The basic principles that should guide those who are called upon to create a computer, information or industrial network, or to secure a pre-existing one, are the ZERO TRUST and the MICRO SEGMENTATION of the network regardless of its size.
The ZERO TRUST principle applies not only to the individuals in charge, at whatever level of security, but also and above all in the choice and use of the security equipment that will be used to protect the network.
Thus, one must avoid settling for a simple application to be deployed in a replacement server or purchased for the cause without knowing all its characteristics and its suitability for the needs of the application if one wants to avoid the risk of perpetuating a pre-existing contamination or malfunctioning of the program.
It is also important to avoid, as far as possible, the intervention of a third party when using the network's functions. I am thinking here of the Cloud, whose negative points and associated risks are well known, or of online file-sharing systems offered by companies outside the network.
The principle of MICRO SEGMENTATION is intended to limit the damage in the event that an attacker manages to get a virus into the network. By adhering to this principle when designing the network security architecture, if an attack is successful, it will only affect the segment of the network that it has successfully penetrated.
This principle means that connections between computers on the same network should be avoided and direct, unprotected access between users and servers should be avoided.
Above all, you should not trust hyper-converged systems that deliver everything in one program, including your computer security. We all remember the SolarWinds disaster.
In industrial or information networks of large entities, departments should be separated and access to departmental servers should be restricted to those who need them.
With this in mind and applying these basic principles of perfect cyber security, PT SYDECO has created ARCHANGEL, an
INTEGRATED SYSTEM OF DEFENCE AGAINST CYBER ATTACKS.
Hackers must penetrate a system and introduce a virus or worm of their choice, whether it is a Trojan horse such as EMOTET which is a Trojan-Dropper injector whose objective is to install other malicious objects or any other Ransomware, such as MAZE, SODINOKIBI, REvil, CLAP, NEMTY... to name but a few, most of which use the double extortion system, if they want to steal data, encrypt it to obtain a ransom or simply to cause harm.
There are at least 7 ways to do this, almost all of which require action on the part of the victim.
By far the most common method is social engineering. It includes phishing (spearfishing, smishing, vishing...) and the game is usually to manipulate vulnerable targets into one of three types of behaviour: clicking on a fraudulent link, opening a malicious attachment or entering data into a booby-trapped input field, such as a fake login page on (what appears to be) a corporate website.
Methods that involve manipulation of the victim include phishing and social engineering, infection via a compromised website, exploit kits that provide custom malware, infected files and application downloads, and email applications as infection vectors.
On the other hand, victim intervention is not necessary when cybercriminals use brute force such as RDP (Remote Desktop Protocol) or malicious advertising and browser intrusion of common advertisements on websites where they can insert malicious code that will download the ransomware as soon as an advertisement appears.
In all cases, the user's e-mail is the company's entry point.
The best way to protect a computer system is to know the means used by attackers to achieve their goals.
This is what PT SYDECO researchers have done to create the ARCHANGEL integrated protection system.
Of course, user education is necessary, even indispensable, but since mistakes are human, even the best network administrator is not immune to an inadvertent mistake.
It is also essential to block or at least reduce access within a company to the sites that are most used by hackers, such as Facebook, WhatsApp, Amazon, Apple and Netflix, which, according to Kaspersky Security Network (KSN), were the subject of 4.5 million, 3.7 million, 3.3 million, 3.1 million and 2.7 million phishing attempts respectively in the period from April to September 2020.
In these conditions, it was necessary to create a system that protects a network against threats (which can be a cyber attack as well as the intervention of a man in the middle) coming from the outside world (Internet) but also against those coming from the network itself through the voluntary or involuntary fault of one of its users, whether they work within the company or outside it.
Similarly, it has been found that protection provided by a simple program that a user would install in a server or PC that he/she owns or acquires, offers no guarantee of security, as the host device may contain a backdoor or be already contaminated or affected by a rootkit. This is why the ARCHANGEL integrated protection system is installed in hardware created and supplied by PT SYDECO.
- Can autonomously block code execution from phishing attacks - whether that is a malicious attachment or fileless malware executing in memory.
- Includes, its own operating system and, in addition to 3 firewalls, the third being designed to prevent lateral contamination within the same network, a honey pot, a router with IDS and IPS, 3 intelligent agents.
- But, whereas the function of a firewall is only to block traffic with regard to its signature, thus preventing it from blocking traffic when its signature is encrypted, thus hidden, ARCHANGEL blocks the execution of all programs, whether they are encrypted or not. This is the reason why ARCHANGEL must be installed after a proxi (intermediary between the network and the internet access, usually provided by the internet provider).
- This system, created by PT SYDECO, does not use any keys. It is part of the system because it protects passwords. Indeed, traditional cryptography is based on algorithms, mathematical functions which do not resist more than one second to an attack by a Quantum Computer.
- SST is not based on a mathematical method and is therefore QUANTUM SAFE.
- SST protects the network against brute force attacks.
- If users download SST into their work tools, their data will also be protected by SST.
3. VPN SERVER, integrated in ARCHANGEL
- A VPN server is integrated in the system and is therefore protected by ARCHANGEL.
- It creates as many private tunnels as there are connected devices, whether these devices are end-points, servers that are not connected by cable, smartphones, Iot,... used in the network.
- It is essential that only devices connected by VPN can be used in the computer network protected by ARCHANGEL.
- The systems generally used, such as Google Drive for example, involve a third party who has access to everything that passes through the application. Data confidentiality is not respected.
- Since the SydeCloud server is in the company, no third party intervenes in the transmission of files: the confidentiality of data passing through the system is protected.
- The SydeCloud server itself is protected by ARCHANGEL and SST.
The ARCHANGEL - SST - SydeCloud integrated system ensures total protection of a computer network, whether it is an industrial or information network.
It protects work tools, both hardware and software, against any attack from the outside world or from within the network itself.
It protects the data, its backup and its transmission against any attack from the outside world or from inside the network itself or against any breach of confidentiality.
It protects the proper functioning of the computer network.