Alsid says the IT security problem of companies
The coronavirus pandemic, telework and cyberattacks are at the heart of our various news.
Today, cybersecurity is an essential part of a business." The fight is therefore underway between cybersecurity experts and the malicious cyber.
This article will also interest you: The lack of discipline of French teleworkers
The question at the heart of the concerns of researchers and security teams is how to easily identify hackers when trying to access the corporate network. In this regard, Emmanuel Gras, CEO of Alsid, the start-up born of the National Agency for Security of Information Systems, the French authority for network and systems security, notified: "It is difficult to identify the perpetrators of the attacks, usually experts who use various camouflage techniques and sow false leads behind. Previously, time zone analysis allowed for a more or less reliable geographic location. Today, this parameter is outdated, perfectly integrated by the networks of cyber-attacks that generally operate in countries different from their own. The only certainty is that these attackers are unlikely to be government groups."
It should be noted for all intents and purposes that Alsid offers a software solution in the basic feature is to identify and fix system vulnerabilities before computer attacks. Granting IT structures a pretty lively nature, Alsid CEO Emmanuel Gras, a former Anssi engineer, said: "Systems evolve dozens of times per second. Our 24-hour solution analyzes these changes and allows the customer to fix the flaw before the cyber-attack."
It should be noted Emmanuel Gras, and the co-founder of Alsid have exposed paradox affecting the functioning of computer systems during the many audits they conducted when he was still an engineer at the National Security Agency. For example, during a cyberattack, security teams tend to focus on protecting the computer network on its periphery, while it is known that it is easier and faster to compromise the Active Directory server. In addition, the number of employees a company employs counts in defining the scope of a cyberattack. Indeed, the more employees there are, the more difficult it will be to protect the company's computer system from a phishing attack specifically designed to compromise one of the terminals used within the structure. In such a way that "it must be considered that protecting the periphery no longer provides absolute protection," means Emmanuel Gras, whose team consists of 20 programmers in the design of these detection techniques in response to the needs of companies.
Another issue is raised that directly concerns the Active Directory tool. Indeed, it should be noted that an infrastructure linked to this tool is constantly evolving, relying much more on user activity. "Companies conduct security audits. But with regard to the AD, these audits amount to taking a photo that is usually no longer valid the next day. For example, we are currently working on a system that records an average of twenty changes per second," warned the CEO of Alsid. Therefore, security that also allows to analyze the flaws of Active Directory has much more advantages than a solution that merely protects than the perimeter. This is because of the fact that the security team is more proactive. This changes from traditional software that only warns when the attack has started. Hence the interest of a platform, which exposes in advance the security vulnerabilities to be fixed before they are exploited by cyber criminals. The reality of this situation is more impactful in the finance and banking sector. Indeed, with the financial flow that is managed there on a daily basis, hackers attach great importance to it. And a computer attack could have disastrous consequences. Hence the need to be "proactive and correct the problem before the attacker discovers the flaw." And this in view of the explosion of malware has multiplied since the appearance of coronavirus. "In Asia; we support financial players in Hong Kong, Singapore, Australia and Malaysia who are particularly sensitive to cybersecurity issues," says Emmanuel Gras.
Now access an unlimited number of passwords: