• The solution is powered by Orange Cyberdefense’s knowledge base of threats to accurately identify the nature of the attacks.
• ThreatNet can process large volumes of data in a decentralised way, operate at speed and identify threats with precision.
Digital sovereignty and data protection are crucial for companies of all sizes. This is why Orange cybersecurity experts developed ThreatNet, which will be showcased at Orange OpenTech.
ThreatNet continuously analyses internal network activity to identify potential threats in real time.
Continuous monitoring of internal network activity
ThreatNet is a flow analysis detector designed to protect the Orange Group’s internal network. This cybersecurity solution continuously analyses the whole IT network’s activity. For this first use case, it checks all requests (between 10 and 100,000 events per second). By analysing all internal DNS traffic, ThreatNet detects any abnormal activity on the corporate network—such as data leaks, ransomware or other malware—and identifies it accurately in real time. Supervisors instantly receive qualified information about the nature of the cyber threat. Because the cyber threat is associated with the IP address of a computer or any other equipment active on the company’s internal network, the flow security teams can react effectively, preserving network integrity.
ThreatNet Project Designer Mathieu Langlais explained: “ThreatNet is an analysis tool capable of identifying any threat known to a cyber threat base. It is a detector that is capable of cross-referencing the network’s activity with threat bases of several million entries to report any anomalies or attacks. Its primary objective is to flag relevant incidents. We wanted to only issue qualified signals, corresponding to a proven cyber threat. We have been able to prevent several internal attacks by quickly identifying them. The modular solution knows how to identify all domain names close to Orange’s and identify ‘ ’ (Dynamic Generation Algorithms) domains, created using an algorithm for temporary cyber needs.”
Speed thanks to Rust and efficiency from Orange’s data lake
Analysis scenarios are built from basic components. This makes it possible to create or adjust its analysed scenarios according to needs, without going through the development process again. Furthermore, ThreatNet is powered by Orange Cyberdefense’s data lake, a database dedicated to cyber threat knowledge. This data lake feeds the detector as soon as reports are received. This combination provides tangible benefits in terms of responsiveness to effectively combat threats.
Iterative, collective and evolutionary development
Incubated within Orange’s Cyberfactory, which brings together experts, cybersecurity researchers and developers, ThreatNet is the result of the maturing achieved by successive iterations and internal synergies. Mathieu Langlais described this innovation process: “Starting from a blank page after a project aimed at identifying the infection rate of our network, I wanted to reuse the work done on the DiagNet solution dedicated to network service quality. I wondered to what extent we could add value to this mature software for cybersecurity analysis. I then launched an exploration phase by creating new analysis components specific to cyber processing. With these new (Temporal Event Sequence Summarisation) software components, coded in Rust, the solution became compatible with our cyber ecosystem. We were on the right track because we inherited highly efficient and completely mature processing components. Today, we are also working with Orange’s cyber teams in Caen, who are in charge of the exploratory part of Orange Cyberdefense’s data lake.”
Orange France then chose the project to monitor the company’s network, explained Cyberfactory Manager Philippe Calvet: “ThreatNet is a joint innovation between Cyberfactory, Orange France’s security teams and Orange Cyberdefense for the threat base section. This project perfectly illustrates our working dynamic: We do not work in silos but as part of an integrated team. This cross-cutting approach allows us to develop the solution for new uses, which we would not have thought of in a more traditional work environment. Above all, we are paying close attention to the needs on the ground, in particular from Orange France. By combining innovations from the network and cyber domains, we can offer solutions to secure our Group. Eventually, these solutions could be deployed to protect business clients in France and internationally.”
Mathieu Langlais
Philippe Calvet
