1 of 22

An often overlooked asset:�Collaborative Testbench

Cybersecurity Testbench Framework (CTF)

David Faure, Eric Jouenne, Charles Robinson

Thales Research & technology

RESEARCH AND INNOVATION SYMPOSIUM FOR EUROPEAN SECURITY AND DEFENSE 2023 | MAY 29^TH – MAY 31^ST | RODES, GREECE

2 of 22

AGENDA

TRT’s Cybersecurity testbench Framework (CTF)

Cybersecurity testbench in nutshell
CTF « technical Functions »
CTF Tooling Extract
CTF Infrastructure Summary

CTF inside funded Collaborative Projects

CAESAR – FUI 25
PRAETORIAN – H2020

Conclusion

3 of 22

AN OFTEN OVERLOOKED ASSET:�COLLABORATIVE TESTBENCH��CYBERSECURITY TESBENCH FRAMEWORK (CTF)

David Faure, Eric Jouenne, Charles Robinson

Thales Research & technology

4 of 22

CYBERSECURITY TESTBENCH IN NUTSHELL

Analytics

Monitoring

Data capture

Storage Infrastructure

Logging

Injection :

«Noise» :

Network, Host, User
Real, Gen., Hybrid

Attack :

Hand-crafted
BAS
Malicious Traffic gen.
Malwares

NW & Sys Infrastructure

Infrastructure

Cyber/Injection

Analytics

5 of 22

CTF TECHNICAL FUNCTIONS TAXONOMY

Infrastructure

Cyber/Injection

Analytics

UNIFIED THREAT

MANAGERS

INTRUSION

DETECTION

SYSTEMS

FORENSICS

/

REVERSE

ATTACK

TOOLS

NETWORK / HOST / USER

SIMULATION & GENERATION

ANTI-VIRUS

VULN. MANAGEMENT

PLATFORM/ASSETS MONITORING

INFRASTRUCTURE (hypervisors, operating systems, switches, hardware)

6 of 22

CTF TOOLING EXTRACT

Infrastructure

Cyber/Injection

Analytics

A comprehensive set of tools

+

Un versatile and consistent architecture

= a cyber test framework

It is not mandatory to use all the tools but they are all usefull

/////////////////////////////////////////

Cisco : Multiple technologies

IPS

Anti Malware (endpoint and flows)

Firewall NextGen

SandBox

Fortinet : Multiple technologies

IPS

Anti Malware (endpoint and flows)

Firewall NextGen

SandBox

Splunk : Log management

MITRE Caldera = agent simulant une prise de contrôle après exploit (bas gauche) et simulation utilisateur (au milieu)

Bloodhound = Chemins d’attaque dans les AD

Cuckoo : SandBox Open source

IRMA : Meta Anti Virus, like Virus total, Open source

Suricata : IPS, Open source (embadded in french sovereign probe)

TippingPoint : IPS from Trend Micro

Autopsy : 1 outil forensics (gestion image disque)

SIFT : une distrib du SANS institute qui contient plein d’outils pour le forensics

7 of 22

CTF: INFRASTRUCTURE SUMMARY

Dedicated (out of Thales NW) Internet Connection: 1G

VPN Connection Available For Remote Access

30+ servers,10 ESXi, 328 vcpus, memory 3To, 100To storage

50+ software applications

A Real Secure Information System for Laboratory Needs (IDS, FW, WAF, AV, Sandbox, SIEM-like)

Application Hosting Capability (VM, Appliance and Host-Based)

Application Internet Exposure Capability (VM, Appliance and Host-Based)

8 of 22

THE CAESAR PROJECT��CYBERSECURITY TESBENCH FRAMEWORK (CTF)

David Faure, Eric Jouenne, Charles Robinson

Thales Research & technology

9 of 22

CAESAR : SECURITY TECHNOLOGIES – APPLICATION IN THE CYBER BANKING DOMAIN

The CAESAR project aims to bring an innovative touch to malware detection within the banking system.
A partnership with the following entities has been formed:

AMOSSYS accompanies its clients in securing and defending their computer systems..
Thales Research & Technology is a branch of the company Thales which brings its expertise in Cyber Security.
Cyber Test Systems provides solutions for Network Traffic Generator (CTS-NTG).
The CEA is a national multidisciplinary applied research organization.
Gatewatcher SAS is the producer of the intrusion detection platform of the same name.
BNP Paribas is a European financial services group.

French national project

9

10 of 22

CAESAR PROJECT CHALLENGES

10

Malware integrates banking practices to bypass current countermeasures

Security software (antivirus, firewall) can be sources of vulnerability

Vulnerability as a result of testing is not acceptable for this sector

Enable the probe to detect hybrid malware, and future malware

Improve the existing tools for testing the vulnerability of this software

Set up a structure to test innovations without risk

CAESAR

Increase Probe Accuracy with Machine Learning

Increase the security level of third-party software

Develop a test bench dedicated to Fintech

Situation

Challenges to resolve

Objectives of the project

11 of 22

COLLABORATIVE WORKBENCH - ARCHITECTURE

11

12 of 22

COLLABORATIVE WORKBENCH - FIGURES

12

Hosted in TRT Palaiseau premises.
24/7 SSL-VPN Connection for all partners.
Architecture composed of 4 networks.

R&D –functional testing
QA – Integration and overall developments validation
PoC (Proof of Concept) – Close to actual environment demonstration.
Services – hosts all required infrastructure (DNS, NTP, VPN, SSH, …) and collaborative (CHAT, JIRA, AD-DC, Wiki, … ) services

Composed of

Four esxi servers
Two 40G - CTS-NTG traffic generators
One GW Probes
Four Firewalls, four 40G switches

13 of 22

THE PRAETORIAN PROJECT��CYBERSECURITY TESBENCH FRAMEWORK (CTF)

David Faure, Eric Jouenne, Charles Robinson

Thales Research & technology

14 of 22

PRAETORIAN AT A GLANCE (1/2)

Coordinator: EDF

23 partners from 7 EU countries
3 pilot sites in 4 EU states

Total budget: 9,04 M€
Total funding: 7,58 M€

Start date: 01/06/2021
End date: 30/09/2023

14

8 CI operators
3 first responders

15 of 22

PRAETORIAN AT A GLANCE (2/2)

15

16 of 22

PRAETORIAN COLLABORATIVE CYBERSECURITY TESTBENCH

16

1 esxi server (full)

~30 VMs

~500 Go RAM

~7To disk space

4 Fws

…

17 of 22

PRAETORIAN COLLABORATIVE CYBERSECURITY TESTBENCH: DIGITAL TWINS

17

18 of 22

PRAETORIAN COLLABORATIVE CYBERSECURITY TESTBENCH: TESTING ENV.

18

19 of 22

PRAETORIAN CYBERSECURITY TESTBENCH: BUILD & RUN

19

Hosted, build and managed by TRT

Hosted, build and managed by EDF

Hosted, build by TRT

Managed by KONCAR from Croatia

20 of 22

CONCLUSION

A Cybersecurity testbench is most of the time A Testing Env. AND A Digital Twin Hosting Env.
A Collaborative Cybersecurity testbench requires:

Remote Secured Access (SSL-VPN, IPSEC, …)
As much as possible 24/7 availability (except maintenance downtime …)
From everywhere .

The value is in its toolset and human expertise

Toolset swiss knive approach
In addition to TRT’s contribution, outside expertise is welcome

TRT’s CTF is all of these plus:

Multi-tenant capability
Uses cases ranging from prêt-à-porter to haute couture

21 of 22

Contact points for supplementary explanation or future collaboration:

eric.jouenne@thalesgroup.com

david.faure@thalesgroup.com

RESEARCH AND INNOVATION SYMPOSIUM FOR EUROPEAN SECURITY AND DEFENSE 2023 | MAY 29^TH – MAY 31^ST | RODES, GREECE

THANK YOU FOR YOUR ATTENTION

22 of 22

ACKNOWLEDGEMENT

The project PRAETORIAN is partially funded by the European Union's Horizon 2020 research and innovation programme under grant agreement No 101021274.