Continuously tracking threats

Being in the crosshairs of an attacker whose modus operandi is unknown increases our vulnerability.

In cyberspace, there are more and more attackers. They show ingenuity to deploy sophisticated attacks that often escape conventional defense strategies. Prevention, awareness and the application of computer hygiene rules are no longer enough. Protecting oneself now requires perpetual intelligence around threats in order to follow their technical, tactical and strategic developments as closely as possible.

Discover our XDR solution

Chat with an expert

Treat yourself to a highly structured Rosetta stone to check threats before they arrive at your doorstep

Within our SOC platform, cyber threat hunting is one of the basic elements of our approach. It takes shape through a feature called “Operations center”. You will find a catalog of more than 560 rules specialized in the detection of cyber threats.

First, this catalog of rules (directly actionable for your defense strategy) is entirely produced and maintained daily by our CTI team (composed of cybersecurity researchers and analysts). Each threat detection rule is systematically associated with context. This can be both emerging threats and so-called advanced ones, names of malware, groups of attackers, operating modes or even attack techniques (carried out using the MITRE ATT@CK framework).

Then, this catalog applies to your entire information system, from your e-mails, network, endpoints… Whatever the control point, our detection engines will be able to leverage it.

To strengthen our ability to detect threats and above all to record an almost zero false-positive rate, we subject our detection engines to a strict evaluation process. Every rule is qualified with four levels of complexity required for its proper implementation. This classification is established based on the effort required to activate the rule (for example, the configuration of the log source) and the risk of false positives associated with the detection rule.

Depending on your needs, you can also customize the detection rules, apply exclusion cases, restrict their scope of use, or even create new ones adapted to your operational security strategy.

Discover our XDR solution

Chat with an expert

From your unified security console

Protect your organization in real time from attacks, intrusions and compromises

Unlike traditional approaches that carry out detection intermittently (every 15 minutes, for example), our SOC platform helps you apply detection within your IS in “ streaming”, i.e. continuous detection.
This is made possible thanks to the combined presence of our three detection engines:

• The Correlation engine is focused on the detection of malicious behavior, associated with bad IT practices. Here, it is a question of taking advantage of the SIGMA language to express the expected properties around the collected events. These rules can also be combined using temporal, statistical operators to perform multi-event detection (for example, the detection of five authentication failures on the same user name in five minutes).

• The CTI pattern engine is able to identify, thanks to an actionable knowledge base, the tracks of malicious activities on your Information System. This operational knowledge base is made up of more than 2,000,000 technical indicators fully contextualized and maintained by our teams. To extend your detection capabilities, you can add other CTI feeds of your choice, or your own (your intelligence, the one your team produces from A to Z).

• The Anomaly Detection engine can identify attacks carried out using techniques and tools legitimate enough to fly under the radars of the behavioral detection engine and unknown to the CTI knowledge base. To search for unusual and deviant behaviors, this anomaly detection engine relies on the continuous learning of behaviors and practices.

In the event of malicious activities, unexpected behavior, violation of standardized IT practices or malicious use of legitimate means, a contextualized alert is raised. At the same time, you can automate and through playbooks integrated directly into your console, adequate responses, in order to neutralize the threat before impact on your information system.

Discover our XDR solution

Chat with an expert

Improve the analyst experience of your SOC team

The 560 cyber threat detection rules, natively integrated into the SOC platform, are directly actionable, ready to use and customizable in a few clicks. Depending on operational needs, your analysts can readjust them to increase their efficiency or create new rules deemed closer to your realities.

All alerts produced within the SOC platform are fully contextualized based on the knowledge base produced and maintained by SEKOIA.IO. This is a real time saver for your analysts. Thanks to this contextual information, they can, in fact, assess the urgency to assign to the treatment of each alert. From these contextual elements, they can also take advantage of the knowledge associated with them, in this case: the operating modes and malware identified, the groups of threats and their campaigns but also their attack techniques…

According to their needs for investigations around alerts, your analysts can centralize (jointly) their observations, their analyses, comments and results within a functionality of the SOC platform, called “Case”. The information shared by collaborators in this feature can be used to reconcile, for example, certain alerts between them.

In addition, your SOC teams can – depending on the log retention period, i.e. 90 days – search the past for suspicions of compromise. They can combine one or more terms to narrow their searches. The results are displayed in the form of a table (whose columns can be modified) and a graph representing the volume of events over the chosen duration.

Discover our XDR solution

Chat with an expert

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_152945562_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
Inbound Converter	2 ans	This script communicates back to TechTarget which accounts, based on reverse IP lookup, have visited this website. The information that is transmitted includes: URL of page landed on, Timestamp of visit, IP Address
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.