SEKOIA.IO is an architecture that joins dynamic generation and exploitation of threat intel data to a range of analytical, orientation and processing functions.
A GLOBAL SOLUTION FOCUSED ON USE
With its focus on use and on the contextualization of results, and with its capacity to identify signs of abnormal activity,
SEKOIA.IO is not merely another tool among the arsenal of defense tools. SEKOIA.IO is a global defense solution of a new kind, tailored to serve users.
AN INFRASTRUCTURE READY TO FACE THE INNOVATIONS OF TOMORROW
Designed with a systemic approach based on controlled threat intel, SEKOIA.IO is a timeless infrastructure ready to face tomorrow’s innovations.
It benefits from a synergy of resources thanks to their interconnection and very large-scale organization.
SEKOIA.IO draws on a new doctrine in the design, integration and implementation of new means of protection.
In an environment of increased agility, SEKOIA has put together a multidisciplinary team that gathers advanced skills in development and analysis: the Upscaling Team.
After three years of work, this team reveals SEKOIA.IO, an operating platform for Cyber Defense and Protection centered on intelligence, operational since 2018.
Based on this technology, SEKOIA designs, develops and implements large-scale cyber services that can be deployed quickly and on demand.
Considering current practices in cyber security, SEKOIA has decided to rethink Cyber Defense and Protection.
By identifying the elements and key stages of an integrated and automated CDP, SEKOIA has built a generic and inter-operational infrastructure that supports and integrates every stage in the management of large quantities of data, from observation to remedial action.
This approach allows us to profit from a wealth of quality information to understand, take decisions and act swiftly, with the aim of continually improving the protection of vital assets.
SEKOIA.IO allows us to cover a large range of operational risks, improves the integration of defense tools and opens new perspectives in innovation.
SEKOIA.IO is now operational, fully adaptable to the specific characteristics of each profession, and able to identify any type of signal to trigger any chain of action necessary.
SEKOIA.IO is founded on our capacity to benefit from threat intelligence in order to dynamically integrate it in an innovative approach to Cyber Defense and Protection.
MAIN PRINCIPLES: SEKOIA.IO is an operational platform founded on our capacity to benefit from threat intel in order to dynamically integrate it in an innovative approach to Cyber Defense and Protection.
The architecture joins the dynamic generation and exploitation of threat intel data bases to a range of analytical, orientation and processing functions. This creates a virtuous cycle of operations.
This technology combines automatization with the sharing of indicators and the implementation of playbooks, in order to process the flow of exchanges and data from other tools already deployed on the network (internal security logs), on a large scale and in real time.
A TOOL FOR ORCHESTRATION
of the means to protect, qualify and process warnings, and minimize exposure to threats.
A COMPLETE, CONFIGURABLE AND UPGRADABLE TOOL
open to third-party applications and compliant with new inter-operational standards.
A MODULAR, EASILY DEPLOYABLE AND CONTEXTUALIZED SOLUTION
designed to process very large-scale flows of exchanges and information from other protection tools that are already deployed.
it’s not up to the field to cope, it’s up to the tools to adapt.
(RE)THINKING CYBER DEFENSE AND PROTECTION
The term Cyber Defense and Protection (CDP) refers to a series of coordinated actions that consist in detecting, analyzing and preventing cyberattacks, and responding to them if necessary.
While in each subdomain of Cyber Defense and Protection new solutions inevitably replace old ones without any correlation being established between them, shouldn’t good defensive practice require us to reconsider our defense tools and equip them with “intelligence” in the way they control and organize the process?
Indeed, however robust and efficient the functions of a protection system may be, it remains exposed and vulnerable because certain points have been ignored or because those same functions have become naturally obsolete.
The quality of protection therefore does not depend uniquely on the performance of any of the various functions, but on the capacity of the entire system to optimally integrate all its functions in order to prevent and react to threats.
It is important that Cyber Defense and Protection should be tackled in its entirety, with a view to ensuring stability and durability. This is why a systemic approach is the key and the best means to respond to the specific professional aspects of each new problem encountered in the field.
Our vision of Cyber Defense and Protection
is a global security solution which aims to understand, decide and act swiftly, in an effort to continuously improve the protection of vital assets.
This structure offers high a degree of qualified information and can tackle any of the stages of processing very large volumes, from observation to action.
SEKOIA.IO est à la fois :
• a complete and autonomous Cyber Defense and Protection architecture,
• a flexible, upgradable and durable structure,
• a tool to manage security incidents on a very large scale.
• INCREASED CAPACITY
EXPERTISE IN CTI X MODULAR AND ADAPTABLE STRUCTURES X SYNERGY OF FUNCTIONS
Thanks to its flexibility, to the continuous enhancement of its functions and to the synergy which its technology enables, SEKOIA.IO can respond to the economic and security issues faced by institutions and organizations, whatever their professional field of activity and whatever the security systems they have already in place.
SEKOIA.IO is now operational, entirely adaptable to the specific aspects of each profession: it is able to identify any kind of signal to trigger any series of actions.
Structuring and consolidating
• mutualized collection and processing of large quantities of data,
• enhancement and correlation of analyses through threat intelligence,
• continual access to shared and instantly enhanced CTI bases,
• Cloud secure architecture, designed for resilience and scalability,
• agile, adaptable, constantly evolving, autonomous and easy-to-use system.
• ACCESSIBLE, EASILY DEPLOYABLE
STRUCTURED RESSOURCES X FLEXIBILITY X STANDARDIZATION
SEKOIA.IO offers the best security systems to be exploited without the need to develop them or the cost of operational maintenance and updates.
SEKOIA offers the benefits that come with modular and interconnected functions and the advantages of automatizing and integrating human actions on the right level, without ever losing sight of the value of any proposed interaction, for an optimal TCO.
To gradually adapt the security system,
our support and assistance :
• to the transformation stages,
• to any context, current changes in the profession or temporary needs,
• to any type of offer or mode of interaction,
• to the expectations of the parties involved.
A platform that integrates
the specific challenges of the professional sector in any new context
The orchestration of systems and the automatization of processes can be configured at any level of the process, to enhance and accelerate it and to produce information, guidelines and reports that can be put to good use at the right time and at the right level (both operational and directive).
SEKOIA.IO comes with a large panel of basic interfaces, which can be adapted and completed depending on the desired level of interaction, and on the expectations and the qualifications of the people who use them, or their executive status in the organization.
Main interfaces per type of interaction :
consolidates the main indicators.
Alert Risk Indicator
allows monitoring of SOC performance indicators.
designed for mobile and desktop environments.
integrates disparate data sources.
sets rules in standardized language.
reduces noise by regrouping similar warning signals.
OpenC2 Course of Actions
proposes remediation adapted to every alert and every context.
Rules of Engagement
synchronizes automatized actions to align them with the priorities of the profession.
automates risk determination and the decision to act.
selects counter-measures according to an indicator of pertinence and criticality.
partitions and federates data, rights and accesses.
allows for the integration of SEKOIA.IO into your existing defense infrastructure.
Robe-based Access Control
fine-tunes control of permissions and roles of the members of each community.
allows for collaboration without loss of control.
The implementation of SEKOIA.IO can also be enhanced
by Managed Detection and Response services (MDR), in order to deliver
a range of services and solutions in Cyber Protection and Defense, from start to finish.
SEKOIA relies on SEKOIA.IO’s technology and delivers human resources
organized in dedicated teams of experts, strengthened by all
of SEKOIA’s technical strengths and skills, in order to offer:
assistance from the first stages of onboarding until, if necessary, reversibility.
One single contact,
Reporting mode adapted to the client,
Monitoring of service quality indicators (KPI).
ADDITIONAL SEKOIA.IO SERVICES
Intelligence on threat and vulnerabilities,
Creation of detection rules,
Investigation into warning signals.
Flash Intelligence Reports.
Analytical reports on the attackers’ new operating modes, or new vulnerabilities (strategic analyses, tactics, techniques, and concrete recommendations aimed at clients and internal teams).
IOCs generated by about one hundred OSINT sources and through investigations led by analysts at SEKOIA. Automatic and intelligent qualification and enhancement of OSINT sources, done manually for OICs generated after investigation into groups of attackers. Redistribution of “community” technical elements (STIXv2 and TAXIIv2 standards).
Incident response & digital investigation.
In case of a security incident, clients can not only choose to call on SEKOIA’s CERT for assistance in their response to the incident, but they can also delegate all or part of the digital investigations. SEKOIA’s CERT will adapt a response strategy and will assist clients in their analysis, confinement and remediation after the incident. These digital investigations rely on open-source tools like FastIR Collector, a tool developed by SEKOIA.
On the client’s demand, we establish personalized reports on threats that affect a particular element: a concept, a piece of technology, a sector of activity, a geographical area…
Whether during incident response or at other times, clients can also call upon our CERT to analyze any type of malware.
Several modes are possible: fast semi-automatic analysis, in order to swiftly extract the main IOCs, full reports on the malware’s functions, and recommendations for prevention, detection and disinfection.
Intrusion testing : we will help in identifying vulnerabilities on all or parts of the information systems, and propose pragmatic recommendations to correct any vulnerability we detect.
Specific technical audits : on demand of the client, these audits can be carried out on any type of platform and against any type of technology (code audit, architectural audit or configurational audit).
Red Team : we propose to carry out intrusion attempts through realistic and complex scenarios. We launch specific attacks on a defined target, without any restrictions as to the techniques deployed by our auditors and pentesters (social engineering, phishing, lock-picking, etc.)
The scenarios are established in collaboration with the CTI team in order to reproduce the TTPs of the attackers, chosen in accordance with the client’s professional context.
The capacity to rapidly develop new functions
for an optimal TCO.
CONCEPTION / DEVELOPMENT
CO-DESIGN / CO-DEVELOPMENT
New challenges often call for adjustments
and functions which our teams put in place
and develop through a swift process.
They can also collaborate with or integrate
other existing teams to co-design
and co-develop new capacities quickly.
NEVER WAS SO MUCH OWED BY SO MANY TO SO FEW —W. Churchill.