Interview with Lëtzebuerger Gemengen,translation  by  itrust  consulting. While the NIS2 Directive requires European organisations to achieve a significantly higher level of maturity in terms of security monitoring, SMEs face a disproportionate challenge: meeting detection, remediation and documentation requirements while operating with limited resources. In this context, itrust Abstractions Lab and itrust consulting are introducing an open technology stack based on two complementary systems developed as part of the CyFORT project: IDPS-ESCAPE (Intrusion Detection and Prevention System – Enhanced Security through a Cooperative Anomaly Prediction Engine), dedicated to intrusion detection and prevention, and SATRAP-DL (Semi-Automated Threat Reconnaissance and Analysis Powered by Description Logics), focused on cyber threat intelligence (CTI), contextualisation, correlation and incident management. The three key subsystems — SONAR and RADAR for IDPS-ESCAPE, DECIPHER for SATRAP-DL — form a continuous chain from collection to analysis, from CTI enrichment to remediation, to the creation of structured cases in the open source flowintel platform, which offers tight and robust integration with the MISP ecosystem developed by CIRCL in Luxembourg, among others. This philosophy extends the one that guided the creation of IDPS-ESCAPE and SATRAP-DL: to provide free, transparent and auditable solutions to help organisations comply more easily with NIS2 obligations at low implementation costs and promoting internal control. “IDPS-ESCAPE & SATRAP-DL complete the SOAR mission while strengthening NIS2 compliance.” A dual architecture to meet all NIS2 requirements IDPS-ESCAPE was initially designed as a platform combining sensors, an AI engine and automation to reduce false positives and help critical and important entities fulfil their continuous monitoring obligations. SATRAP-DL now complements this suite by adding an essential dimension: structured analysis of cybersecurity threats, comprehensive incident handling, and the ability to automatically link detection to an institutionalised, documented response that complies with regulatory expectations. In practice, IDPS-ESCAPE provides technical monitoring and active response, i.e. the ability to identify, classify and prioritise anomalies using rules, statistical models and multivariate algorithms, as well as activate defensive actions. SATRAP-DL, with DECIPHER, provides the management layer, i.e. enrichment, advanced CTI analysis, case creation, correlation, escalation and documentation. This separation provides organisations with greater clarity: IDPS-ESCAPE deals with ‘what is happening’, while SATRAP-DL deals with ‘what is being done about it’. Together, they meet both the detection and incident management requirements of NIS2. RADAR: SOAR execution within IDPS-ESCAPE   RADAR is the executive component of IDPS ESCAPE, transforming alerts into real action. It is based on SOAR principles: orchestrate, automate… Read more »

Abstractions Lab announces the release of IDPS-ESCAPE v0.6, now available on GitHub. This release continues the evolution initiated with the introduction of the RADAR subsystem in v0.4, and significantly strengthens IDPS-ESCAPE’s position as an open, modular, and research-driven SOAR (Security Orchestration, Automation, and Response) platform. Following the functional expansion delivered throughout the v0.5 series, v0.6 focuses on consolidation, robustness, and maintainability. The release enhances RADAR’s operational scenarios, improves transparency through detailed documentation, and refactors the automation layer to support long-term evolution and reproducibility. The current scenario set includes signature-based detection for suspicious login and GeoIP-based whitelist-based detection and an anomaly-detection scenario using RRCF for monitoring log volume change. Click here to read the whole article

The CNIL¹ has published a study entitled ‘What are the economic benefits of having a DPO in a company?’, which shows that appointing a Data Protection Officer (DPO) offers companies more than just compliance and legal protection; it also provides them with a valuable economic resource. Here is an overview of the main benefits identified by the study: Competitive advantage: GDPR compliance reassures customers and increases the chances of winning bids. Reduced risk of penalties: the DPO prevents data breaches and safeguards the company’s reputation. Fewer data leaks: its action enhances security and reduces the impact of cyberattacks. More efficient data management: less unnecessary storage, reduced costs, and better internal organization. A profitable investment: companies that view compliance as a lever reap measurable benefits. You can find the entire CNIL study in original French language here:https://www.cnil.fr/fr/quels-benefices-economiques-du-dpo-en-entreprise [1] Commission Nationale de l’Informatique et des Libertés, is the French Data Protection Authority.

Risk-aware Anomaly Detection-based Automated Response The IDPS-ESCAPE team is excited to announce a major update to the RADAR subsystem, delivering new SOAR capabilities for automated threat detection and response in modern Security Operations Centers (SOCs). Click here to read the whole article

itrust consulting is pleased to announce the launch of Whistleblowing as a Service. WBaaS ensures a way to report violations of the law within a company without repercussions for the employee, ensuring conformity to the law of 16 May 2023, concerning companies with over 50 employees and communes with over 10 000 inhabitants. The service includes the setup of an internal channel, and our expert will review any reports made via the platform to verify the appropriate anonymization and clarity of the information provided. Only authorized and mandated people of the targeted organization get access to the report. It is possible to make a report via phone call or in a meeting, but the easiest method is to file it on the platform, which guarantees the highest security standards.  For more information, click here.