eGambit

eGambit : a holistic cybersecurity solution

According to a recent survey released by McKinsey, cybersecurity has become a top concern of the world’s business leaders that are willing to dedicate adequate funds to address it, yet lack appropriate, integrated and effective tools to support fast, fact-based cyber security management. Features commonly described as problematic are namely: a lack of structure, that is overly exhaustive reports failing to effectively identify cyber risks; a lack of clarity, that is the use of overly technical language failing to effectively translate the nature of cyber risks to the top management; and a lack of consistent real time data, that is conflicting information from various sources on the level of risk assets are exposed to.

A holistic approach for a better cybersecurity

“A holistic approach to cybersecurity can address these failings.
A holistic approach proceeds from an accurate overview of the risk landscape—a governing principle that first of all requires accurate risk reporting. Thanks to a holistic approach, organizations no longer get lost between the different cybersecurity solutions implemented. The goal is to empower organizations to focus their defenses on the most likely and most threatening cyber risk scenarios, achieving a balance between effective resilience and efficient operations.” How to do it with efficiency?

  • Identify risks and risk appetite
  • Analyze and evaluate each risk regarding to likelihood of occurrence and potential impact
  • Process (create an overview of all initiatives undertaken to mitigate the top cyber risks)
  • Monitor over time

At TEHTRIS, we decided to improve this situation with a simplified equation, by using this holistic approach. TEHTRIS Endpoint Security agents use automated analysis with robots and Artificial Intelligence engines, building large threat intelligence databases worldwide, on a 24/7 basis. With a living product powered by sharp technologies, TEHTRIS focuses on helping security officers to understand, detect and mitigate issues as quick as possible. TEHTRIS offers a new take on cybersecurity using enhanced endpoint protection, which correlates security events to determine whether something is amiss on a protected workstation or server.

What is an XDR solution, eXtension Detection & Response?

In eXtension Detection & Response, the X has many meanings. At TEHTRIS, as in mathematics, the X, the unknown, echoes the slogan “Facing the unpredictable”. Our ambition is to provide a detection and response service that comprehensively addresses known and unknown threats. Secondly, the X is also an X to say that it works everywhere, for all attack vectors and surfaces, compared to the E for Endpoint in EDR technology for example. Finally, the X means that our method is an “eXtended” method, so that our customers and partners benefit from an enhanced detection and response service. Much more developed than a simple EDR solution.

eGambit: an integrated and complete tool

TEHTRIS’ eGambit is a complete cybersecurity arsenal that delivers all-round security with high-quality service by deploying integrated proprietary on-premise and cloud-based software combining asset inventory, security audits, SIEM

“>SIEM, NIDS
“>NIDS, Endpoint Detection and Response, Honeypots
Honeypots are fake resources that can be used to delude attackers. As an example, this could be a fake computer added in a real network, so that any incoming communication might look like something suspicious, as nobody should talk with it. This is something really complex, but it can help at finding remote attackers as soon as they got an access, trying to explore your own infrastructure.
TEHTRIS Deceptive Response allows you to easily add many honeypots inside your infrastructure, with specific tricks like the monitoring of intruders activities: video of hacking sessions, etc. TEHTRIS Deceptive Response is part of the TEHTRIS XDR Platform, which will increase the detection of intruders by mixing the power of all the related tools, like EDR, EPP, SIEM, etc.
“>Honeypots, and Forensics, with unified machine learning enhanced SOC
Security Operations Center (SOC)
A SOC is a group of people that monitor the security of information systems. It is traditionally linked to cybersecurity monitoring, protection, and security assessment for any kind of assets like websites, applications, databases, data centers, servers, networks, desktops and other types of endpoints. They are all monitored, assessed, and hardened.
There are new activities that have emerged, like Managed Detection and Response (MDR), which focuses less on assessing every single element, and more on in-depth analysis over essential evidence, with complex analysis on intrusion attempts.
SOC and MDR activities are usually proposed by Managed Security Service Providers (MSSP) in many different formats, like internal, external and hybrid. Specific teams like CERT or CSIRT can also be part of SOC teams for certain crisis situations.
A SOC should link people, processes and technologies (ISO 20000) to provide situational awareness through the detection, containment, and remediation of IT threats.
SOC should allow to link people, processes and technologies (ISO 2000) to provide situational awareness through the detection, containment, and remediation of IT threats.
TEHTRIS SOC can deliver day to day services by hunting down security issues and by delivering enriched data to identify, analyze, investigate and report incidents. TEHTRIS XDR Platform also has actual partners offering worldwide services like SOC, MDR, security assessments, crisis management, governance, compliance and so on.
“>SOC analytics. These services are coupled with security threat monitoring, breach assessment, and incident response.

The eGambit Endpoint Security agent, running on UNIX and Windows, is one of the key components provided in the full eGambit product. It performs a real-time analysis of each active code running on the protected endpoint, leaving goodware alone and killing malware. In case of doubt, the unknown active code is sent to a bunch of tools to determine its level of danger and decide about the action to take. The product comes with an application that centralizes security events throughout the infrastructure in a unified console. eGambit also proffers advanced features like the SIEM for the endpoints and remote Audits (network, vulnerabilities…). Companies that choose to improve their IT security with eGambit Endpoint Security often strengthen it with eGambit SIEM, which offers security complements such as firewalls, proxies, servers, antiviruses, and the like. These events are collected and centralized in a local and secured appliance for further investigations and if need be for evidence purposes. Consultants and customers can check for wide patterns and low signals indicating a stealthy attack. The Endpoint Security agent uses automated analysis with robots and AI engines, building large threat intelligence databases that function round the clock across the globe. TEHTRIS Consultants help the client to structure his cyber risk management approach in a frictionless holistic way, raising from technical to business-driven approach his investment on eGambit arsenal.

A protection beyond borders

TEHTRIS’ eGambit arsenal adapts to both Fortune 500 companies’ needs for absolute security and small and medium-sized businesses’ requirements for cost-effective detection of incidents. For example, the best results were obtained on the infrastructure of a customer working in 15 countries ((in different time zone and tights operational constraints). TEHTRIS was able to protect the worldwide Windows environment in less than 1 week. eGambit Endpoint Security agent currently protects customers in countries like the US, Canada, the UK, Brazil, China, Saudi Arabia, Czech Republic, Luxembourg, Spain, Belgium, and France.

References

https://www.mckinsey.com/business-functions/risk/our-insights/cyber-risk-measurement-and-the-holistic-cybersecurity-approach

https://cyber-security-europe.enterprisesecuritymag.com/vendors/tehtris/2018