Data | Article | Discover

Cybersecurity: ThreatNet draws on Orange’s database to protect networks

Reading time: 3 min
• ThreatNet is an innovative cybersecurity solution from the Orange Group involving detectors that are distributed to continuously monitor the carrier’s entire internal network.
• The solution is powered by Orange Cyberdefense’s knowledge base of threats to accurately identify the nature of the attacks.
• ThreatNet can process large volumes of data in a decentralised way, operate at speed and identify threats with precision.

Digital sovereignty and data protection are crucial for companies of all sizes. This is why Orange cybersecurity experts developed ThreatNet, which will be showcased at Orange OpenTech.

ThreatNet continuously analyses internal network activity to identify potential threats in real time.

Continuous monitoring of internal network activity

ThreatNet is a flow analysis detector designed to protect the Orange Group’s internal network. This cybersecurity solution continuously analyses the whole IT network’s activity. For this first use case, it checks all requests (between 10 and 100,000 events per second). By analysing all internal DNS traffic, ThreatNet detects any abnormal activity on the corporate network—such as data leaks, ransomware or other malware—and identifies it accurately in real time. Supervisors instantly receive qualified information about the nature of the cyber threat. Because the cyber threat is associated with the IP address of a computer or any other equipment active on the company’s internal network, the flow security teams can react effectively, preserving network integrity.
ThreatNet Project Designer Mathieu Langlais explained: “ThreatNet is an analysis tool capable of identifying any threat known to a cyber threat base. It is a detector that is capable of cross-referencing the network’s activity with threat bases of several million entries to report any anomalies or attacks. Its primary objective is to flag relevant incidents. We wanted to only issue qualified signals, corresponding to a proven cyber threat. We have been able to prevent several internal attacks by quickly identifying them. The modular solution knows how to identify all domain names close to Orange’s and identify ‘ ’ (Dynamic Generation Algorithms) domains, created using an algorithm for temporary cyber needs.

Speed thanks to Rust and efficiency from Orange’s data lake

Analysis scenarios are built from basic components. This makes it possible to create or adjust its analysed scenarios according to needs, without going through the development process again. Furthermore, ThreatNet is powered by Orange Cyberdefense’s data lake, a database dedicated to cyber threat knowledge. This data lake feeds the detector as soon as reports are received. This combination provides tangible benefits in terms of responsiveness to effectively combat threats.

Iterative, collective and evolutionary development

Incubated within Orange’s Cyberfactory, which brings together experts, cybersecurity researchers and developers, ThreatNet is the result of the maturing achieved by successive iterations and internal synergies. Mathieu Langlais described this innovation process: “Starting from a blank page after a project aimed at identifying the infection rate of our network, I wanted to reuse the work done on the DiagNet solution dedicated to network service quality. I wondered to what extent we could add value to this mature software for cybersecurity analysis. I then launched an exploration phase by creating new analysis components specific to cyber processing. With these new (Temporal Event Sequence Summarisation) software components, coded in Rust, the solution became compatible with our cyber ecosystem. We were on the right track because we inherited highly efficient and completely mature processing components. Today, we are also working with Orange’s cyber teams in Caen, who are in charge of the exploratory part of Orange Cyberdefense’s data lake.
Orange France then chose the project to monitor the company’s network, explained Cyberfactory Manager Philippe Calvet: “ThreatNet is a joint innovation between Cyberfactory, Orange France’s security teams and Orange Cyberdefense for the threat base section. This project perfectly illustrates our working dynamic: We do not work in silos but as part of an integrated team. This cross-cutting approach allows us to develop the solution for new uses, which we would not have thought of in a more traditional work environment. Above all, we are paying close attention to the needs on the ground, in particular from Orange France. By combining innovations from the network and cyber domains, we can offer solutions to secure our Group. Eventually, these solutions could be deployed to protect business clients in France and internationally.

Sources :

https://cyber.gouv.fr/actualites/lanssi-publie-le-panorama-de-la-cybermenace-2023

Lexicon

DNS

the word definition

edge computing

the word definition

DGA

the word definition

Rust

A programming language created in 2006, renowned for its resilience and speed.

TESS

Temporal Event Sequence Summarisation

Mathieu Langlais
Designer of the ThreatNet project at Orange

Read also on Hello Future

Conceptual image of the Thales Alenia Space data centre - Thales Alenia Space_MasterImageProgrammes
Data | Article

Lower emissions and reinforced digital sovereignty: the plan for datacentres in space

Discover
GettyImages - solar energy
Data | Article

An Algorithm to Predict Solar Energy Generation

Discover
Une femme valide sa connexion à son smartphone.
Data | Article

Confidential computing fills a blind spot in data encryption

Discover
Data | Article

Blockchain: facilitating secure sharing of data among robots

Discover