Cybersecurity enhances performance in your company
Spread the cybersecurity culture among your staff
Digital transformation multiplies the entry points for hackers and generates a significant flow of data that is not sufficiently secure in the face of new uses and potential risks.
Such data, which are often of a confidential nature (financial information, medical or strategic data, etc.), attract dangerous cybercriminals and are the target of increasingly sophisticated attacks. Extortion, identity theft, breach of trust, credit-card fraud, intrusion or spyware installations, data theft, damage or destruction are just a few examples of the different cyber-attacks that your company may face.
Our vision is that security is not just a matter for specialists: it does – and should – concern all of us.
Cybersecurity must also facilitate the performance, innovation and success of your business and your projects.
To preserve your image and keep the trust of your employees, customers and partners, it is essential to implement a solid cybersecurity strategy that is adapted to your scale, risks, and business challenges.
Make cybersecurity part of your overall approach
Personalized support to fight cybercrime, protect data, and comply with regulations
* Support the definition and the end-to-end application of your security strategy.
* Introduce the security aspect as early as possible in your process. The impact will be smaller and the responses more efficient.
* Be particularly vigilant about the consistency of security risk management at the business and IT levels. Our teams will help to interface your teams on the subject.
* Make sure you have a proactive partner: Our market analysis, the monitoring that we carry out, and the correlation of the whole enable us to suggest the right protective measures for your setup.
* Guarantee our response capacity with the right skills that are agnostic with regard to the client's setup.
* Your ROI, which we can help you calculate, will mainly be looked at from 3 perspectives:
* regulators and their remediation/fine requirements
* the avoided cost of claims
* minimizing the cost of cyber insurance without reducing coverage
Ability to design and implement your IT and business security strategy in different areas:
Soundly secure applications right from delivery.
Three keys to work out your security together
From good practices in your sector to fighting intrusion, we align our approach with your company's security and budget requirements.
Our offer holds advantages from 3 perspectives:
- Compliance with good practices imposed by regulators. The list is of course not exhaustive, but we can at the very least mention the rules of ANSSI, GDPR, NIS, and any measures related to the client's core businesses (SCADA, PCI DSS, HDS, Basel, Solvency, CHAPS, etc.).
- The fight against intrusions. In addition to traditional real-time intrusion detection and security incident response capabilities, our approach allows us to set up a predictive system in line with your business challenges, your risk exposure and, ultimately, the impacts that are specific to you.
- To help your internal customers implement security devices in projects according to your internal requirements and those imposed by your regulators, all in a unique, structured approach with the dual objective of raising your level of protection while reducing costs. We take special care to generate ROI in everything you do.
Introduce cybersecurity at all levels
A service offer that is built around reduced exposure to risks, the proactive fight against intrusions, and the security of applications.
Our service catalogue is based on the following axes :
1. Assess and reduce risk exposure with often short but valuable services such as: Reviewing risk mapping, performing risk analysis, implementing and monitoring security on projects, governing ISS bodies and steering ISS action plans, performing gap analyses and implementing remediation plans to ensure compliance with regulators including ANSSI and GDPR data-hygiene rules, analysing issues and impact, and carrying out audit plans (organisational, physical, secure site, LPM, code review, configuration review) and intrusion test campaigns (black box, grey box, white box, from internal and external sources). We also have a rapid response team to support you in the event of an attack in technical or legislative areas, and to help you restart your activities, collect traces, file a complaint and build up your insurance claim.
2. With our Cyber Defence Centre, we set up a team that will work alongside you in 3 respects. At the start of the service we carry out a real estimate of your exposure to the threat, in proportion to the impacts for your business. In this first phase, we'll set up and manage a remedial plan (preventative and curative) to reduce your level of risk in a quick-win logic. We then move on to the second phase, which consists in fighting intrusions in real time. Through the close relationship that is built in this way, we can improve our response approach by implementing proactive protective measures, in line with your specific needs but also with the information we have about cyber malware at any given time.
3. Unlike infrastructures of which the components have become vulnerable and for which security patches can arrive to resolve the incident as fast as it takes to validate and distribute the patch, your vulnerable business applications will remain so for very long periods of time, which are conducive to cyber malware and internal attacks. To mitigate this risk, we implement an application security approach to detect vulnerabilities as they appear during the development phases and support you in the resolution phase. This approach also has the benefit of advancing your developers as they go along. Once your applications go live, we monitor their resistance continuously carrying out application vulnerability tests.
Combine human capacities and technology to stop cyber predators
In-house solutions controlled by ANSSI
Inetum's capabilities are well distributed to remain close to our clients and their business challenges. We have qualified personnel in our business teams on the Application as well as Infrastructure side to apply increased security levels on a daily basis. In a broader sense, we have a team of consultants and experts who operate countrywide in the definition of the Cyber Security doctrine upstream, controls downstream, and a Cyber Defence centre that supports you on a daily basis by positioning itself as the frontier between your IT assets and malicious individuals whether they are internal or external to your organization.
Inetum is the only company in France that operates its cyber defence systems with French solutions developed by us under the supervision of ANSSI and DGA, and in the process of ANSSI certification.
Secure the integrity of your IS
Keenaï, a SIEM solution that protects your information system against threats
Our Keenaï offer – a global management solution for Information System security, falling into the category of SIEM (Security Information and Event Management).
Based on the activity logs of your hardware and applications, the purpose of SIEM is to:
• Continuously save IS activities;
• Detect attacks and identify security threats in real time;
• Control your infrastructure and reduce associated threats
Our Keenaï offer consists of 3 solutions that monitor and improve the security of your information systems against threats of compromise and espionage.
Over 5 a period of years, our Keenaï solutions – Keenai ALERT, Keenai SCADA and Keenai SOC – have collected billions of events and detected security incidents worldwide using powerful event correlators.
100% of the source code is in the hands of Inetum, and is designed with advanced robustness. The Keenaï offer is as asset for your cyber defence.
Keenaï received the support of the French government through an investment programme for the future (PIA) until the end of 2019
They trust us
Ministries, manufacturers and mid-caps use Keenaï to secure their strategic environment.
Ministries and essential operators - our references:
• Ministry: construction and steering of the corrective plan imposed by ANSSI following an audit aimed at maintaining their RGS (General Regulation of State Security) 3-star rating. Workload: 8 person-months
• Ministry: setting up Keenaï to monitor and investigate cyber threats. Long-term operations and selling of the Keenaï solution
• Manufacturer in the military field: building and steering of the plan for compliance with the French Military Programming Act (LPM). Workload: 600 person-days
• Government agency: comprehensive security programme for projects to align a complete overhaul of the IS with regulatory requirements and the fight against cyber-attacks. Duration 4 years with a load of 400 to 600 person days per year.
Mid-cap references: Boiron - Chaine Thermale du Soleil - Transatel - Mutex - Linedata - Laboratoire Pharmaceutique OIV
For these clients, we set up a risk-assessment and -reduction system with:
• Risk analysis
• Definition of exposure to threat
• Setting up a counterpart aimed at reducing the occurrence of claims and their impacts
• Carrying out audits and intrusion tests
• Organizing an annual drill to train operational and management teams to react to a cyber disaster
In all events, use cases are defined and deployed in Keenaï in a logic of setting up anticipatory corrective action plans to avoid cyber crises.
Cybersecurity - a natural part of our service offer
Offers that include cybersecurity in the overall life cycle of client projects
Cybersecurity is associated with all of Inetum's offers both in terms of third-party application maintenance (TMA) and outsourcing of your infrastructures where, globally, we support you throughout the entire life cycle of your projects from the study phases to their execution. More broadly, our cybersecurity capabilities reinforce the Inetum Group's transformation process.
Don't miss our events around cybersecurity
We participate in the two biggest ISS trade shows on the French market. Come and see us every year in January in Lille at the International Cybersecurity Forum and in October in Monaco for the Assises de la Sécurité. An annual opportunity to come and share in our feedback on a specific topic. In 2019, we focused on industrial safety; in 2020, the spotlight was on mid-sized companies and the Public Sector, which often carry the same risk exposure with more limited resources.