Euronext’s Information Security Department Euronext’s information security department is comprised of multiple teams, including its Security Operation Centre (SOC) team and the Assessment and Exploitation Team. While the SOC’s main mission deals with incident response, continuously monitoring and improving the organization’s security posture, it works closely with Assessment and Exploitation Team, which is responsible for running vulnerability and red team assessments.
The SOC is entrusted with the security of all Euronext infrastructure and systems, all Euronext trading services and platforms, as well as all internal users and external users, including but not limited to the stock exchange service itself. The SOC works around the clock 24x7.
Business Challenge
Keeping a vigilant eye out for the latest developments in the cybersecurity market, Jorge Ruão, Head of Security Operations Centre at Euronext, sought better ways to prevent and detect cyber attacks.
The Information Security Department is experienced in developing and running their own homegrown simulations of cyberattacks to test the organization’s security posture vis-à-vis specific threats.
After implementing new technology, deploying a specific security policy or updating the rule engine of a cybersecurity tool, the teams would run simulations of specific attacks to ensure that they could be blocked, or alternatively, be detected and mitigated.
While the practice of running attack simulations is highly effective, building simulations of specific attacks can be a resource-intensive undertaking, depending on the complexity of a malware strain or its associated variants. “This is of special concern if time is critical, for example,” says Ruão, “when you are made aware that a new malware campaign exploiting zero-day vulnerabilities is spreading through the internet and you’ve just deployed mitigation or workaround measures received from your intel services.
Solution
Impressed by Cymulate’s ease of use and ability to repeatedly run the same battery of tests to test the organization’s security posture, Ruão implemented the cyberattack simulation platform, removing the need to build and prepare a manual framework to execute those very same tests. On top of manual penetration testing, red team exercises and vulnerability assessments performed periodically, Cymulate lets Euronext’s Information Security department run frequent security tests in response to a variety of events.
For example, “when there is a new specific threat in the wild (e.g. WannaCry, etc.) Cymulate incorporates the threat’s indicators of compromise (IoCs) very quickly,” comments Ruão, “and you can immediately see how vulnerable you are to that threat without the need to internally develop a simulation to mimic that new threat.”
Similarly, if a security tool suddenly proves to be less effective following a configuration change, its settings can be updated and then thoroughly tested against a barrage of simulated cyber attacks.
Having purchased four Cymulate attack vectors (modules) the year prior, including the Immediate Threat Assessment, Web Gateway, Email and Endpoint modules, Euronext has recently renewed their Cymulate subscription, adding one more module to the mix—the Hopper—which simulates potential lateral movement within the company’s network.
Commenting about the initial integration, Ruão says, “It was very easy and quick to deploy the solution with satisfactory results. No major issues were found during the deployment besides the need to provide the minimum requirements.”
Benefits
Since deploying the solution one year ago, both the SOC and Assessment and Exploitation teams use Cymulate together to find out and understand whether current security controls are in fact blocking threats.
By using Cymulate, Euronext’s Information Security
Department can now:

• Test controls against the latest threats – Imminent attacks detected in the wild are simulated by the platform, enabling up-to-date security assessments.

• Frequently and repeatedly evaluate security controls – New technology, configuration changes, or software/hardware updates can be easily tested to see their impact on the organization.

• Complement homegrown simulations – While highly effective, these are resource-intensive and may not be practical when time is of the essence.

• Prove the value of business decisions – By using Cymulate as a benchmark before deploying new technology, the team can demonstrate the efficacy of new solutions.

• Understand cyber threats’ modus operandi – This includes where in the attack kill chain a potential threat may be successful in circumventing security controls.

• Provide executive and technical-level reporting – With its built-in reports, visibility is provided into how each technology contributes to the organization’s overall security posture.

Since implementing the platform, comments Ruão, “We are very happy with the Cymulate solution and are already looking to expand the functionalities with additional tests.”
To conclude, Ruão says, “I would recommend Cymulate because of its ease of use, it can quickly provide you a window into how vulnerable or how protected your organization is against external threats.”