advanced analytics, proprietary threat intelligence and Machine Learning (ML)/Artificial Intelligence (AI) capabilities ensure false positives are minimized and real security breaches promptly addressed. We analyze over 30 billion security events every day via our managed detection and reaction solutions. We protect and mitigate against denial-of-service (DDoS) attacks.
Our Cyber Security Operation Centers (CyberSOC) experts support our customers in all stages of the build, deployment and/or day-to-day running of their security operations. Our customers benefit from fast access to top cyber security talent, helping to bridge the resource gap and focus their teams on business-critical activities:
Operators receive and qualify security alerts whilst analysts thoroughly evaluate threats, propose initial remediation plans and write actionable security reports.
Experts constantly fine-tune detection rules according to your business context and threat environment, and design new countermeasures and intervene accordingly
Analysts support the response effort throughout security crises alongside Security Managers, who orchestrate crisis management across Orange Cyberdefense and other service providers if required, and make tailored recommendations to continuously improve your security.
The CyberSOC in Rennes is being qualified PDIS (Security Incident Detection Provider) by the ANSSI (National Agency for Security Information Systems)
Contain and remediate attacks with the support of our in-house CyberSecurity Incident Response Team (CSIRT). We can help whether you are under attack or you suspect your security may have been breached. Our teams include digital investigation experts and incident responders assemble the skills, tools and methodology to rapidly assist you on-site or remotely.
Our incident response services enable you to minimize disruption to your organization in case of attack. During intervention, our teams will establish the incident timeline, analyze the attacker’s operation mode, identify the intrusion vector and define the means of privilege elevation and horizontal movement. Then they will determine the appropriate remediation and hardening recommendations.
Our CSIRT is a referenced PRIS provider (Security Incident Response Provider) by the ANSSI (National Agency for Security Information Systems), certifying us as a trusted provider. We also utilize other state of the art investigation frameworks eg NIST, SANS.
Learn more about Incident Response here (opens in a new window)
In addition to incident response, we provide Digital Forensics services including:
- Malware reverse engineering using Orange Cyberdefense’s proprietary 3rd generation sandbox
- Removal of doubts on systems or data carriers
- Drafting security policies and operational procedures (playbooks)
- Threat hunting, to proactively identify potential compromise and insider fraud
- Evaluation or proposal of hardening measure systems
- Tracing and preserving digital evidence (e-discovery) for legal and compliance purposes
- Support in rebuilding Active Directory environments
Penetration Testing & Control
As organizations migrate to the cloud and increasingly use SaaS vendors, at the same time continuing to outsource security activities to managed security service providers (MSSPs), the loss of control and visibility over IT security poses a significant risk.
To ensure your security and that of your provider and partners is up to standards, we help you answer the following questions via our penetration testing and control services: is this new application secure enough to launch? Are my vendor’s protection mechanisms sufficient to safeguard my data? How secure is this subsidiary that we have just acquired? Could an intruder easily break into my administration network?
Our specialists conduct investigations and stress-test the level of security of the different components of your ecosystem.
Ethical Hacking (Penetration Testing)
Adopt an offensive approach to identify weaknesses in your security defenses and detection.
Our specialists can use several vectors to test security and defense capabilities including logical intrusion tests, physical intrusion into your premises, social engineering, phishing / spear phishing, Red Team and others.
Ensure new applications are secure before launch.
Application code is rarely free of bugs. Some of these bugs can hinder security availability. Our specialists are trained to detect logical flaws and deviations from development best practices by carefully reviewing the source code of an application.
Infrastructure and compliance
Identify and harden structural weakness in your IT infrastructure.
Despite all the efforts, it is frequently a challenge to secure infrastructure that was not initially designed securely. We help you identify structural weaknesses in infrastructure design and propose improvements. We analyze the configuration of IT components to detect vulnerabilities and verify the robustness of passwords vis-à-vis your internal security rules.