2. LEADERSHIP
CEO & Co-Founder
Jean-Nicolas Piotrowski
Former BNP Paribas CISO
ITrust, your cybersecurity expert
10 years experience in cybersecurity
35 collaborators and 30 Data Scientists in labs
More than 200 public and private clients
100% growth/year
VP Business
David Ofer
IT Engineer
PhD in Management, HEC
20 years of experience in High tech
business development
CFO & Co-Founder
Henri Piotrowski
Supaéro Engineer, former AIRBUS-ATR CEO
Paris, Toulouse (headquarters), New York,
Colombus, Shanghai (ongoing)
Value proposal
Covers all cybersecurity activities in all sectors
Leading solutions
International
Cybersecurity as a Service
3. Shareholders and financial aid
100% French simplified joint-stock company / 483.352 € share capital / 3,3 M€ owner equity
Private and institutional investors (NewAlpha, Nestadio, Crédit Agricole, Caisse d’Epargne)
Supported by the French state:
Financial aid through BPI and the Deposits and Consignments Fund (reimboursable R&D financing)
Financing through the « Investment for the Future » programme
Partners
Prizes & Associates
ITrust, your cybersecurity expert
4. A company worthy of our attention:
ITrust declares war on hacking
Translation (FR-EN)
of article retrieved from the
<LesEchos.fr> online newspaper &
published by Laurent Marcaillou,
Toulouse, 25.02.2015
“ITrust started its missions in IT security within
Airbus, Toulouse, in 2007. With this expertise, the
young company designed the IKare software, able to
scan an information system in order to detect
potential weaknesses and manage security. Launched
in 2012 , this solution minimizes the duration of an
audit concerning an information system. Its sales
were doubled in 2014 after registering roughly 1,030
new clients.
The enterprise, with only 25 employees, also doubled
its turnover to 1,3 million euro and envisions another
two-fold increase in its turnover for the year 2015.
Among its clients, we will stumble upon giants such
as: Total, Air France, Airbus, Bull [...]”
Articles in press
about ITrust & its solutions
5. ITrust presents an unequaled
software an European Level
“The Toulouse-based enterprise ITrust, specialized
in IT security, is on the verge of unveiling a new, yet
to be seen cybersecurity software.
ITrust’s CEO, Jean‐Nicolas Piotrowski, was present
at the International Cybercrime Forum to present
this exciting innovation.
Q: Why is your new product considered a
breakthrough among existing IT security solutions?
R: We’ve been working on IT-Tude for 7 years now:
it’s a groundbreaking technology that enables
people to detect weak signals hinting at unknown
viruses, otherwise known as APTs (Advanced
Persistent Threats).”
Translation (FR-EN)
of article retrieved from the
<Tribune> online newspaper and
published by Valentin Dohin,
29.01.2015
Articles in press
about ITrust & its solutions
6. A French security solution
on a French cloud
“Developed by the Secure Virtual Cloud
(SVC) consortium, this 3-year project
worth 14 mil. Euro is led by the
Toulouse-based start-up ITrust and nine
other partners, of which we will
mention the IT Research Institute of
Toulouse (IRIT), The System Analysis and
Architecture Laboratory (LAAS) and Bull.
Founded in 2007, ITrust distributes
IKare, a vulnerability management
software proposed in cloud mode for
real-time monitoring, or through
licensing bit by bit. Its interest?[...]”
Translation (FR-EN)
of article retrieved from the
<L’Usine Nouvelle> online
newspaper and published by
Ridha Loukll, 20.09.2012
Articles in press
about ITrust & its solutions
7. Defence & aero
Bank
Health & pharma
Public sector
Insurance & social protection
Transport & logistics
Education Energy &
utilities
Food industry
Client references
More than 100 clients in Europe – 300 000 continuously supervised IPs
8. 15 million stolen credit cards
Target Credit Cards &
Customer Info Hacked (2013)
“US discount retailer Target found 40
million of its customer accounts were
hacked during November 27 and
December 15, 2013.
Across the US, during Black Friday, the
Target stores were targeted and
customer names, credit cards, debit
cards, and CVV values of several
customers were hacked. The retail
major said that other information such
as addresses, PIN, social security
numbers, etc., were not hacked
however. “
Extract from the “Recent Hacking
Incidents Around the World“ article
retrieved from the <MapsOfWorld>
online newspaper , published
01.09.2014
9. Authorities suspect perpetrator
is based in the United States
“According to the LaTribune.fr, The National
Information System Security Agency (ANSSI)
launched an investigation in order to establish
whether or not Airbus Helicopters fell victim to a
hacking incident that might be linked to an
important call for tenders in Poland. The online
newspaper quotes relevant sources when
indicating that the perpetrator is most likely
based in the United States. The American
companies Sikorsky and Boeing are at the present
moment involved in a full-blown commercial
battle on Polish territory with the European
manufacturer. [...]”
Translation (FR-EN) of article
retrieved from the <L’Usine
Digitale> online newspaper and
published by Julien Bonnet,
13.11.2014
Airbus Helicopters, victim
of a cyber-attack
10. Biggest heist of the century
hits the banking sector
“A band of Russian, Ukrainian and Chinese
criminals discovered a way to hack into
several banking institutions by infiltrating
their networks. The losses recorded after
the attacks, which were launched in 2013
and continue to this day, amount to a
billion euro.
We are potentially witnessing the biggest
heist of the century. The Russian
Cybersecurity Expert, Kaspersky, released
Monday a report revealing that, since
2013, over a hundred banks had been
hacked by 2.0 thieves.”
Translation (FR-EN)
of article retrieved from the
<FranceSoir.fr> online newspaper
and published 16.02.2015
Banks: more than a billion dollars
stolen by hackers
11. Sony Pictures Hack:
Co-chairmain Amy Pascal resigns
“Amy Pascal, Co-chairman of Sony Pictures,
finally announced her resignation.
The group was hacked at the end of
November and the attackers leaked some
of Mrs. Pascal’s emails, containing racist
content directed towards President Barack
Obama.
Having tarnished the studio’s reputation,
the scandal quickly reached international
proportions. In other words, the Co-
chairman’s departure was to be expected.”
Translation (FR-EN)
of article retrieved from the
<LePoint> online newspaper and
published 05.02.2015
Hacking & its human consequences
12. Cybersecurity Solution Provider
Expertise – Products – Security Operations Center
EXPERTISE
Expertise
Consulting
Pentest
Darknet
Training
This is the core business of ITrust.
Our Security Consultants test the
resistance of your architecture, be
it externally or internally, and
accompany you in order to help
you secure your computer network
in the long term.
SOLUTIONS
vulnerability scanner
behavioral analytics
framework & AI
Our engineers are constantly
developing new tools to facilitate
the management, analysis and
understanding of vulnerabilities
and cyber attacks.
SOC as a Service
Managed and/or
SaaS and/or
OEM and/or
On Premise and/or
ITrust manages the entire security
process of companies that wish to
outsource their cybersecurity.
Our Security Operations Center
integrates advanced reporting and is
based on our two leading products.
14. The implementation of IKare can lead to a 90% reduction of
vulnerabilities on the network it is deployed on. 90% is also
the rate of success of our penetration tests (auditing)
performed at our clients. IKare allows the identification and
correction of their security flaws.
TOP 10 uncovered Covered
security flaws by IKare
“Wordy” systems
Weak passwords
Permissions and access rights
Inter-domain trust
Databases
with default passwords
“Wordy” DNS serves
Sharing confidential files
Poorly configured
protocols
Abandoned development
servers
Non-rectified known vulnerabilities
Vulnerability coverage rate of the
top 10 vulnerability by technology type:
99% of security flaws
could be easily rectified...
…but these issues cannot be addressed by an antivirus & firewalls!
15. IKare –
Positioning
Automated Vulnerability & Security Audit tool
Values Accessible and intuitive
Simple and modern
Tailored reporting to management
Best practices
The fruit of the cybersecurity experience of our consultants
Why? ALM : Up-to-date systems
IT : Supervision and Dashboard
DG : Risk Assesment - legal
Use Virtual machine or server in your information system
Cloud mode: from ITrust servers
Ready to deploy and operational in a few minutes
Deployement No agents needed for installation
Automated network discovery
Ready to integrate in the information system
Assets French Cloud (not restricted by the Patriot Act)
Service and proximity
R&D with LaaS, IRIT and TSoE
IKare Vulnerability Management
Product positioning
16. • Vulnerability audit in real-time
• Proactive security issues identification
• Infrastructure and applications automated discovery
• Correlation and supervision
Vulnerability detection becomes more reliable. These engines limit the number of false positives and allow
the detection of abnormal behaviors.
• Responsibility area determination
• Security alerts
• Virtual groups ensuring decision-making concerning security
• Trending, security evolution in time
• Business unit management
IKare functions
19. “The next Pearl Harbor we might be
confronted with could very well be a
cyber attack”
– Leon Panetta, US Secretary of Defense
& former CIA Director (August 2011
Senate Hearing)
Behavioral analysis
can boost cybersecurity
“Behavioral analysis is the most
plausible solution for unknown viruses”
– NSA Director , 2012
22. • Protects your infrastructures against APTs, viruses & unknown attacks
• Detects malicious behaviors within your information system
• Identifies weak signals in order to anticipate performance problems,
but is also capable of identifying stealth attacks
• Avoids data extraction
• Avoids resource depletion within your information system
Reveelium
Anomaly Detection Platform
23. Reveelium is a complete anomaly detection and prevention platform:
It relies on your existing infrastructures (« Plug and play »);
Automatically detects, analyses and prioritizes anomalies, grading them according to their
potential risk;
Predicts performance or security issues with the use of machine
learning technologies.
Reveelium
Product principle
24. 1. A weak signal analysis
built on our research and partnerships with mathematical laboratories.
2. A logical correlator
built on the experience of our engineers and security consultants.
3. A shared knowledge base
Reveelium is a unique combination of 3 scanning engines:
An innovating 3D-technology
25. • What is an anomaly?
– Weird condition/nonsensical sample/deviation from the norm
– Data inconsistency not matching with any normal behavior
(either observed or learned)
• How do we detect it?
– By using Machine Learning technologies
– By building profiles of normal behaviors
– By identifying deviations from the norm
Anomaly detection
26. Machine learning
Huge data volumes learning
Normal behaviors learning with a minimum of human interaction
& Statistical and preventive analysis
Validating learning
Identifying nonsensical / missing samples
Identifying seasonalities
Identifying abnormal behaviors
Reveelium engines
is not a new concept, but Reveelium repurposes it in the
scope of automatic learning applied to supervised systems.
27. Learning VS correlation…
… why not use both,
for better qualified results:
• Eliminating false positives
• Correlating external data sources
in order to fine-tune the decision-making process
• System expert
Post-treatment results
31. Plugin SIEM or through application
VM Standalone
External VM SaaS or on the premises
Covers the entire supervision platform: logging, log correlation, alert correlation
POC Model
Similar to a plugin for enterprise applications, journals, XML
data, meant to search for professional anomalies and all
abnormal behaviors alike (AS, IAM, Messaging…)
Plug and play on a supervision platform
No need to be a security consultant or Data Scientist!
can be delivered through
private or public cloud by
Saas or OnPremise
Delivery models
32. • Risk management policies
• Justifying the existence of a cyber attack
• Ability to assess proof for a filed complaint
• Security level history up until the moment of the attack
• Legal investigation – forensic computing
• Cyber-insurance
• Limited criminal risk
• Pro-active defense process
Legal outlook
33. Thank you
Contact
ITrust Headquarters
55 Avenue l’Occitane, BP 67303
31673 Labege Cedex
Telephone: +33 (0)5 67 34 67 80
Email: sales@itrust.fr
International Office:
24 rue Firmin Gillot
75015 Paris
www.itrust.fr/en
www.ikare-monitoring.com
www.reveelium.com/en