BLOG
CYBER SECURITY

Cybersecurity: a utopia for SMEs?

If the issue of cybersecurity is indisputable, VSEs and SMEs often look helplessly at the complexity of reality. Between unknown threats, lack of budgets and shortage of qualified personnel, the challenges are not lacking. Digital transformation, for its part, forces companies to react quickly – sometimes in the absence of their own digital security. What solution is left for businesses? Update on the situation with Sogeti Luxembourg.

[TO CHECK THE LATEST VERSION]

 

The SOC, a panacea for modern companies

The SOC (Security Operations Center) is defined by the American technology consulting firm Gartner as both “a team, often operating on a 24-hour shift” and “a dedicated and organized facility to prevent, detect, assess and respond to to cybersecurity threats and incidents, and to complete and assess regulatory compliance”.

This device has been part of the arsenal of companies wanting to reduce their cyber risks and increase their resilience for many years. However, the implementation of an internal SOC remains mainly reserved for very large organizations, the only ones capable of affording this long and costly effort. Many large groups and smaller companies turn to managed service providers to perform this function. An ideal alternative, but often difficult to afford for VSEs and SMEs.

Easy prey for cybercriminals

Cyberattacks (ransomware, phishing, etc.) within these same VSEs and SMEs are however constantly increasing: they are often less well protected and the risks are generally unknown or underestimated. Indeed, while 95% of business leaders believe they know cybersecurity well, 99% do not use more than three “standard” tools to protect themselves (antivirus, firewall and data backup).[1]

“These solutions are no longer enough. Antiviruses provide protection against viruses that have already been identified, but around 400,000 new viruses are detected every day. These viruses therefore have plenty of time to do damage before being identified,” explains Vincent Fougerouse, Presales Cybersecurity at Sogeti Luxembourg.

In addition, and even if they would like to, many leaders do not have the means to invest massively in IT security – although such an attack would sign, for most, the death of their company.

The reality of MSSPs

In this context, it becomes crucial for MSSPs (Managed Security Service Providers) to be able to adapt to the evolution of cyber threats, while remaining competitive and accessible to as many people as possible. Not an easy task, since every company evolves in a different context: organization, regulation specific to the field of activity, technologies used, level of maturity, risk appetite, etc. Each proposed solution must therefore be adaptable, flexible and scalable.

SIEM solutions

For many years, SIEM (Security Information & Event Management) solutions have been the cornerstone of SOCs. However, while SIEM is necessary, it is no longer sufficient on its own. And this for at least three reasons.

A SIEM is highly dependent on events collected from other solutions, such as IPS, antivirus or applications. Their ability to detect is therefore closely linked to the company's security solutions and their proper configuration. “Of course, the SOC brings added value in all cases. That of Sogeti Luxembourg, for example, is based on different axes: Threat intelligence (CTI), Machine Learning or the development of use cases. But the quality of the data reported by the IS is crucial and directly impacts the performance of the SOC”, specifies Vincent Fougerouse.

Also, SIEM does not protect. It is a monitoring system which, although capable of detecting ransomware and associated data encryption, cannot block an attack in progress.

Finally, endpoints (servers, computers, smartphones, etc.) very often constitute the “blind spot” of SIEMs and serve almost systematically as pivots for the most devastating attacks. Monitoring the endpoints of an infrastructure is of course possible, but remains very demanding. Indeed, the life cycle of workstations, for example, is fast compared to that of the network infrastructure. This involves a constant and significant effort, and explains why the monitoring of this part of the IS is generally done indirectly, using third-party tools such as antivirus - the SOC then suffers from a lack of visibility and control. .

“Customers expect more from an MSSP today, and rightly so!" says Vincent Fougerouse. Automation (SOAR), Cyber ​​Threat intelligence, Threat Hunting, Machine Learning, Sandboxing, EDR (Endpoint Detection and Response), NDR (Network Detection and Response), MTD (Mobile Threat Defense), Deceptive Response, XDR (Extended Detection and Response), … the list is long.

SOC 4 ALL

Taking this reality into account, Sogeti Luxembourg wanted to develop a service offer that meets the following criteria:

  • Provide the SOC service with its own detection capabilities, independent of those of the client;
  • Propose a “fusion center” approach which, in addition to the traditional functions of the SOC, notably integrates operational incident response capabilities;
  • Provide an offer including all the advanced services expected from a current SOC: CTI, SOAR, Machine Learning, data science, sandbox, etc. ;
  • Be accessible to as many organizations as possible.

 

This is how the “SOC 4 ALL” was born. For this offer, Sogeti Luxembourg [NC10] relied, on the one hand, on its know-how and expertise and, on the other hand, on a solution from the company TEHTRIS. TEHTRIS provides a set of pre-packaged, "turnkey" products that adapt to the daily life of small and medium-sized structures. A design interface facilitates their installation and use, and automatic alerts are triggered when a threat is neutralized for visibility of protection.

Benefiting from both the cyber expertise of TEHTRIS and Sogeti Luxembourg, the "SOC 4 ALL" offers ultra-efficient and optimal protection against the most sophisticated threats, known or unknown, in particular thanks to TEHTRIS OPTIMUS combining EDR and Next Gen AV in a single agent to detect and neutralize threats in real time, without human action.

A recognized solution, and at an affordable price: any company can protect itself with high-end technology and components at an affordable price. The TEHTRIS XDR Platform and its integrated intelligent technologies (knowledge base, neural network, Cyberia, Sandbox, behavioral analysis module, etc.) make it possible to strengthen the detection and neutralization of threats.

The service is flexible and adaptable with a choice of “à la carte” products according to the needs of the company.

With this new offer, Sogeti Luxembourg democratizes the premium SOC for SMEs and VSEs. A SOC for all, a “SOC 4 ALL”.


[1] Figures from the survey "Les TPE/PME et la cybersécurité " conducted by Ifop for XEFI from 2 to 25 November 2021 among 400 people.

 

If you'd like to hear more about our offer, please get in touch with: