egambit Your defensive cyber-weapon system. You have the players. We have the game. 2010-2017 1
NIDS egambit is the awarded product that can monitor and improve your IT Security against complex threats like cyber-spy or cyber-sabotage activities. This solution is realized by TEHTRIS company in FRANCE. It is fully designed and developed near Bordeaux, and Paris as well. Created in 2012, the egambit product has already helped companies in China, Brazil, Middle-East, USA and Europe against internal and external cyber threats. In 3 years egambit has already caught billions of events related to security issues worldwide, thanks to the tremendous skills and motivation of expert Consultants working on the project with a real Ethical Hacking spirit. 100% of the source code is within TEHTRIS hands, and it was designed with extended security features. egambit is your defensive cyber-weapon system. 2
Quick overview of egambit s features Let s have a global overview about this defensive cyberweapon system. If you need more information, please check other detailed documents. 3
Global Architecture oeasy to deploy Simply add one or more egambit appliances on each area you need to protect Cloud, Datacenter, Plant/Mill, Office network, etc. Then egambit will monitor and protect these infrastructures against cyber threats oeasy to use All your egambit appliances will be linked through a secure infrastructure allowing remote and local analysis of the security issues Follow bounces of intruders, detect cyber-spy operations, reject offensive insiders... egambit Site [N] of Customer [X] egambit Site [N+1] of Customer [X] Dedicated infrastructure for Customer [X] Internet TEHTRIS Cloud egambit Cloud with certified hosting - PCI-DSS Level 1 - ISO27001:2005 - SOC1 Type II / SSAR16 ISAE3402 - SOC2 Type II Site [ ] of Customer [X] 4
Powerful Appliances oready to serve oready to fight egambit appliances can fully protect your infrastructure thanks to unlimited signatures, unlimited correlations, unlimited quotas of events, and complete security features egambit appliances are built with the best security methods and technologies with custom kernels and specific security features 5
Know your Assets owhat is deployed? Where is it connected? è Inventory owhat is installed and where? egambit will do passive and active detection of your assets by listening to flows, and by doing requests to specific devices like switches oinventory and Security? Find and follow weird or rogue devices joining your environment: illegal plug of external devices, unwanted walks inside your networks 6
Know your Vulnerabilities ohow secure is your infrastructure? è Audits opassive audit Continuous and safe vulnerability audits by listening to your assets This will detect security issues without launching dialogs or scans against your assets (respectful audits) oactive audit Direct security scans can be used to evaluate the security of your assets Link egambit to an external security assessment product 7
SIEM oegambit proposes a full SIEM Security Information and Event Management ocollect and manage your logs Centralize your logs from any of your sources thanks to agent or agent-less technologies Long-term storage will help Further analysis Log crunching sessions Forensic activities osecurity alerts generated by the egambit correlation engine Unlimited and updated correlation rules will generate security alerts when needed 8
NIDS oegambit proposes a full NIDS Network Intrusion Detection System odetect intrusion attempts / abnormal behaviors Placed at strategic points like infrastructure links, egambit can monitor interesting traffic to and from your devices osignatures Thousands of signatures with daily updates can handle multiple families of threats, like Malwares, Trojans, Exploits, Web attacks 9
Honeypots oegambit proposes a Honeypots features odefeat fingerprinting and offensive tools Create fake assets to detect attackers and low signals linked to security issues owhy egambit? During the beginning of a Chess game, a gambit is a voluntary sacrifice of a pawn, in order to get a strategic advantage With egambit, it s like adding sharp pawns in your IT infrastructure to detect the presence of unwanted activities by deluding attackers and cyber-weapons 10
Endpoint Security oegambit proposes an advanced Endpoint Security agent Enhanced HIPS-like agent [Host-based Intrusion Prevention System] Retaliation and interaction against threats Handle attackers and malwares even when your barriers were defeated odeployed on your operating systems, the agents will monitor system activity to detect and prevent intrusion attempts or abnormal behaviors othis can handle multiple families of threats Malwares, Advanced Persistent Threats, Trojans 11
Forensics ohow to handle security incidents and follow the real threats worldwide? othanks to public and private services, egambit Forensics features will help at analyzing advanced threats targeting your environment odepending on the threats, you have many layers of actions Advanced logs analysis Network and system forensics Specific sandboxing activities Reverse engineering Remote offline forensics analysis 12
Threat Intelligence othreat Intelligence Database Centralization of millions of threats shared through egambit engines oour consultants continuously follow real security threats and deliver regular updates that are linked to offensive threats Advanced Persistent Threats (APT), Botnets Compromised boxes Links to infected sites 13
Artificial Intelligence owhen signatures technologies are unable to recognize unknown patterns and hebaviors, you definitely need new technologies oegambit includes Artificial Intelligence engine based on deep learning in order to detect unknown attacks Unknown backdoors Unknown malwares 14
TEHTRIX otehtrix is the internal Linux distribution used to host egambit services Ensures a high security level Hardened Kernel Customized kernel with improved security parameters and features at the lowest level Full Security 100% network flows ciphered 100% files and data ciphered 100% permissions audited RBAC Security policies with local hardening and privileges separation FDE Hardened Full Disk Encryption with specific features e.g. All your logs / alerts are ciphered Network Security VPN: Global external infrastructure of management Firewalls: Home-based Anti-DDOS technologies 15
Let s adopt egambit 16