Don’t wait for a hack or ransomware attack to decide how to increase the security level of your corporate network. It was this recommendation that prompted Allinvest to implement the changes that we will tell you about.
Special needs according to professions
The financial company Allinvest, located in the 8th arrondissement of Paris, employs about 80 people. He claims to be the number one spokesperson for the Euronext markets in Paris, Brussels and Amsterdam. The company recently decided to test the reliability of its new network infrastructure, which consists of several independent subnets.
This “holding” company, headed by Marc-Antoine Guillen and managed by Jean-Emmanuel Vernet, is indeed organized around three legally independent entities, but operates synergistically. It supports entrepreneurs, managers or shareholders at all stages of their business development, including the management of their assets, by bringing together various financial and industry knowledge.
Due to the regulation of the sector (see AMF), the professions carried out here must be separated: “corporate finance”, intermediation, private management and asset management and “crowd equivalent”. This is a condition that must be met in order to offer a global offer of financial advice to entrepreneurs and their shareholders.
A few months ago, as part of its IT system upgrade, the group redesigned and deployed a new Wi-Fi infrastructure for its employees as well as visitors.
“In order to improve internal mobility for our employees with the ability to access Wi-Fi data and enhance guest Wi-Fi access with an authorized portal for our customers, our technical choice was for solutions equipped with the latest Wi-Fi. 6 (802.11ax): Ruckus R550 access point,” explains Olivier Clement, CIO of the company.
“Previously, we used Wi-Fi access with a standard security standard that only allowed access to the Internet. »
After these transformations, AllInvest considered it important to contact an independent cybersecurity expert to entrust him with the audit of the new infrastructure. The task was to check the quality, safety levels and compliance with regulations.
“We wanted to make sure that the new infrastructure does not create cyber risks. This item is strategic for our activities,” specifies DSI.
The choice fell on BlueTrusty, a subsidiary of the ITS Groupe based in Boulogne-Billancourt, “due to its experience, the quality of its offer and its ability to carry out a full audit”.
The audit made it possible to identify several shortcomings and promptly begin concrete actions to eliminate them. A special team was mobilized for two weeks – on site and remotely.
Penetration tests were conducted on various AllInvest Wi-Fi networks using common or open source tools well known to cyber experts such as Wifite or AirCrack-NG using NVidia Tesla cards.
This included verifying the strength of passwords and WEP or WPA keys. When using, for example, a Raspberry type box, these tests can take several days or even several weeks.
Need to “implement continuous review processes”
The company also measured the separation between networks and the possible exit of the signal outside the buildings (checking the coverage area). All recommendations of the national agency Anssi are taken into account.
“From a cybersecurity management point of view, the priority is not the purchase of this or that product or solution, but the implementation of continuous verification processes. It is also necessary to raise awareness, educate and inform the staff,” emphasizes Stefan Reitan, director of BlueTrusty.
For his part, Olivier Clement summarizes the accomplishments as follows: “The BlueTrusty team has allowed us to evaluate the performance of our new Wi-Fi infrastructure and take concrete measures to ensure our environment is as secure as possible and best practices are integrated. They position themselves as a strategic partner bringing together technical expertise, support, education, interpersonal skills and goodwill. »