Remediation 2018-06-05T15:49:22+00:00

Home » Research » Remediation

Le 30 octobre 2020, nous avons lancé avec succès le projet TRUE-VIEW, financé par l’Académie franco-allemande pour l’industrie du futur (GFA).

Le projet TRUE-VIEW rend visible les flux de données ambiants tels que l’échange de données entre un certain capteur et une certaine application à l’aide de la réalité mixte. Ce faisant, ce qui est caché dans l’ambiance deviendra perceptible pour les humains, et il sera possible d’enquêter, d’analyser, de comprendre et de se faire une opinion sur.

Le contenu principal du coup d’envoi était d’apprendre à se connaître les uns les autres. Le projet combine l’expertise en matière de cybersécurité (groupe IMT Pahl ; groupe TUM Eckert), de réalité augmentée (groupe IMT Duval ; groupe TUM klinker ; groupe INRIA Lecuyer) et d’applications (Fraunhofer Tippmann). Chaque partenaire a fait de courtes présentations sur ses sujets de recherche, ses capacités et ses objectifs pour ce projet.

De l’IMT Atlantique Marc-Oliver Pahl (Cyber CNI, Lab-STICC/IRIS), Guillaume Moreau (actuellement CE Nantes bientôt IMT Atlantique, Lab-STICC/INUIT), Thierry Duval (Cyber CNI, Lab-STICC/INUIT), Alexandre Kabil (Cyber CNI, Lab-STICC/INUIT). De TUM Gudrun Klinker (TUM FAR), Claudia Eckert (TUM I20), Mohammad Reza Norouzian (TUM I20) et Fabian Kilger (TUM I20). De l’INRIA-IRISA, Ferran Arguelaguet (équipe HYBRID) et Florian Nouviale (équipe HYBRID). Volker Tippmann, de la Fraunhofer Gesellschaft, n’a malheureusement pas pu assister au coup d’envoi.

Nous sommes très heureux de travailler avec de si bons partenaires pour les 9 mois à venir ! L’un des objectifs du projet est de créer des pilotes. Plus de nouvelles et de vidéos à venir 🙂

L’un des objectifs du fonds d’amorçage de la GFA est de créer une proposition de financement avec un consortium plus large. Si vous souhaitez en savoir plus sur le projet ou rejoindre le consortium, n’hésitez pas à nous contacter.

REMEDIATION

Confronting increasingly complex and widespread cyber-attacks

Cyber-attack strategies have grown increasingly sophisticated over the last few years. Attacks are no longer isolated, one-off attempts. They are now multi-pronged coordinated events. However, this new type of threat can be contained by implementing adapted and responsive corporate security surveillance systems. This is a pre-requisite for any kind of cyber-defence policy.

complex and widespread cyber-attacks

When it comes to IT system protection and security, decision-making capacity is crucial for companies. Speed, in particular, is of the essence. This implies that the nature of the risk, its possible ripple effects and its damage-inflicting capacity must be properly identified, diagnosed through data analysis, and characterised upstream of the attack. For further information, see: Metrics. Various SIEM (Security Information and Event Management) tools and software applications are currently available on the market to implement a suitable and sufficiently agile and prompt response. These can not only simultaneously and instantaneously detect potential threats, but can also configure and automate defence routines that are best adapted to the nature of the incoming attack. This is where difficulties can arise in complex systems, where conflicts may appear. In other words, different sub-system responses may come into conflict when faced with an attack or a “security event”. Different ways of solving the conflicts have to be found by analysing the hypotheses and options available. Security managers therefore have no choice but to anticipate the conflicts by defining an ad hoc crisis management methodology which can not only contain the attack, but also manage the conflict and preserve network integrity, while attempting to ensure at least some kind of continuity of service.

Confronting and responding effectively to increasingly sophisticated cyber-attacks

Since it was founded, the Institut Mines-Télécom’s Cybersecurity Chair has specialised in the definition and implementation of security event remediation solutions, in particular in business contexts. Its research focuses on two main areas: transitioning from centralised, sequential processing to parallel, distributed processing; and activating effective post data analysis responses, suitably configured to deal with the intrusions, while ensuring system security continuity. The Cyber CNI research team has focused more specifically on various techniques that can be implemented to dynamically update corporate and institutional IT security policies. On a more detailed level, this means developing a “security intelligence” that can perform real-time data analysis and adapt to environmental evolution and changes, if need be by enabling or disabling degraded modes. The team’s work consists in describing, modelling and developing the technical response required to implement the proposed solutions. All the cyber-defence response and optimisation work undertaken by the Cyber CNI research team is backed up by experimental case study validation in partnership with client companies, as is all the work conducted on Analytics  and Metrics. All critical infrastructure businesses are particularly vulnerable to specifically targeted, multi-pronged, coordinated security events.

sophisticated cyber-attacks