The cybersecurity of the networks of Telecoms Operators (TO) and Operators of Vital Importance (OIV) has become a major issue for the European economy and defence. The consequences of an attack on these networks can be dramatic and costly. Our country, like all others, needs to protect its networks from any threat or attack.

The sophistication of today's computer attacks contrasts with the unfortunately very high cost/effectiveness ratio. Malware such as NotPetya or Wannacry, which is relatively easy to develop, can cause considerable damage.

While it is easier to stop an attack than to repair the damage caused by it, you still need tools that can detect these attacks in real time or near real time. To date, companies wishing to equip themselves with prevention tools are generally dependent on security companies, most of them American. We believe that it is relevant, necessary and possible to develop such tools in France.

Many of the tools on the market (those that can be found in a SOC) are more passive than active:

1. they record large quantities of data (such as Netflow or Ipfix),
2. algorithms are run to extract suspicious or abnormal sequences,
3. countermeasures are triggered (or not).

This methodology works fairly well in the enterprise (to detect and stop DDoS, for example) but is inadequate for IoT or OIV networks, mainly because of the change of scale in the volume. It is essential to move to an active mode and integrate other sources of data from probes and information on the life of infrastructure equipment (routing events, logs on basic services, etc.).

Partners

Related Publications